Definitions

Question 1

Controls how the system audits object access attempts.

Answer 1

System Access Control List

Question 2

Auditing - POPPSALAD

Network based access to computer and attempts to connect to shares; also known as authentication events.

Answer 2

Account Logon

Question 3

Windows Architecture

Meet government and industry requirements for system security and protections against external tampering.

Answer 3

Security

Question 4

Domain Controller Logs

_ _ logs = available when machine is configured as a DNS server.

Answer 4

DNS Server

Question 5

Subsystem DLLs

Contains basic functions; such as windows management, user input, text, etc. Allows use of GUI.

Answer 5

user32.dll

Question 6

HKLM Software

CurrentVersion\ _ = executes a program the next time a user logs on.

Answer 6

CurrentVersion\RunOnce

Question 7

Auditing POPPSALAD

When an object (file, folder, etc) is accessed that has a SACL.

Answer 7

Object Access

Question 8

SID

S-1-5-#s-__=

Administrator
User account

Answer 8

500

Question 9

In a __, each system shares common configurations, resources, and security principles.

Answer 9

Domain

Question 10

Windows Registry

2 master keys are:

Answer 10

HKEY_USERS (HKU)
&
HKEY_LOCAL_MACHINE

Question 11

System Processes

The subsystem process. Subsystem DLLs run in the context of this process

Answer 11

csrss.exe

Question 12

Auditing POPPSALAD

Changes to users rights, windows firewall, GPOs, audit or trust policies.

Answer 12

Policy Change

Question 13

Data Types

Raw binary data; hardware component information stored as binary data.

Answer 13

REG_BINARY

Question 14

HKLM Software

CurrentVersion\__ = List of executables that run on system startup.

Answer 14

CurrentVersion\RUN

Question 15

Logs

__ log= contains events logged by system components.

1st party

Answer 15

System Log

Question 16

In a __, each system is considered standalone with regards to authentication and system security principles.

Answer 16

Workgroup

Question 17

Subsystem DLLs

Part of the windows Graphic Device Interface that enables programs and applications to use graphics and formatted text.

Answer 17

gdi32.dll

Question 18

Logs

__ log= contains events logged by programs.

3rd party

Answer 18

Application Log

Question 19

Windows Registry

The registry is read during the following 3 times:

Answer 19

Boot Process
Application Startup
User Login

Question 20

Data Types

Most common value type consisting of 32-bit numbers expressed in decimal or hexadecimal.

Answer 20

REG_DWORD

Question 21

Master Keys

Contains a SID sub key for all loaded user profiles. Profile environment settings are stored in each users ntuser.dat file and are loaded at logon.

Answer 21

HKEY_USERS

HKU

Question 22

Security Policy

Ability of an account to perform a particular system related operation.

Shut down, back up, file ownership, etc

Answer 22

Prívela he’s

Question 23

Domain Controller Logs

___ log= contains information about replication events including changes to SYSVOL.

Answer 23

File Replication Service

Question 24

Domain information is maintained by a centralized database known as _ _.

Answer 24

Active Directory

Question 25

Subsystem DLLs

Part of an advanced API library including several for security and registry calls. Phasing our with 6.1 architectures.

Answer 25

advapi32.dll

Question 26

Windows Architecture

Protects itself from internal malfunctions and faulty applications.

Answer 26

Reliability

Question 27

SID

S-1-5-__ =

Local System
Service Account

Answer 27

18

Question 28

Windows Architecture

Code written for adaptability and change to meet ever changing market demands.

Answer 28

Extensibility

Question 29

Windows Registry

3 derived keys are:

Answer 29

HKEY_CLASSES_ROOT (HKCR)
HKEY_CURRENT_USER (HKCU)
HKEY_CURRENT_CONFIG (HKCC)

Question 30

Windows Accounts

Controlled by the OS and provide the account identifier information for services.

Answer 30

Service Account

Question 31

HKLM Subkeys

HKLM\___= contains cached logins and local security policy.

Answer 31

HKLM\SECURITY

Question 32

HKLM Subkeys

HKLM\___= contains local account information as well as password values.

Answer 32

HKLM\SAM

Question 33

Data Types

A fixed-length text string

Answer 33

REG_SZ

Question 34

Package of PS commands consisting of cmdlets, functions, and aliases.

Answer 34

Module

Question 35

CL Registry

Displays object value

Answer 35

Reg query

Question 36

Derived Keys

Contains user profile environment settings of the interactively logged in user. Derived from HKU\SID.

Answer 36

HKEY_CURRENT_USER

HKCU

Question 37

HKLM Subkeys

HKLM\___= contains control sets from which HKCC is derived.

Answer 37

HKLM\SYSTEM

Question 38

Domain Controllers Logs

_ _ log = contains events logged by active directory. Enabled when active directory is loaded.

Answer 38

Directory Service

Question 39

SID

S-1-5-_=

Network Service
Service Account

Answer 39

20

Question 40

Windows Registry

_ _= Microsoft guidelines direct that 3rd party programs install specific application settings in the following key and its subkeys:
HKLM\Software\

Answer 40

Application Startup

Question 41

SID

S-1-5-__=

Local Service
Service Account

Answer 41

19

Question 42

HKLM Subkeys System

Control set the booted

Answer 42

ControlSet001

Question 43

Auditing POPPSALAD

When a user accessed a directory service object with a SACL.

Domain Objects.

Answer 43

Directory Service Access

Question 44

HKLM Subkeys

HKLM\___= contains a collection of subkeys for various installed components and programs.

Answer 44

HKLM\SOFTWARE

Question 45

Windows Accounts

__ Account = a collection of information used by the system determining accessed and privileges.

Answer 45

User Accounts

Question 46

Derived Keys

Used to associate file types with programs that are used to open them. Derived from HKLM and HKU.

Answer 46

HKEY_CLASSES_ROOT

HKCR

Question 47

Contains all domain accounts and other domain resource information.

Answer 47

Domain Controller