Block 1 Windows Flashcards

Question 1

Q

What is the Kernel?

Windows Components

Answer

A

heart of the OS providing basic low-level operations suck as schedulinng threads or routing hardware interrupts

Windows Components

Question 2

Q

Explain User mode for Processors

Windows Components

Answer

A

Private virtual address space in memory
unprivileged/restricted

Windows Components

Question 3

Q

Explain Kernel mode for Processors

Windows Components

Answer

A

Shares the same vitual address space in memory
Privileged/unrestricted

Windows Components

Question 4

Q

What Processor mode makes it possible to overwrite other programs and compromise the entire system?

Windows Components

Answer

A

Kernel Mode

Windows Components

Question 5

Q

What are drivers?

Windows Components

Answer

A

Software component that enables communication between hardware and the OS

Windows Components

Question 6

Q

What are the Driver Types?

Windows Components

Answer

A

User Mode and Kernel

Windows Components

Question 7

Q

Explain the Drivers User mode

Windows Components

Answer

A

Interfaces between a Win32 application and kernel-mode driver or other OS components

Windows Components

Question 8

Q

Explain the Drivers Kernel mode

Windows Components

Answer

A

Interface with I/O, Plug and play memory, process and thread management, security, etc…

Windows Components

Question 9

Q

Explain Lowest-level drivers

Windows Components

Answer

A

Control I/O bus in which the actual hardware device is connected
DOES NOT DEPEND ON LOWER LEVEL DRIVERS

Windows Components

Question 10

Q

Give an example of a Lowest-level driver

Windows Components

Answer

A

AGP/PCI hardware bus drivers

Windows Components

Question 11

Q

How are intermediate-level drivers divided?

Windows Components

Answer

A

Function, Filter and Software bus Drivers

Windows Components

Question 12

Q

What do intermediate-level drivers and highest-level drivers have in common

Windows Components

Answer

A

always depend on lower level drivers for support

Windows Components

Question 13

Q

What are some examples of highest-level drivers

Windows Components

Answer

A

NTFS, FAT, CDFS

Windows Components

Question 14

Q

What do filter drivers do?

Windows Components

Answer

A

communicates with other filter drivers or function drivers
(basically filters information)

Windows Components

Question 15

Q

What are the three driver categories?

Windows Components

Answer

A

Software, Bus, and Device

Windows Components

Question 16

Q

What mode do bus drivers always run in?

Windows Components

Answer

A

Kernel mode

Windows Components

Question 17

Q

What mode do software drivers always run in?

Windows Components

Answer

A

Kernel mode

Windows Components

Question 18

Q

What mode do Device drivers always run in?

Windows Components

Answer

A

Can run in both User and Kernel mode

Windows Components

Question 19

Q

What do software bus drivers do?

Windows Components

Answer

A

provides an interface for higher-level drivers to attah to a set of child devices
(the bus drives around children)

Windows Components

Question 20

Q

What do function drivers do?

Windows Components

Answer

A

Handles reads/writes to the device and manages device power policy

Windows Components

Question 21

Q

What are the three types of intermediate-level drivers?

Windows Components

Answer

A

Function, filter, and software bus

Windows Components

Question 22

Q

What do software bus drivers do?

Answer

A

Provides an interface for higher-level drivers to attach to a set of child services

Question 23

Q

What stage is the Master Boot Record read on?

Boot Process

Answer

A

The BIOS Phase

Boot Process

Question 24

Q

What is the the Boot Loader Phases’s purpose?

Boot Process

Answer

A

To load the Kernel into memory

Boot Process

Question 25

Q

What are the three phases of the Boot process?

Boot Process

Answer

A

Bios Phase, Boot Manager Phase, and the Kernel Phase

Boot Process

Question 26

Q

What is the Bios Phase’s reason for existing?

Boot Process

Answer

A

Hardware check on the system, then searches and run the “bootmgr” file

Boot Process

Question 27

Q

What are the two parts to the Boot Loader Phase?

