Difficult notes for memorization Flashcards

1
Q

BOOTMGFW

A

The GUID partition table (GPT) identifies a System Partition. The system partition contains the boot manager and the boot configuration data (BCD). Each Windows installation has a subfolder under \EFI\Microsoft\ that contains a BCD and BOOTMGFW.EFI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

BOOTMGR

A

During boot, the master boot record (MBR) identifies the boot sector for the partition marked as active. The boot sector loads the boot manager, which for Windows is BOOTMGR.EXE.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

NTOSKRNL

A

The Windows boot manager loads the Windows boot loader WINLOAD.EXE stored in the system root folder on the boot partition. The process then loads the kernel (NTOSKRNL.EXE).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

HAL

A

In a Windows system, the hardware abstraction layer (HAL.DLL) is loaded during the WINLOAD boot process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

POSIX

A

POSIX (Portable Operating System Interface) is a set of common interface standards designed to facilitate compatibility between different operating systems, including but not limited to Unix-like systems and Windows. Ensuring POSIX compliance allows a Windows system, using NTFS, to interact more seamlessly with a Linux system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Indexing

A

Indexing compliance is a useful feature for managing and accessing data on a system, but it does not directly facilitate compatibility between different operating systems like POSIX compliance does.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Journaling

A

Journaling compliance is an important feature for data integrity and reliability, it is not related to compatibility between operating systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Snapshots

A

Like indexing and journaling, snapshot compliance helps in managing and protecting data, but does not contribute to the interoperability of different operating systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

devmgmt.msc

A

The Device Manager (devmgmt.msc) console allows administrators to view, edit, and troubleshoot the properties of installed hardware, update drivers, and remove or disable devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

diskmgmt.msc

A

The Disk Management (diskmgmt.msc) console displays a summary of any fixed and removable disks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

dfrgui.exe

A

The Defragment and Optimize Drives tool (dfrgui.exe) runs various operations to speed up the performance of hard disk drives (HDDs) and solid-state drives (SSDs).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

lusrmgr.msc

A

The Local Users and Groups (lusrmgr.msc) console provides administrators with an advanced interface for creating, modifying, disabling, and deleting user accounts. This console is also useful for resetting the password for an account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Duress

A

A duress alarm is triggered manually and could be implemented as a wireless pendant, concealed sensor or trigger, or call contact.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Circuit

A

A circuit-based alarm sounds when the circuit is opened or closed, depending on the type of alarm. This could be caused by a door opening or by a fence being cut.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Motion

A

A motion-based alarm is linked to a detector triggered by movement within a room or other area. The sensors in these detectors are either microwave radio reflection or passive infrared (PIR)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Proximity

A

Proximity alarms use radio frequency ID (RFID) tags and readers that can be used to track the movement of tagged objects within an area.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

RAT

A

A remote access Trojan (RAT) is malware that, once installed, allows the threat actor to access the PC, upload/exfiltrate data files, and install additional malware tools.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Implicit Deny

A

Implicit deny means that unless there is a rule specifying that access should be granted, any request for access is denied.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Explicit Deny

A

Explicit deny means that a specific rule is created that denies any access to a system or service.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Windows subsystem for Linux (WSL)

A

Windows subsystem for Linux (WSL) allows the installation of a Linux distribution and the use of Linux applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

autorun.inf

A

In a legacy versions of Windows, an inserted disk (USB or optical) would automatically run commands defined in an autorun.inf file stored in the root of the drive.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Execution control

A

Execution control refers to logical security technologies designed to prevent malicious software from running on a host regardless of what the user account privileges allow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Port Forwarding

A

Port forwarding means that the router takes a request from a host for a particular service and sends the request to another designated host.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Port Triggering

A

Port triggering is used with applications that require more than one port. When a firewall detects activity on outbound port A, it opens inbound access for the external IP address on port B for a set period.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Resistance

A

A resistor creates resistance. Resistance is the degree of opposition to the current caused by characteristics of the conductor and is measured in ohms.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Current

A

Electricity flows in a circuit. Current is the amount of charge flowing through a conductor, measured in amps (A or I).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Voltage

A

A circuit is made when conductors form a continuous path between the positive and negative terminals of a power source. Voltage is the potential difference between two points.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

