Book Exam Essentials

Question 1

What is the most commonly used file system on Windows hard drives?

Answer 1

NTFS

Question 2

FAT32

Answer 2

Hard drive file system that is older and quicker for smaller drives.

Question 3

What does NTFS add that FAT32 does not

Answer 3

Security, auditing

Question 4

Location of the Recycle Bin in Windows XP

Answer 4

\RECYCLER

Question 5

Location of the Recycle bin in Windows 7, Vista, above

Answer 5

$Recycle.bin

Question 6

Jump List

Answer 6

This is a quick way to access files you’ve been working on through their association
with the application that has been using them. Right-click on the application and a
list of current files appears

Question 7

Snap

Answer 7

This is a quick way to resize windows on the Desktop.

Question 8

HomeGroup

Answer 8

This is a simplified way to set up a home network. It allows you to share
files and prevent changes from being made to those files by those sharing them (unless you
give them permission to do so).

Question 9

What control panel utilities are unique to Windows 7

Answer 9

HomeGroup
RemoteApp and Desktop Connections
Troubleshooting

Question 10

RemoteApp and Desktop Connections

Answer 10

access remote computers and virtual machines made available
over the network through port 3389. RemoteApp can be used directly to the host and can
also be used through Remote Desktop Web Access which uses HTTPS as a transport at the
client end. T

Question 11

Troubleshooting control panel application

Answer 11

provide a simple interface to use to attack many common problems

Question 12

A custom installation results in what?

Answer 12

Either wipes the old system or replaces the existing system putting the old files into WINDOWS.OLD. Applications must be reinstalled.

Question 13

An upgrade installation results in what?

Answer 13

User data is migrated. Applications are migrated.

Question 14

Bootmgr / BOOTMGR

Answer 14

A replacement for the Windows NTLDR, bootmgr is the Windows boot sequence manager first introduced in Microsoft Vista that reads the boot configuration data and displays the operating systems selection menu.

Question 15

NTLDR

Answer 15

Short for NT loader, NTLDR is a program loaded from the hard drive boot sector that displays the Microsoft Windows NT startup menu and helps Microsoft Windows NT/2000/XP load. This portion of the boot sequence was replaced by Bootmgr in Windows Vista and later versions of Windows.

Question 16

BCD

Answer 16

Boot Configuration Data (BCD) is a firmware-independent database for boot-time configuration data. It is used by Microsoft’s new Windows Boot Manager and replaces the boot.ini that was used by NTLDR.

Question 17

BCDedit.exe

Answer 17

command-line tool modifies the boot configuration data store.

Question 18

boot.ini

Answer 18

The “boot.ini” is a Microsoft initialization file found on the Microsoft Windows NT, Microsoft Windows 2000, and Microsoft Windows XP operating systems. This file is always located on the root directory of the primary hard drive. In other words, it is located at C:\ directory or the C Drive. This file is used by Microsoft Windows as a method of displaying a menu of operating systems currently on the computer and allowing the user to select what operating system to load. In addition, this file is also used to point to the locations of each of the operating systems.

Question 19

NTDETECT.COM

Answer 19

checks the system for installed
devices and device configurations and initializes the devices it finds. It passes the infor-
mation to NTLDR , which collects this information and passes it to NTOSKRNL.EXE

Question 20

NTOSKRNL.EXE

Answer 20

Windows OS kernel. The solution to a corrupted NTOSKRNL.EXE file is
to boot from a startup disk and replace the file from the setup media.

Question 21

Armored virus

Answer 21

An armored virus is designed to make itself difficult to detect or ana-
lyze. Armored viruses cover themselves with protective code that stops debuggers or
disassemblers from examining critical elements of the virus. The virus may be written
in such a way that some aspects of the programming act as a decoy to distract analysis
while the actual code hides in other areas in the program.

Question 22

Companion virus

Answer 22

attaches itself to legitimate programs and then cre-
ates a program with a different filename extension. This file may reside in your system’s
temporary directory. When a user types the name of the legitimate program, the com-
panion virus executes instead of the real program

Question 23

Macro virus

Answer 23

Programmers can expand the capability of applications such as Microsoft Word
and Excel.

Question 24

Multipartite virus

Answer 24

attacks your system in multiple ways. It may
attempt to infect your boot sector, infect all of your executable files, and destroy your
application files. The hope here is that you won’t be able to correct all the problems and
will allow the infestation to continue.`

Question 25

Phage virus

Answer 25

alters other programs and databases. The virus infects all of
these files. The only way to remove this virus is to reinstall the programs that are infected.

Question 26

Polymorphic virus

Answer 26

change form to avoid detection. The virus will attempt to hide from your antivirus software. Frequently, the virus will
encrypt parts of itself to avoid detection

Question 27

Retrovirus

Answer 27

attacks or bypasses the antivirus software installed on a computer. You can consider a retrovirus to be an anti-antivirus.

Question 28

Stealth virus

Answer 28

A stealth virus attempts to avoid detection by masking itself from applications.