2 - Security Policy and Registry

Question 1

What are Windows Security Policies?

(Definition)

Answer 1

Windows Security Policies are a set of configurations that can be applied on desktops to enhance security.

Question 2

What do Windows Security Policies determine?

Answer 2

Security policies determine the various security restrictions that can be imposed on the users in a network.

Question 3

Where can the security settings for Active Desktop, Computer, Control Panel, Explorer, Internet Explorer, Network, and System categories be defined?

Answer 3

The above policies can be defined using Security Policies Configuration

Question 4

Name the three categories of keys that exist in the Windows registry.

Answer 4

The three types / categories of keys in the Window Registry are:

1. Root Keys
2. Subkeys
3. Value entries

Question 5

How many Root keys are there?

Hint: answer is a number

Answer 5

5

Question 6

What is another name for Root keys?

Answer 6

High Level keys

Question 7

Each root key contains one or more subkeys.

[True / False]

Answer 7

True

Question 8

Subkeys can have their own subkeys.

[True / False]

Answer 8

True

Question 9

Value entries contain what three pieces of information?

Answer 9

1. Name
2. Data Type
3. Value

Question 10

Name the 5 main Root keys.

Answer 10

1. HKCR - HKEY_CLASSES_ROOT - Associates filename extensions (such as .doc and .exe) with the actions Windows is supposed to take when, for example, you double-click a file.
2. HKCU - HKEY_CURRENT_USER - Controls many settings for the currently logged-on user, from the user’s name to his or her desktop background.
3. HKLM - HKEY_LOCAL_MACHINE - Thousands of settings that apply to all users, no matter who is logged on to the PC at any given moment.
4. HKU - HKEY_USERS - A collection of all the HKCU entries for everyone who has ever logged on to the PC.
5. HKCC - HKEY_CURRENT_CONFIG - A tiny key that describes the current hardware configuration and a few basic system settings.

Question 11

How many subkeys does HKLM have?

Answer 11

6

Question 12

Name the 6 HKLM subkeys

Answer 12

1. SAM
2. SECURITY
3. SYSTEM
4. SOFTWARE
5. HARDWARE
6. BCD

Question 13

Describe the HKLM SAM subkey.

Answer 13

SAM – This subkey appears empty to most users. It is used with the security and accounts management databases.

Question 14

Describe the HKLM SECURITY subkey.

Answer 14

SECURITY – This is more security-related information that appears blank to most users.

Question 15

Describe the HKLM SYSTEM subkey.

Answer 15

SYSTEM – This information is created by users with administrative privileges. It includes the Windows settings, file system information, and critical hardware configurations as well as other information needed to run the core system.

Question 16

Describe the HKLM SOFTWARE subkey.

Answer 16

SOFTWARE – This area is used by both Windows and application programs to store critical configuration settings.

Question 17

Describe the HKLM HARDWARE subkey.

Answer 17

HARDWARE – This subkey contains relevant information on all connected plug-and-play devices.

Question 18

Describe the HKLM BCD subkey.

Answer 18

BCD – This subkey stores, the boot configuration data.

Question 19

In the Windows Registry, some values are in plain text and readable, and some are in binary.

[True / False]

Answer 19

True

Question 20

Provide a description of the String Values found in the Windows registry.

Answer 20

String values are indicated by a small red icon with the letters “ab” on them. These are the most commonly used values in the registry, and also the most human-readable.

Question 21

How is a multi-string value different from a String Value?

(Windows Registry)

Answer 21

A multi-string value is similar to a string value, with the only difference being that they can contain a list of values instead of just one line.

Question 22

Not all multi-string values have more than one entry.

[True / False]

Answer 22

True

Note: Not all multi-string values have more than one entry. Some function the exact same way as single string values, but have the additional space for more entries if they need it.

Question 23

How is an Expandable String Value different from a String Value?

(Windows Registry)

Answer 23

An expandable string value is just like the string value from above, except that they contain variables. When these types of registry values are called upon by Windows or other programs, their values are expanded out to what the variable defines.

Question 24

Most expandable string values are easily identified in Registry Editor because their values contain % signs.

[True / False]

Answer 24

True

Question 25

What is the TMP expandable string value?

Answer 25

%USERPROFILE%\AppData\Local\Temp

Question 26

What is a benefit to a registry value like the following:

%USERPROFILE%\AppData\Local\Temp

Answer 26

The benefit to this type of registry value is that the data doesn’t need to contain the username of the user because it uses the %USERPROFILE% variable.

Question 27

Provide a description of the Binary Values found in the Windows registry.

Answer 27

As the name suggests, these types of registry values are written in binary.

Question 28

What color are Binary Value icons in the Registry error?

Answer 28

Binary value icons in Registry Editor are blue with ones and zeros.

Question 29

How many bits are in a DWORD?

Answer 29

32-bits

Question 30

How many bits are in a QWORD?

Answer 30

64-bits

Question 31

DWORD and QWORD values can be expressed in either decimal or hexadecimal format.

[True / False]

Answer 31

True

Question 32

String values are indicated by what icon?

Answer 32

ab