Boot Process

Answer

A

Windows Boot Manager and Windows Boot Loader

Boot Process

Question 28

Q

What does the Windows Boot Manager do in the Boot Loader Phase?

Boot Process

Answer

A

Launches the Windows Boot Manager and reads in the BCD

Boot Process

Question 29

Q

What does the Windows Boot Loader do in the Boot Loader Phase?

Boot Process

Answer

A

Launches Windows Boot Loader then finds and starts the Winloader (WInload.exe)

Boot Process

Question 30

Q

What is the Kernel Phase’s (Windows NT OS Kernel) purpose for existing? (Name three)

Boot Process

Answer

A

Loads the registry and drivers marked as “Boot Start” ; Launches the Session Manager (smss.exe) ; User session processes launch ; Launches Services ; Winlogon.exe (logon screen) ; session is created for the user after logon

Boot Process

Question 31

Q

Explain a File System

File Systems

Answer

A

A file system is implemented by the OS designed to store and retrieve data when necessary

File Systems

Question 32

Q

Explain what a File Allocation Table (FAT) is

File Systems

Answer

A

File system initially developed for Windows systems starting from MS-DOS up to Windows ME

File Systems

Question 33

Q

What are the downsides to a FAT file system?

File Systems

Answer

A

Does not support file compression or security features

File Systems

Question 34

Q

What are the three advancements of FAT over it’s lifespan?

File Systems

Answer

A

FAT16, FAT32, and exFAT

File Systems

Question 35

Q

How much data can FAT16 format and what is it’s max file size?

File Systems

Answer

A

Formats up to 16GBs; handles max file size of 2GB

File Systems

Question 36

Q

How much data can FAT32 format and what is it’s max file size?

File Systems

Answer

A

Formats up to 16TBs; handles max file size of 4GB

File Systems

Question 37

Q

How much data can exFAT format and what is it’s max file size?

File Systems

Answer

A

Formats up to 512TiBs-64ZiB; handles max file size of approximately 128 PiB

File Systems

Question 38

Q

Define a Registry

Registry

Answer

A

a central hierarchical database that stores necessary configuration information for the system to run

Registry

Question 39

Q

What are the 2 Root Keys in the registry structure?

Registry

Answer

A

HKEY_LOCAL_MACHINE and HKEY_USERS

Registry

Question 40

Q

What are the 3 Linked Keys in the registry structure?

Registry

Answer

A

HKEY_CLASSES_ROOT, HKEY_CURRENT_USER, and HKEY_CURRENT_CONFIG

Registry

Question 41

Q

What is the HKEY_CLASSES ROOT a shortcut to?

Registry

Answer

A

HKLM\SOFTWARE\Classes

Registry

Question 42

Q

What is the HKEY_CURRENT_USER a shortcut to?

Registry

Answer

A

HKU\SID

Registry

Question 43

Q

What is the HKEY_CURRENT_CONFIG a shortcut to?

Registry

Answer

A

HKLM\SYSTEM\CurrentControl\HarwareProfiles\Current

Registry

Question 44

Q

What is the structure of the Registry?

Registry

Answer

A

Keys which are comparable to folders of a file system and Values which are comparable to the files in a file system

Registry

Question 45

Q

What are the 6 different types similar to file extensions in the file system?

Registry

Answer

A

REG_BINARY. REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ, REG_DWORD, and REG_QWORD

Registry

Question 46

Q

What does REG_BINARY represent in a registry?

Registry

Answer

A

Binary data in the values

Registry

Question 47

Q

What does REG_SZ represent in a registry?

Registry

Answer

A

Null-terminated strings in the values (String registry value)

Registry

Question 48

Q

What does REG_MULTI_SZ represent in a registry?

Registry

Answer

A

A sequence of Null-terminated strings in the values (Multi-string registry value)

Registry

Question 49

Q

What does REG_EXPAND_SZ represent in the registry?

Registry

Answer

A

That the registry values can use environmental variables (Expandable string registry value)

Registry

Question 50

Q

What does the REG_DWORD represent in the registry?

Registry

Answer

A

A 32 bit number inside the registry values (Double word registry value)

Registry

Question 51

Q

What does the REG_QWORD represent in the registry?

