Block 1 Windows Flashcards
1
Q
What is the Kernel?
Windows Components
A
heart of the OS providing basic low-level operations suck as schedulinng threads or routing hardware interrupts
Windows Components
2
Q
Explain User mode for Processors
Windows Components
A
Private virtual address space in memory
unprivileged/restricted
Windows Components
3
Q
Explain Kernel mode for Processors
Windows Components
A
Shares the same vitual address space in memory
Privileged/unrestricted
Windows Components
4
Q
What Processor mode makes it possible to overwrite other programs and compromise the entire system?
Windows Components
A
Kernel Mode
Windows Components
5
Q
What are drivers?
Windows Components
A
Software component that enables communication between hardware and the OS
Windows Components
6
Q
What are the Driver Types?
Windows Components
A
User Mode and Kernel
Windows Components
7
Q
Explain the Drivers User mode
Windows Components
A
Interfaces between a Win32 application and kernel-mode driver or other OS components
Windows Components
8
Q
Explain the Drivers Kernel mode
Windows Components
A
Interface with I/O, Plug and play memory, process and thread management, security, etc…
Windows Components
9
Q
Explain Lowest-level drivers
Windows Components
A
Control I/O bus in which the actual hardware device is connected
DOES NOT DEPEND ON LOWER LEVEL DRIVERS
Windows Components
10
Q
Give an example of a Lowest-level driver
Windows Components
A
AGP/PCI hardware bus drivers
Windows Components
11
Q
How are intermediate-level drivers divided?
Windows Components
A
Function, Filter and Software bus Drivers
Windows Components
12
Q
What do intermediate-level drivers and highest-level drivers have in common
Windows Components
A
always depend on lower level drivers for support
Windows Components
13
Q
What are some examples of highest-level drivers
Windows Components
A
NTFS, FAT, CDFS
Windows Components
14
Q
What do filter drivers do?
Windows Components
A
communicates with other filter drivers or function drivers
(basically filters information)
Windows Components
15
Q
What are the three driver categories?
Windows Components
A
Software, Bus, and Device
Windows Components
16
Q
What mode do bus drivers always run in?
Windows Components
A
Kernel mode
Windows Components
17
Q
What mode do software drivers always run in?
Windows Components
A
Kernel mode
Windows Components
18
Q
What mode do Device drivers always run in?
Windows Components
A
Can run in both User and Kernel mode
Windows Components
20
Q
What do software bus drivers do?
Windows Components
A
provides an interface for higher-level drivers to attah to a set of child devices
(the bus drives around children)
Windows Components
20
Q
What do function drivers do?
Windows Components
A
Handles reads/writes to the device and manages device power policy
Windows Components
20
Q
What are the three types of intermediate-level drivers?
Windows Components
A
Function, filter, and software bus
Windows Components
21
Q
What do software bus drivers do?
A
Provides an interface for higher-level drivers to attach to a set of child services
22
Q
What stage is the Master Boot Record read on?
Boot Process
A
The BIOS Phase
Boot Process
23
Q
What is the the Boot Loader Phases’s purpose?
Boot Process
A
To load the Kernel into memory
Boot Process
24
What are the three phases of the Boot process?
| Boot Process
Bios Phase, Boot Manager Phase, and the Kernel Phase
| Boot Process
24
What is the Bios Phase's reason for existing?
| Boot Process
Hardware check on the system, then searches and run the "bootmgr" file
| Boot Process
24
What are the two parts to the Boot Loader Phase?
| Boot Process
Windows Boot Manager and Windows Boot Loader
| Boot Process
25
What does the Windows Boot Manager do in the Boot Loader Phase?
| Boot Process
Launches the Windows Boot Manager and reads in the BCD
| Boot Process
26
What does the Windows Boot Loader do in the Boot Loader Phase?
| Boot Process
Launches Windows Boot Loader then finds and starts the Winloader (WInload.exe)
| Boot Process
27
What is the Kernel Phase's (Windows NT OS Kernel) purpose for existing? (Name three)
| Boot Process
Loads the registry and drivers marked as "Boot Start" ; Launches the Session Manager (smss.exe) ; User session processes launch ; Launches Services ; Winlogon.exe (logon screen) ; session is created for the user after logon
| Boot Process
28
Explain a File System
| File Systems
A file system is implemented by the OS designed to store and retrieve data when necessary
| File Systems
29
Explain what a File Allocation Table (FAT) is
| File Systems
File system initially developed for Windows systems starting from MS-DOS up to Windows ME
| File Systems
30
What are the downsides to a FAT file system?
