(2)Concepts of Operating Systems

Question 1

What is a great way to secure a system in terms of attack surface?

Answer 1

A great way to secure a system is by reducing its attack surface

Question 2

How can security practitioners reduce the attack surface?

Answer 2

Security practitioners can reduce their attack surface by practicing system hardening

Question 3

What do organizations have to remember about using benchmarks?

Answer 3

They need to be sure that the benchmarks don’t cause parts or all of their system to malfunction as a result of the benchmark implementation.

Question 4

What is the Windows Registry?

Answer 4

The Windows Registry is a database that has operating system settings for programs, services, drivers, and the OS itself.

Question 5

The Windows Registry is a ______ for malicious activity because it is very useful to a bad actor

Answer 5

The Windows Registry is a target for malicious activity because it is very useful to a bad actor

Question 6

Of the five main Windows Registry keys, what is the HKEY_CLASSES_ROOT (HKCR)?

Answer 6

The HKEY_CLASSES_ROOT (HKCR) registry key is relates file type with programs. It has COM object registration information

Question 7

Of the five main Windows Registry keys, what is the HKEY_LOCAL_MACHINE (HKLM)?

Answer 7

The HKEY_LOCAL_MACHINE (HKLM) has information related to the system and includes scheduled tasks and services

Question 8

Of the five main Windows Registry keys, what is the HKEY_USERS (HKU)?

Answer 8

The HKEY_USERS (HKU) provides information about user accounts

Question 9

Of the five main Windows Registry keys, what is the HKEY_CURRENT_USER (HKCU)?

Answer 9

The HKEY_CURRENT_USER (HKCU) has info about the user currently logged in

Question 10

Of the five main Windows Registry keys, what is the HKEY_CURRENT_CONFIG (HKCC)?

Answer 10

The HKEY_CURRENT_CONFIG (HKCC) contains information about the current local hardware profile

Question 11

What does each root key have in the Windows Registry?

Answer 11

The Windows Registry has what are called Registry hives, which are keys and values that are connected with the root keys.

Question 12

In the Windows Registry, what type of data do registry keys contain?

Answer 12

Registry data keys can contain strings, binary data, numeric data and links to other keys. Windows specific component data can also be within these keys.

Question 13

Where is Windows Configuration information normally stored?

Answer 13

Windows Configuration information is normally stored in the Windows Registry, but extra info may be stored in:

C:\ProgramData\ or C:\Program Files\ as well as in the AppData folder of the currently logged in user.

Question 14

Where is Linux configuration information commonly stored?

Answer 14

Linux Configuration information is commonly stored in the /etc/ directory, although additional configuration information can be elsewhere depending on the program or file.

Question 15

Where does macOS normally store configuration information?

Answer 15

macOS often stores information in ~/Library/Preferences

Question 16

In terms of Operating Systems? What are system processes?

Answer 16

System processes are the main processes for an OS

Question 17

What is the core system process for Windows? Where can it be found? What is the process ID?

Answer 17

The core system process for Windows is the NT Kernel, which can be found in C:\Windows\System32\notskrnl.exe, and has a process ID of 4.

Question 18

What is most important to remember about Windows system processes?

Answer 18

Windows system processes are very important parts of the OS, attackers name their attack programs to look similar to real processes in order to hide their bad software, and attackers love to go after these processes to get privileged access to systems.

Question 19

Why does hardware architecture play a role in system security?

Answer 19

Hardware architecture plays a role in system security because malicious software has to be set up to run properly on the hardware that the OS runs on. If it is set up for the x86 instruction set, but the system runs on the Advanced RISC Machine (ARM), then the malware won’t run on them.