Registry

Answer

A

A 64 bit number inside the registry values (Quadruple word registry value)

Registry

Question 52

Q

What are the registry common items?

Registry

Answer

A

SIDs, GUIDs, and Hexs

Registry

Question 53

Q

What is a SID?

Registry

Answer

A

A unique value of variable length that is used to identify a security principal

Registry

Question 54

Q

What are SIDs that identify generic users or groups and whose values are static?

Registry

Answer

A

Well known SIDs

Registry

Question 55

Q

What is a GUID?

Registry

Answer

A

A 128 bit number used to identify information in computer systems

Registry

Question 56

Q

What is commonly used to identify hardware and software versions?

Registry

Answer

A

GUIDs

Registry

Question 57

Q

What is a Hex value?

Registry

Answer

A

Uses 16 characters (0-9,A-F)

Registry

Question 58

Q

What registry Run Software is used when a user logs in?

Registry

Answer

A

Either HKLM\Software\Microsoft\Windows\CurrentVersion\Run or HKU\Software\Microsoft\Windows\CurrentVersion\Run

Registry

Question 59

Q

What are commonly used pieces of persistent malware used on the registry?

Registry

Answer

A

Using the Autorun utility from Sysinternals to find software that is set to start from this location

Registry

Question 60

Q

What are some of the ways that you can make the Windows Command Interpreter autorun a command when you start cmd.exe? (Name one of the three)

Registry

Answer

A

To set up the autorun when you launch cmd.ex: Create the REG_SZ value AutoRun with the data “wmic qfe list” (When you launch cmd.exe - you’ll be presented with a list of installed hotfixes) — To create a DoS either create theREG_SZ value AutoRun with the data exit (When you launch the cmd.exe - it will immediately close) — Or Create the REG_SZ value AutoRun with the data start cmd.exe (When you launch cmd.exe - it will launch cmd.exe, which will launch cmd.exe, which will launch more instance of cmd.exe until it crashes)

Registry

Question 61

Q

What is the value and data for the path HKLM\Software\Microsoft\Command Processor ?

Registry

Answer

A

Value = AutoRun : Data = command (that exists in the PATH variable) or filepath to a program

Registry

Question 62

Q

What does the cmd.exe executable launch?

Registry

Answer

A

Windows Command Interpreter

Registry

Question 63

Q

What Sysinternals tools are used to simplify the registry’s ability to delete a file that can’t be removed while the system is running, to delete system files on reboot to brick your system, and to allows malware to reboot a system and remove itself to cover your tracks?

Registry

Answer

A

movefile and pendmoves

Registry

Question 64

Q

What is the path HKLM\SOFTWARE\Microsoft\Windows Defender\Exclusions\Paths used for?

Registry

Answer

A

It is the exclusion location for Windows Defender

Registry

Answer 65

A

Value = Absolute Filepath to a folder : Data = REG_DWORD 0x0

Registry

Answer 66

A

Go to c: \Windows\System32\cmd.exe : tab complete enabled

Microsoft Command Interpreter

Answer 67

A

Objects (files, folders and registry items to name a few)

Microsoft Command Interpreter

Answer 68

A

The entire path, starting with the root partition letter (i.e c:\Windows\System32\cmd.exe)

Microsoft Command Interpreter

Answer 69

A

The path relative to the current directory

Microsoft Command Interpreter

Answer 70

A

A predefined value, specified during the command’s programming, which causes the command to work differently than it would without the specified argument

Microsoft Command Interpreter

Answer 71

A

To ask the system more about a specific command

Microsoft Command Interpreter

Answer 72

A

To use metacharacters for their literal meanings

Microsoft Command Interpreter

Answer 73

A

”^” = caret

Microsoft Command Interpreter

Answer 74

A

It can mean any character that can be used in conjunction with whatever you type out (i.e. .exe = all files with an “exe” extension ; Win = all files with”Win” ; . = all files)