| File Systems
Does not support file compression or security features
| File Systems
31
What are the three advancements of FAT over it's lifespan?
| File Systems
FAT16, FAT32, and exFAT
| File Systems
32
How much data can FAT16 format and what is it's max file size?
| File Systems
Formats up to 16GBs; handles max file size of 2GB
| File Systems
33
How much data can FAT32 format and what is it's max file size?
| File Systems
Formats up to 16TBs; handles max file size of 4GB
| File Systems
34
How much data can exFAT format and what is it's max file size?
| File Systems
Formats up to 512TiBs-64ZiB; handles max file size of approximately 128 PiB
| File Systems
35
Define a Registry
| Registry
a central hierarchical database that stores necessary configuration information for the system to run
| Registry
36
What are the 2 Root Keys in the registry structure?
| Registry
HKEY_LOCAL_MACHINE and HKEY_USERS
| Registry
37
What are the 3 Linked Keys in the registry structure?
| Registry
HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, and HKEY_CURRENT_CONFIG
| Registry
38
What is the HKEY_CLASSES ROOT a shortcut to?
| Registry
HKLM\SOFTWARE\Classes
| Registry
39
What is the HKEY_CURRENT_USER a shortcut to?
| Registry
HKU\SID
| Registry
40
What is the HKEY_CURRENT_CONFIG a shortcut to?
| Registry
HKLM\SYSTEM\CurrentControl\HarwareProfiles\Current
| Registry
41
What is the structure of the Registry?
| Registry
Keys which are comparable to folders of a file system and Values which are comparable to the files in a file system
| Registry
42
What are the 6 different types similar to file extensions in the file system?
| Registry
REG_BINARY. REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ, REG_DWORD, and REG_QWORD
| Registry
43
What does REG_BINARY represent in a registry?
| Registry
Binary data in the values
| Registry
44
What does REG_SZ represent in a registry?
| Registry
Null-terminated strings in the values (String registry value)
| Registry
45
What does REG_MULTI_SZ represent in a registry?
| Registry
A sequence of Null-terminated strings in the values (Multi-string registry value)
| Registry
46
What does REG_EXPAND_SZ represent in the registry?
| Registry
That the registry values can use environmental variables (Expandable string registry value)
| Registry
47
What does the REG_DWORD represent in the registry?
| Registry
A 32 bit number inside the registry values (Double word registry value)
| Registry
48
What does the REG_QWORD represent in the registry?
| Registry
A 64 bit number inside the registry values (Quadruple word registry value)
| Registry
49
What are the registry common items?
| Registry
SIDs, GUIDs, and Hexs
| Registry
50
What is a SID?
| Registry
A unique value of variable length that is used to identify a security principal
| Registry
51
What are SIDs that identify generic users or groups and whose values are static?
| Registry
Well known SIDs
| Registry
52
What is a GUID?
| Registry
A 128 bit number used to identify information in computer systems
| Registry
53
What is commonly used to identify hardware and software versions?
| Registry
GUIDs
| Registry
54
What is a Hex value?
| Registry
Uses 16 characters (0-9,A-F)
| Registry
55
What registry Run Software is used when a user logs in?
| Registry
Either HKLM\Software\Microsoft\Windows\CurrentVersion\Run or HKU\Software\Microsoft\Windows\CurrentVersion\Run
| Registry
56
What are commonly used pieces of persistent malware used on the registry?
| Registry
Using the Autorun utility from Sysinternals to find software that is set to start from this location
| Registry
57
What are some of the ways that you can make the Windows Command Interpreter autorun a command when you start cmd.exe? (Name one of the three)
| Registry
To set up the autorun when you launch cmd.ex: Create the REG_SZ value AutoRun with the data "wmic qfe list" (When you launch cmd.exe - you'll be presented with a list of installed hotfixes) --- To create a DoS either create theREG_SZ value AutoRun with the data exit (When you launch the cmd.exe - it will immediately close) --- Or Create the REG_SZ value AutoRun with the data start cmd.exe (When you launch cmd.exe - it will launch cmd.exe, which will launch cmd.exe, which will launch more instance of cmd.exe until it crashes)
| Registry
58
What is the value and data for the path HKLM\Software\Microsoft\Command Processor ?
| Registry
Value = AutoRun : Data = command (that exists in the PATH variable) or filepath to a program
| Registry
59
What does the cmd.exe executable launch?
| Registry
Windows Command Interpreter
| Registry
60
What Sysinternals tools are used to simplify the registry's ability to delete a file that can't be removed while the system is running, to delete system files on reboot to brick your system, and to allows malware to reboot a system and remove itself to cover your tracks?
