02

Question 1

What are the commands used to identify if your on a VM?

Answer 1

ipconfig /all, system info, task list

Question 2

What command identifies the MAC address of a VM?

Answer 2

ipconfig /all

Question 3

How can you tell if a MAC address belongs to an VM?

Answer 3

First Octet has 00

Question 4

What command lets you see the system manufacturer/system model info on a VM?

Answer 4

systeminfo

Question 5

What command will let you see installed NICs ona VM?

Answer 5

systeminfo

Question 6

What command will let you see all the processes on windows?

Answer 6

tasklist

Question 7

Windows _________ is an object-oriented, interactive command environment with script language features

Answer 7

Powershell

Question 8

The __________ cmdlet lets you see all of the parameters and arguments for a particular cmdlet

Answer 8

get-help

Question 9

Required and optional parameters for a particular cmdlet may change depending on the version of PS T/F?

Answer 9

T

Question 10

________ parameters are specified by name with the cmdlet

Answer 10

named

Question 11

___________ lets PS assume the parameter name associated with an argument based on the position of the argument in syntax

Answer 11

positional notation

Question 12

What are common parameters in PS and what do they represent

Answer 12

-name states the name of an object (exp username, cmdlet name, path name)

-computername state the name/IP on whiich to perform the action

-Path state the path of the directory

-examples use with get-help to show syntax examples

Question 13

Parameters can be
__________
__________
_________
________

Answer 13

Required
Optional
Named
Positional notation

Question 14

_________ define additional information associated with a parameter name

What are some common __________?

Answer 14

Arguments

-Path
-Name

Question 15

__________ refers to the process of passing the results of one cmdlet as input into a second cmdlet

Answer 15

piping

Question 16

The ____ cmdlet sends data in two directions simultaneously

What an example of it?

Answer 16

Tee-Object

Tee-Log.txt

Question 17

When using the get-childitem in PS how would I filter only the name and time of creation of the files pulled?

Answer 17

select lets you search for specific parameters

select name, *time

Question 18

_________ gives a complete list of aliased commands and their associated PS cmdlet

Answer 18

Get-Alias

Question 19

________ are packages of PS commands, consisting of cmdlet, functions, variables, and aliases

Answer 19

modules

Question 20

How do you view modules imported in a PS session?

Answer 20

Get-Module

Question 21

__________ queries a computer system for information about the manufacturer and model PS cmdlet

Answer 21

get-wmiobject win32_computersystem

Question 22

What is the new version of get-wmiobject?

Answer 22

get-ciminstance

Question 23

__________ enables a user to gather data and change settings on one or more remote computers using certain PS cmdlets that have a ______________ parameter

Answer 23

PS remoting, -computername

Question 24

What are some cmdlets that include the -computername parameter option?

Answer 24

Restart-computer
Test-connection
Clear-eventlog
Get-WMIObject
Get-HotFix
Get-Service
Get-WinEvent

Question 25

What are the two uses of variables in scripting PS?

Answer 25

store information for later use in a script store information that is a result of a script

Question 26

________ is a way for the OS and its services and applications to record important actions, post status messages, and track security events.

Answer 26

logging

Question 27

_________ contains events logged by Active Directory, enabled when Active Directory is loaded Domain Logs

Answer 27

Directory Service Log

Question 28

________ contains information about replication events including changes to SYSVOL Domain Logs

Answer 28

DFS Replication Log

Question 29

________ available when a machine is configured as a DNS server

Answer 29

DNS server log

Question 30

___________ is the tracking of changes, within computer systems, changes, or events, are tracked in the logs that the system keeps.

Answer 30

Auditing

Question 31

What is the command to enable auditing in cmd?

Answer 31

auditpol

Question 32

______ changes to user rights, windows firewall, group policy, or audit policies (Audit Event)

Answer 32

Policy change

Question 33

_______ When an Object (e.g.,file,folder,etc.) is accessed that has a *SACL (Audit Event)

Answer 33

Object Access

Question 34

________ When a user exercises a user right or privlege (Audit Event)

Answer 34

Privilege Use

Question 35

___________ Program activation, process exit, and indirect object access (Audit Event)

Answer 35

Process tracking (detailed tracking)

Question 36

__________ creation, deletion, or change of user account, group, or any password change (Audit Event)

Answer 36

account management

Question 37

__________ logon attempts, not authentication attempts (Audit Event)

Answer 37

Logon

Question 38

__________ Network-based access to computer and attempts to connect to shares; also known as authentication events (Audit Event)

Answer 38

account logon

Question 39

When a user accesses a directory service (AD) object with a SCAL

Answer 39

Directory Service Access

Question 40

What are the four options for a log when its full?

Answer 40

overwrite events, archive when full, do not overwrite events or clear logs

Question 41

All log configuration is maintinaed in the registry key _____\____\________\Services\Eventlog\

Answer 41

HKLM\SYSTEM\CurrentControlSet

Question 42

_________ Date and time event occurred (Event summary information)

Answer 42

Logged

Question 43

________ logged in user (Event summary information)

Answer 43

User

Question 44

______ name of computer where event occurred (Event summary information)

Answer 44

Computer

Question 45

_________ number that identifies the event type (Event summary information)

Answer 45

Event ID

Question 46

source-component or program

Answer 46

Source

Question 47

_______ classification of the event security

Answer 47

levels

Question 48

_______ describes a significant problem such as failure of a critical task (classification of event security)

Answer 48

Error

Question 49

_______ indicates a possible future problem such as when a disk becomes full (classification of event security)

Answer 49

warning

Question 50

_______ describes successful operation of a task, application, driver, or service (classification of event security)

Answer 50

information

Question 51

_______ indicates a problem has occurred that the system cannot automatically recover from (classification of event security)

Answer 51

critical

Question 52

_________ classification of event, by specific event source subcategory; used by security log. Description provides more amplifying information

Answer 52

Task category

Question 53

_________ may contain a value that identifies the function the application was performing when it raised the event.

Answer 53

Opcode

Question 54

_______ is the Microsoft implementation of centralized logging What are the two advantages?

Answer 54

WEF windows event forwarding keeps backups sends backups to other systems

Question 55

The _________ is the heart and soul of the OS

Answer 55

Windows Registy

Question 56

When is the registry read?

Answer 56

Boot Process Application Start-up User Login

Question 57

The windows registry consists of _____ root keys

Answer 57

5

Question 58

______ - contains a SID sub-key for all loaded user profiles

Answer 58

HKEY_USERS HU

Question 59

______-contains specific information about the hardware, software, and preferences for all users who log into the system

Answer 59

HKEY_LOCAL_MACHINE HLM

Question 60

______ is derived form two keys, is used to associate file types with programs that are used to open them

Answer 60

HKEY_CLASSES_ROOT HCR

Question 61

_______ is derived from HKU\ and contains user profile environment settings of the interactively logged on user

Answer 61

HKEY_CURRENT_USER HKC

Question 62

What are the following levels are associated with the application or system log?

Answer 62

error warning information critical

Question 63

What are the derived keys?

Answer 63

HCC HCR HCU

Question 64

What are the master keys?

Answer 64

HKM HKU

Question 65

HKEY___________________ - This key is derived from a link to HKLM\SYSTEM\CurrentControlSet\Hardware Profiles\Current and is used to establish the current hardware configuration profile

Answer 65

HKEY_CURRENT_CONFIGURATION HCC