Microsoft Command Interpreter

Answer 75

A

= star

Microsoft Command Interpreter

Answer 76

A

Standard IN (STDIN) = 0, Standard OUT (STDOUT) = 1, and Standard ERROR (STDERR) = 2

Microsoft Command Interpreter

Answer 77

A

Input from the the Keyboard

Microsoft Command Interpreter

Answer 78

A

The output from the Terminal

Microsoft Command Interpreter

Answer 79

A

Send an error to the Terminal

Microsoft Command Interpreter

Answer 80

A

< = less than bracket, crocodile/alligator opening its mouth to the right, bracket open on the right, (whatever you like to say)

Microsoft Command Interpreter

Answer 81

A

To get info from a file instead of the keyboard

Microsoft Command Interpreter

Answer 82

A

> = greater than bracket, crocodile/alligator mouth open to the left, bracket open to the left, (like I said whatever you call it)
or&raquo_space; = two of these thingies

Microsoft Command Interpreter

Answer 83

A

> is used to overwrite info in the destination and&raquo_space; is used to append info in the destination

Microsoft Command Interpreter

Answer 84

A

Basic Input/Output that can be redirected if wanted

Microsoft Command Interpreter

Answer 85

A

Redirects to the STDOUT to piped command

Microsoft Command Interpreter

Answer 86

A

Displays messages to the terminal

Microsoft Command Interpreter

Answer 87

A

NO, you can use output redirection operators to create new files with the specified text

Microsoft Command Interpreter

Answer 88

A

Shows OS configs, service pack, and hotfix information of local or remote systems

Microsoft Command Interpreter

Answer 89

A

Without specifying any arguments, this command displays all environment variables that have been set

Microsoft Command Interpreter

Answer 90

A

Displays what is in a directory

Microsoft Command Interpreter

Answer 91

A

Read only files/folders, hidden files/folders, and system files/folders

Microsoft Command Interpreter

Answer 92

A

Changes the user to a specified directory

Microsoft Command Interpreter

Answer 93

A

Makes new directories

Microsoft Command Interpreter

Answer 94

A

As many as necessary for the project

Microsoft Command Interpreter

Answer 95

A

Removes the specified directory

Microsoft Command Interpreter

Answer 96

A

It will not remove directories that are empty by default

Microsoft Command Interpreter

Answer 97

A

Displays the output of a file and can be piped

Microsoft Command Interpreter

Answer 98

A

Will print one screen at a time with “Space” ; will print one line at a time with “Enter”

Microsoft Command Interpreter

Answer 99

A

Copy files from one location to another

Microsoft Command Interpreter

Answer 100

A

It has the ability to copy directories, file attributes and the ownership information of a given file

Microsoft Command Interpreter

Answer 101

A

It moves a file from one location to another

Microsoft Command Interpreter

Answer 102

A

Renames a file. it’s pretty self explanatory

Microsoft Command Interpreter

Answer 103

A

Displays the contents of text files to the terminal

Microsoft Command Interpreter

Answer 104

A

Searches for strings in files or the output of a command, however it does not use regular expression syntax

Microsoft Command Interpreter

Answer 105

A

Deletes a file

Microsoft Command Interpreter

Answer 106

A

View and modify a files attributes

Microsoft Command Interpreter

Answer 107

A

Sorts from A-Z by default

Microsoft Command Interpreter

Answer 108

A

Displays or modifies access control lists (ACLs) of files or folders, allows editing of inheritance of permissions, allows changing of ownership, and allows the saving of ACLs for later use

Microsoft Command Interpreter

Answer 109

A

Forces ownership change on files/folders

Microsoft Command Interpreter

Answer 110

A

Allows you to view the processes that are running

Microsoft Command Interpreter

Answer 111

A

Terminates processes based on the PID or the IMAGENAME

Microsoft Command Interpreter

Answer 112

A

Create, delete, query, change, run and end scheduled tasks on a local or remote system

Microsoft Command Interpreter

Answer 113

A

Lists all active services by default

Microsoft Command Interpreter

Answer 114

A

Queries the configuration of a service (must have service name to use)