| Registry
movefile and pendmoves
| Registry
61
What is the path HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths used for?
| Registry
It is the exclusion location for Windows Defender
| Registry
62
What is the value and data for the path HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths ?
| Registry
Value = Absolute Filepath to a folder : Data = REG_DWORD 0x0
| Registry
63
How do you access the Windows Command Interpreter (RunAs Admin)?
| Microsoft Command Interpreter
Go to c: \Windows\System32\cmd.exe : tab complete enabled
| Microsoft Command Interpreter
64
What retains case sensitivity in Windows Command Interpreter?
| Microsoft Command Interpreter
Objects (files, folders and registry items to name a few)
| Microsoft Command Interpreter
65
What is an absolute path?
| Microsoft Command Interpreter
The entire path, starting with the root partition letter (i.e c:\Windows\System32\cmd.exe)
| Microsoft Command Interpreter
66
What is a relative path?
| Microsoft Command Interpreter
The path relative to the current directory
| Microsoft Command Interpreter
67
What is the definition of command arguments?
| Microsoft Command Interpreter
A predefined value, specified during the command's programming, which causes the command to work differently than it would without the specified argument
| Microsoft Command Interpreter
68
What is the Help argument used for?
| Microsoft Command Interpreter
To ask the system more about a specific command
| Microsoft Command Interpreter
69
What is the Double Quote and Escape necessary for?
| Microsoft Command Interpreter
To use metacharacters for their literal meanings
| Microsoft Command Interpreter
70
What is the escape character?
| Microsoft Command Interpreter
"^" = caret
| Microsoft Command Interpreter
71
What does the WIldcard represent?
| Microsoft Command Interpreter
It can mean any character that can be used in conjunction with whatever you type out (i.e. *.exe = all files with an "exe" extension ; Win* = all files with"Win" ; *.* = all files)
| Microsoft Command Interpreter
72
What is the wildcard character?
| Microsoft Command Interpreter
* = star
| Microsoft Command Interpreter
73
What are the three defined handlers?
| Microsoft Command Interpreter
Standard IN (STDIN) = 0, Standard OUT (STDOUT) = 1, and Standard ERROR (STDERR) = 2
| Microsoft Command Interpreter
74
What is Standard IN?
| Microsoft Command Interpreter
Input from the the Keyboard
| Microsoft Command Interpreter
75
What is Standard OUT?
| Microsoft Command Interpreter
The output from the Terminal
| Microsoft Command Interpreter
76
What is Standard ERROR?
| Microsoft Command Interpreter
Send an error to the Terminal
| Microsoft Command Interpreter
77
How is Input Redirection done?
| Microsoft Command Interpreter
< = less than bracket, crocodile/alligator opening its mouth to the right, bracket open on the right, (whatever you like to say)
| Microsoft Command Interpreter
78
What is Input Redirection used for?
| Microsoft Command Interpreter
To get info from a file instead of the keyboard
| Microsoft Command Interpreter
79
How is Output Redirection done?
| Microsoft Command Interpreter
> = greater than bracket, crocodile/alligator mouth open to the left, bracket open to the left, (like I said whatever you call it)
or >> = two of these thingies
| Microsoft Command Interpreter
80
What are the two uses of Output redirection
| Microsoft Command Interpreter
> is used to overwrite info in the destination and >> is used to append info in the destination
| Microsoft Command Interpreter
81
What are Streams?
| Microsoft Command Interpreter
Basic Input/Output that can be redirected if wanted
| Microsoft Command Interpreter
82
What are Pipes?
| Microsoft Command Interpreter
Redirects to the STDOUT to piped command
| Microsoft Command Interpreter
83
What is the purpose of the echo command?
| Microsoft Command Interpreter
Displays messages to the terminal
| Microsoft Command Interpreter
84
Can you use Input Redirection operators to gather information about a file using echo?
| Microsoft Command Interpreter
NO, you can use output redirection operators to create new files with the specified text
| Microsoft Command Interpreter
85
What does the systeminfo command do?
| Microsoft Command Interpreter
Shows OS configs, service pack, and hotfix information of local or remote systems
| Microsoft Command Interpreter
86
What does the set command do?
| Microsoft Command Interpreter
Without specifying any arguments, this command displays all environment variables that have been set
| Microsoft Command Interpreter
87
What does the dir command do?
| Microsoft Command Interpreter
Displays what is in a directory
| Microsoft Command Interpreter
88
What will dir not show by default?
| Microsoft Command Interpreter
Read only files/folders, hidden files/folders, and system files/folders
| Microsoft Command Interpreter
89
What do the chdir or cd commands do?