Watts

A

A watt is a measure of electrical power. Components such as power supplies and add-on cards are usually rated by how many watts are required or provided.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

Port 3389

A

The Remote Desktop Protocol on a Windows workstation or server runs on TCP port 3389 by default but can be changed to another port.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Port 22

A

Secure Shell (SSH) is a remote access protocol, but it connects to a command interpreter rather than a desktop window manager. SSH uses TCP port 22 (by default)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

Port 5900

A

Virtual Network Computing (VNC) is a freeware product with similar functionality to the Remote Desktop Protocol (RDP). It works over TCP port 5900.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

Port 443

A

Remote connection tools include TeamViewer and LogMeIn. Like Windows Quick Assist, these products are designed to work over HTTPS (TCP/443) across the internet.

33
Q

Simultaneous Authentication of Equals mechanism

A

Simultaneous Authentication of Equals (SAE) in WPA3 replaces the 4-way handshake in WPA2. The 4-way handshake mechanism is vulnerable to manipulations that allow a threat actor to recover the key.

34
Q

AES Galois Counter Mode Protocol mode

A

WPA3 replaces Advanced Encryption Standard Counter Mode with Cipher Block Chaining Message Authentication Code Protocol with the stronger AES Galois Counter Mode Protocol (GCMP) mode of operation.

35
Q

Rivest Cipher 4 (RC4)

A

WPA2 uses the Advanced Encryption Standard (AES) cipher deployed within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). AES replaces RC4 and CCMP replaces TKIP.

36
Q

4-way handshake association

A

WPA2 uses a 4-way handshake to allow a station to associate with an access point, authenticate its credential, and exchange a key to use for data encryption.

37
Q

Batch Script

A

A shell script written for the basic Windows CMD interpreter is often described as a batch script. A batch script would be the simplest way to create the script.

38
Q

Powershell

A

Windows PowerShell (PS) combines a script language with hundreds of prebuilt modules called cmdlets that can access and change most components and features of Windows and Active Directory.

39
Q

VBscript

A

VBScript is a scripting language based on Microsoft’s Visual Basic programming language. VBScript predates PowerShell.

40
Q

Python

A

Python is a general-purpose scripting and programming language that can be used to develop both automation scripts and software apps. A Python project can either be run via an interpreter or compiled as a binary executable.

41
Q

RADIUS

A

Remote Authentication Dial-in User Service (RADIUS) is one way of implementing the AAA server when configuring enterprise authentication. The firewall is configured as a client of the RADIUS server.

42
Q

TACACS+

A

Terminal Access Controller Access Control System Plus (TACACS+) is a way of implementing AAA and is often used in authenticating administrative access to routers and switches.

43
Q

Kerberos

A

On Windows networks, Kerberos is a protocol that allows a user account to authenticate to a domain controller (DC) over a trusted local cabled segment.

44
Q

How many bits long is an IPv6 address in total, and how many bits identify the host portion?

A

In IPv6, the address is 128 bits long and the network prefixes are used to identify logical networks within the first 64 bits. IPv6 uses hexadecimal values for notation.

45
Q

How many bits long is an IPv4 address in total?

A

In IPv4, the 32-bit address is combined with a 32-bit subnet mask, both of which are typically entered in dotted decimal notation.

46
Q

Time Drift

A

Processes such as authentication and backup depend on the time reported by the local PC being closely synchronized to the time kept by a server.

47
Q

Incident Documentation

A

Documenting the scene of an incident is important; using photographs and ideally video and audio. Investigators must record every action they take.

48
Q

Non-Writeable Optical Disk

A

Historically, most attended installations were run by booting from optical media (CD-ROM or DVD). As updates for the operating system and drivers become available, optical media will become quickly dated because ongoing updates cannot be added to the installation disc.

49
Q

Latent Evidence

A

Digital evidence is mostly latent. Latent means that the evidence cannot be seen with the naked eye; rather, it must be interpreted using a machine or process.

50
Q

Internet-based (Booting)

A

A computer that supports network boot could also be configured to boot to set up over the internet. In this scenario, the local network’s DHCP server must be configured to supply the DNS name of the installation server.

51
Q

API

A

An application programming interface (API) is a method used by developers to integrate custom-developed software with other software applications.

