2 - Security Policy and Registry Flashcards

1
Q

What are Windows Security Policies?

(Definition)

A

Windows Security Policies are a set of configurations that can be applied on desktops to enhance security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What do Windows Security Policies determine?

A

Security policies determine the various security restrictions that can be imposed on the users in a network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Where can the security settings for Active Desktop, Computer, Control Panel, Explorer, Internet Explorer, Network, and System categories be defined?

A

The above policies can be defined using Security Policies Configuration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Name the three categories of keys that exist in the Windows registry.

A

The three types / categories of keys in the Window Registry are:

  1. Root Keys
  2. Subkeys
  3. Value entries
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How many Root keys are there?

Hint: answer is a number

A

5

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is another name for Root keys?

A

High Level keys

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Each root key contains one or more subkeys.

[True / False]

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Subkeys can have their own subkeys.

[True / False]

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Value entries contain what three pieces of information?

A
  1. Name
  2. Data Type
  3. Value
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Name the 5 main Root keys.

A
  1. HKCR - HKEY_CLASSES_ROOT - Associates filename extensions (such as .doc and .exe) with the actions Windows is supposed to take when, for example, you double-click a file.
  2. HKCU - HKEY_CURRENT_USER - Controls many settings for the currently logged-on user, from the user’s name to his or her desktop background.
  3. HKLM - HKEY_LOCAL_MACHINE - Thousands of settings that apply to all users, no matter who is logged on to the PC at any given moment.
  4. HKU - HKEY_USERS - A collection of all the HKCU entries for everyone who has ever logged on to the PC.
  5. HKCC - HKEY_CURRENT_CONFIG - A tiny key that describes the current hardware configuration and a few basic system settings.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How many subkeys does HKLM have?

A

6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Name the 6 HKLM subkeys

A
  1. SAM
  2. SECURITY
  3. SYSTEM
  4. SOFTWARE
  5. HARDWARE
  6. BCD
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe the HKLM SAM subkey.

A

SAM – This subkey appears empty to most users. It is used with the security and accounts management databases.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Describe the HKLM SECURITY subkey.

A

SECURITY – This is more security-related information that appears blank to most users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Describe the HKLM SYSTEM subkey.

A

SYSTEM – This information is created by users with administrative privileges. It includes the Windows settings, file system information, and critical hardware configurations as well as other information needed to run the core system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Describe the HKLM SOFTWARE subkey.

A

SOFTWARE – This area is used by both Windows and application programs to store critical configuration settings.

17
Q

Describe the HKLM HARDWARE subkey.

A

HARDWARE – This subkey contains relevant information on all connected plug-and-play devices.

18
Q

Describe the HKLM BCD subkey.

A

BCD – This subkey stores, the boot configuration data.

19
Q

In the Windows Registry, some values are in plain text and readable, and some are in binary.

[True / False]

A

True

20
Q

Provide a description of the String Values found in the Windows registry.

A

String values are indicated by a small red icon with the letters “ab” on them. These are the most commonly used values in the registry, and also the most human-readable.

21
Q

How is a multi-string value different from a String Value?

(Windows Registry)

A

A multi-string value is similar to a string value, with the only difference being that they can contain a list of values instead of just one line.

22
Q

Not all multi-string values have more than one entry.

[True / False]

A

True

Note: Not all multi-string values have more than one entry. Some function the exact same way as single string values, but have the additional space for more entries if they need it.

23
Q

How is an Expandable String Value different from a String Value?

(Windows Registry)

A

An expandable string value is just like the string value from above, except that they contain variables. When these types of registry values are called upon by Windows or other programs, their values are expanded out to what the variable defines.

24
Q

Most expandable string values are easily identified in Registry Editor because their values contain % signs.

[True / False]

A

True

25
Q

What is the TMP expandable string value?

A

%USERPROFILE%\AppData\Local\Temp

26
Q

What is a benefit to a registry value like the following:

%USERPROFILE%\AppData\Local\Temp

A

The benefit to this type of registry value is that the data doesn’t need to contain the username of the user because it uses the %USERPROFILE% variable.

27
Q

Provide a description of the Binary Values found in the Windows registry.

A

As the name suggests, these types of registry values are written in binary.

28
Q

What color are Binary Value icons in the Registry error?

A

Binary value icons in Registry Editor are blue with ones and zeros.

29
Q

How many bits are in a DWORD?

A

32-bits

30
Q

How many bits are in a QWORD?

A

64-bits

31
Q

DWORD and QWORD values can be expressed in either decimal or hexadecimal format.

[True / False]

A

True

32
Q

String values are indicated by what icon?

A

ab