| Microsoft Command Interpreter
Changes the user to a specified directory
| Microsoft Command Interpreter
90
What do the mkdir or md commands do?
| Microsoft Command Interpreter
Makes new directories
| Microsoft Command Interpreter
91
How many directories can the mkdir/md commands make at once?
| Microsoft Command Interpreter
As many as necessary for the project
| Microsoft Command Interpreter
92
What do the rmdir or rd commands do?
| Microsoft Command Interpreter
Removes the specified directory
| Microsoft Command Interpreter
93
What can be considered a shortcoming for the rmdir/rm commands?
| Microsoft Command Interpreter
It will not remove directories that are empty by default
| Microsoft Command Interpreter
94
What does the more command do?
| Microsoft Command Interpreter
Displays the output of a file and can be piped
| Microsoft Command Interpreter
95
How can you manipulate the more command?
| Microsoft Command Interpreter
Will print one screen at a time with "Space" ; will print one line at a time with "Enter"
| Microsoft Command Interpreter
96
What does the copy command do?
| Microsoft Command Interpreter
Copy files from one location to another
| Microsoft Command Interpreter
97
How can xcopy be used to advance the function of the copy command?
| Microsoft Command Interpreter
It has the ability to copy directories, file attributes and the ownership information of a given file
| Microsoft Command Interpreter
98
What does the move command do?
| Microsoft Command Interpreter
It moves a file from one location to another
| Microsoft Command Interpreter
99
What do the Rename/Ren commands do?
| Microsoft Command Interpreter
Renames a file. it's pretty self explanatory
| Microsoft Command Interpreter
100
What does the type command do?
| Microsoft Command Interpreter
Displays the contents of text files to the terminal
| Microsoft Command Interpreter
101
What does the find command do?
| Microsoft Command Interpreter
Searches for strings in files or the output of a command, however it does not use regular expression syntax
| Microsoft Command Interpreter
102
What does the del command do?
| Microsoft Command Interpreter
Deletes a file
| Microsoft Command Interpreter
103
What does the attrib command do?
| Microsoft Command Interpreter
View and modify a files attributes
| Microsoft Command Interpreter
104
What does the sort command do?
| Microsoft Command Interpreter
Sorts from A-Z by default
| Microsoft Command Interpreter
105
What does the icacls command do?
| Microsoft Command Interpreter
Displays or modifies access control lists (ACLs) of files or folders, allows editing of inheritance of permissions, allows changing of ownership, and allows the saving of ACLs for later use
| Microsoft Command Interpreter
106
What does the takeown command do?
| Microsoft Command Interpreter
Forces ownership change on files/folders
| Microsoft Command Interpreter
107
What does the tasklist command do?
| Microsoft Command Interpreter
Allows you to view the processes that are running
| Microsoft Command Interpreter
108
What does the taskkill command do?
| Microsoft Command Interpreter
Terminates processes based on the PID or the IMAGENAME
| Microsoft Command Interpreter
109
What does the schtasks command do?
| Microsoft Command Interpreter
Create, delete, query, change, run and end scheduled tasks on a local or remote system
| Microsoft Command Interpreter
110
What doe the sc query / queryex commands do?
| Microsoft Command Interpreter
Lists all active services by default
| Microsoft Command Interpreter
111
What does the sc qc command do?
| Microsoft Command Interpreter
Queries the configuration of a service (must have service name to use)
| Microsoft Command Interpreter
112
What does the sc config command do?
| Microsoft Command Interpreter
Changes the configuration settings for services by using the service key name as an argument and it requires at least one other option to be specified
| Microsoft Command Interpreter
113
What does sc getdisplayname do?
| Microsoft Command Interpreter
Gets the display name of a service when you only know the service key name
| Microsoft Command Interpreter
114
What is the counterpart to sc getdisplayname and gathers the need the service key name but you only know the display name?
| Microsoft Command Interpreter
sc getkeyname
| Microsoft Command Interpreter
115
What do sc start and sc stop do?
| Microsoft Command Interpreter
Start and stop a service using the service name
| Microsoft Command Interpreter
116
What does the net start command do?
| Microsoft Command Interpreter
Net start = starts a specified service using either the display name or the key name (if no arguments are used it lists the names of all running services)
| Microsoft Command Interpreter
117
What does net stop do?
| Microsoft Command Interpreter
Stops running services
| Microsoft Command Interpreter
118
What does net user do?
| Microsoft Command Interpreter
Allows creating or modifying user accounts
| Microsoft Command Interpreter
119
What does the net localgroup command do?