52
Q

Recovery Partition

A

A factory recovery partition is a tool used by the original equipment manufacturers (OEMs) to restore the OS environment to its ship state. The recovery partition is created on the internal fixed drive.

53
Q

Windows Refresh

A

Windows supports refresh and reset options to try to repair the installation. Using refresh recopies the system files and reverts most system settings to the default but can preserve user personalization settings, data files, and apps installed via Windows Store.

54
Q

Clean Install

A

A clean install of the operating system is an installation option where no previous operating system will be repaired.

55
Q

/?

A

When used with a particular command, lists the syntax and switches used for the command.

56
Q
  • (asterisk)
A

The * (asterisk) is a wildcard character that you can use to indicate a string of characters

57
Q

w/

A

when used with dir command, can be used to list files using a wide format with no details

58
Q

Inbound filtering

A

Inbound filtering determines whether remote hosts can connect to given TCP/UDP ports on internal hosts that are behind a firewall or router.

58
Q

Screened subnet

A

In an enterprise network, a screened subnet is a means of establishing a more secure configuration. The idea of a screened subnet is that some hosts are placed in a separate network segment.

59
Q

% disk time

A

The % disk time metric is the percentage of elapsed time that the selected disk drive is busy servicing read or write requests.

60
Q

Average disk queue length

A

The average disk queue length is the number of requests outstanding on the disk at the time the performance data is collected.

61
Q

Available bytes

A

The available bytes metric is a memory metric. It represents the amount of memory available, which should not be below 10% of the total system memory.

62
Q

Pages/sec

A

The pages/sec value is a memory metric. This represents the number of pages read from or written to disk to resolve hard page faults.

63
Q

Radio Frequency

A

With proximity sensors, radio frequency ID (RFID) tags and readers can be used to track the movement of tagged objects within an area.

64
Q

Passive Infrared

A

A security mechanism might use passive infrared (PIR) technology. This technology uses temperature and can detect moving heat sources.

65
Q

Microwave radio

A

The sensors in microwave radio security devices use detectors. These detectors may use reflection, such as those used in radar for example.

66
Q

Concealed sensor

A

A duress alarm is manually triggered and could be implemented as a wireless pendant or concealed sensor or button. The alarm is triggered like a panic button.

67
Q

Concurrent Logins

A

Concurrent logins set a limit to the number of simultaneous sessions a user can open. Most users should only need to sign in to one computer at a time.

68
Q

Use timeout

A

Use timeout/screen lock will lock the desktop if the system detects no user-input device activity. This is a sensible, additional layer of protection.

69
Q

Perform a soft reset

A

A soft reset is usually effective in restoring unresponsive or frozen systems and is one of the first things to try when faced with a malfunctioning app or slow performance.

70
Q

stdin

A

In a Linux distribution with no graphical user interface, a terminal interface is used. The default shell command interpreter uses the stream stdin (0) for the user’s keyboard input.

71
Q

stderr

A

A terminal shell is often used in Linux and working at a terminal is referred to as using a shell interactively. Any errors in a terminal stream are identified by stderr (2).

72
Q

std

A

In Linux, communication within a shell is identified by streams and std refers to a standard stream that is further categorized as stdin, stdout, and stderr.

73
Q

stdout

A

A Linux terminal is connected by a teletype (tty) device that handles text output. The stdout (1) stream reads data from a shell from the tty device and displays it through the terminal.

74
Q

Transparent Proxy

A

A proxy server can improve both performance and security. A transparent proxy does not require any client configuration as the server handles the appropriate settings.

75
Q

Intercepting Proxy

A

Some networks use a proxy to provide network connectivity. An intercepting proxy does not require that each client is individually configured.

76
Q

Manual Proxy

A

With a manual proxy, each client must be configured with the IP address and TCP port to use to forward traffic via the proxy.

77
Q

Autoconfiguring Proxy

A

Proxy server settings can be done via Network and internet settings on a Windows client. This includes a fully manual option to input proxy settings or to automatically detect proxy settings. Whichever setting is used, it would still have to be configured on the client itself.

78
Q

Idle Debugger

A

IDLE is the Python Integrated Development and Learning Environment. While IDLE does have a debugger, it is for Python scripts, not Windows issues.