Microsoft Command Interpreter

Answer 115

A

Changes the configuration settings for services by using the service key name as an argument and it requires at least one other option to be specified

Microsoft Command Interpreter

Answer 116

A

Gets the display name of a service when you only know the service key name

Microsoft Command Interpreter

Answer 117

A

sc getkeyname

Microsoft Command Interpreter

Answer 118

A

Start and stop a service using the service name

Microsoft Command Interpreter

Answer 119

A

Net start = starts a specified service using either the display name or the key name (if no arguments are used it lists the names of all running services)

Microsoft Command Interpreter

Answer 120

A

Stops running services

Microsoft Command Interpreter

Answer 121

A

Allows creating or modifying user accounts

Microsoft Command Interpreter

Answer 122

A

Allows managing of local group accounts

Microsoft Command Interpreter

Answer 123

A

Allows managing of domain group accounts

Microsoft Command Interpreter

Answer 124

A

Manages the local resources to share with other users

Microsoft Command Interpreter

Answer 125

A

Connects a computer to a shared resource or disconnects a computer from a shared resource (when used without options, will list the computer’s connections)

Microsoft Command Interpreter

Answer 126

A

Displays the network adapter information (IP, Subnet and Default Gateway)

Microsoft Command Interpreter

Answer 127

A

Sends for ICMP requests and waits for a response to see if the specified system is up

Microsoft Command Interpreter

Answer 128

A

Traces each hop (next route interface) between the source and destination IPs

Microsoft Command Interpreter

Answer 129

A

Displays the protocol and ethernet statistics and the current TCP/IP connections

Microsoft Command Interpreter

Answer 130

A

$Data

Microsoft Command Interpreter

Answer 131

A

\s

Microsoft Command Interpreter

Answer 132

A

To automate tasks that are repetitive, need to be run on several computers, or may take a while

Batch Scripting

Answer 133

A

It is used so that the output of the script is the only thing printed to the terminal

Batch Scripting

Answer 134

A

For comments in your script

Batch Scripting

Answer 135

A

A .bat file

Batch Scripting

Answer 136

A

Enter in the absolute or relative path to it

Batch Scripting

Answer 137

A

Arguments specified at the command-line

Batch Scripting

Answer 138

A

%0-%9 ; %0 is the name of the script and each sequential variable is the repective argument (i.e. %1 = the first argument, %2 = the second argument, etc…)

Batch Scripting

Answer 139

A

They are used to store values and are assigned using the = character

Batch Scripting

Answer 140

A

Using the % character

Batch Scripting

Answer 141

A

They make all variables local to the script

Batch Scripting

Answer 142

A

Setlocal is placed at the beginning od a script, just after @echo. Endlocal is placed at the end of a script

Batch Scripting

Answer 143

A

To specify endlocal even though it is implied by default

Batch Scripting

Answer 144

A

ENABLEDELAYEDEXPANSION

Batch Scripting

Answer 145

A

Assignment is used to place value into a vaiable whilst comparison evaluates to see if two things are the same

Batch Scripting

Answer 146

A

= (puts the value on the right and the variable on the left) ;
+ (increase the variable on the left by the amount indicated on the right) ;
- (Decrease the variable on the left by the amount indicated on the right) ;
* (multiply the variable on the left by the amount indicated on the right) ;
\ (divide the variable on the left by the amount indicated on the right)

Batch Scripting

Answer 147

A

It performs an operation dependig on the operators definition (Returns T/F)

Batch Scripting

Answer 148

A

==

Batch Scripting

Answer 149

A

EQU (are the two equal)
NEQ (are the two different)
LSS (is x less than y)
LEQ (is x less than or equal to y)
GTR (is x greater than y)
GEQ (is x greater than or equal to y)

Batch Scripting

Answer 150

A

If statement is true, performs a given set of actions and vice versa

Batch Scripting

Answer 151

A

Same as if statements however mutiple possible outcomes may be defined

Batch Scripting

Brainscape's Knowledge GenomeTM

Block 1 Windows Flashcards

Brainscape's Knowledge Genome^TM