| Microsoft Command Interpreter
Allows managing of local group accounts
| Microsoft Command Interpreter
120
What does the net group command do?
| Microsoft Command Interpreter
Allows managing of domain group accounts
| Microsoft Command Interpreter
121
What does the net share command do?
| Microsoft Command Interpreter
Manages the local resources to share with other users
| Microsoft Command Interpreter
122
What does the net use command do?
| Microsoft Command Interpreter
Connects a computer to a shared resource or disconnects a computer from a shared resource (when used without options, will list the computer's connections)
| Microsoft Command Interpreter
123
What does ipconfig do?
| Microsoft Command Interpreter
Displays the network adapter information (IP, Subnet and Default Gateway)
| Microsoft Command Interpreter
124
What does the ping command do?
| Microsoft Command Interpreter
Sends for ICMP requests and waits for a response to see if the specified system is up
| Microsoft Command Interpreter
125
What does the tracert command do?
| Microsoft Command Interpreter
Traces each hop (next route interface) between the source and destination IPs
| Microsoft Command Interpreter
126
What does the netstat command do?
| Microsoft Command Interpreter
Displays the protocol and ethernet statistics and the current TCP/IP connections
| Microsoft Command Interpreter
127
What is the Alternate Data Stream identifier?
| Microsoft Command Interpreter
$Data
| Microsoft Command Interpreter
128
What is the recursive argument's most common switch?
| Microsoft Command Interpreter
\s
| Microsoft Command Interpreter
129
What are the uses for scripting?
| Batch Scripting
To automate tasks that are repetitive, need to be run on several computers, or may take a while
| Batch Scripting
130
What is the @ symbol used for in regards to scripting?
| Batch Scripting
It is used so that the output of the script is the only thing printed to the terminal
| Batch Scripting
131
What are the use cases for REM?
| Batch Scripting
For comments in your script
| Batch Scripting
132
To make a batch script, you should save a text file as ____ ?
| Batch Scripting
A .bat file
| Batch Scripting
133
How do you execute a batch script?
| Batch Scripting
Enter in the absolute or relative path to it
| Batch Scripting
134
What are batch parameters?
| Batch Scripting
Arguments specified at the command-line
| Batch Scripting
135
What are the variables available for use and what are their use cases?
| Batch Scripting
%0-%9 ; %0 is the name of the script and each sequential variable is the repective argument (i.e. %1 = the first argument, %2 = the second argument, etc...)
| Batch Scripting
136
What are variables and how are they assigned?
| Batch Scripting
They are used to store values and are assigned using the = character
| Batch Scripting
137
How are variables accessed?
| Batch Scripting
Using the % character
| Batch Scripting
138
What are setlocal and endlocal used for in scripting?
| Batch Scripting
They make all variables local to the script
| Batch Scripting
139
Where are setlocal and endlocal placed?
| Batch Scripting
Setlocal is placed at the beginning od a script, just after @echo. Endlocal is placed at the end of a script
| Batch Scripting
140
What is a good programming practice to abide by when refering to endlocal?
| Batch Scripting
To specify endlocal even though it is implied by default
| Batch Scripting
141
What is necessary when using variables within loops or nested statments when refering to scripting?
| Batch Scripting
ENABLEDELAYEDEXPANSION
| Batch Scripting
142
What is the difference between Assignment and Comparison Operators?
| Batch Scripting
Assignment is used to place value into a vaiable whilst comparison evaluates to see if two things are the same
| Batch Scripting
143
Name the assignment operators and what they are used for (at least three)
| Batch Scripting
= (puts the value on the right and the variable on the left) ;
+ (increase the variable on the left by the amount indicated on the right) ;
- (Decrease the variable on the left by the amount indicated on the right) ;
* (multiply the variable on the left by the amount indicated on the right) ;
\ (divide the variable on the left by the amount indicated on the right)
| Batch Scripting
144
How does the comparison operator functions?
| Batch Scripting
It performs an operation dependig on the operators definition (Returns T/F)
| Batch Scripting
145
How would you use the comparison operator to compare two strings?
| Batch Scripting
==
| Batch Scripting
146
What are the integer comparison operators?
| Batch Scripting
EQU (are the two equal)
NEQ (are the two different)
LSS (is x less than y)
LEQ (is x less than or equal to y)
GTR (is x greater than y)
GEQ (is x greater than or equal to y)
| Batch Scripting
147
How do if statements function?
| Batch Scripting
If statement is true, performs a given set of actions and vice versa
| Batch Scripting
148
How do sequential if statements function?
| Batch Scripting
Same as if statements however mutiple possible outcomes may be defined
| Batch Scripting
