Difficult notes for memorization

Question 1

BOOTMGFW

Answer 1

The GUID partition table (GPT) identifies a System Partition. The system partition contains the boot manager and the boot configuration data (BCD). Each Windows installation has a subfolder under \EFI\Microsoft\ that contains a BCD and BOOTMGFW.EFI.

Question 2

BOOTMGR

Answer 2

During boot, the master boot record (MBR) identifies the boot sector for the partition marked as active. The boot sector loads the boot manager, which for Windows is BOOTMGR.EXE.

Question 3

NTOSKRNL

Answer 3

The Windows boot manager loads the Windows boot loader WINLOAD.EXE stored in the system root folder on the boot partition. The process then loads the kernel (NTOSKRNL.EXE).

Question 4

HAL

Answer 4

In a Windows system, the hardware abstraction layer (HAL.DLL) is loaded during the WINLOAD boot process.

Question 5

POSIX

Answer 5

POSIX (Portable Operating System Interface) is a set of common interface standards designed to facilitate compatibility between different operating systems, including but not limited to Unix-like systems and Windows. Ensuring POSIX compliance allows a Windows system, using NTFS, to interact more seamlessly with a Linux system.

Question 6

Indexing

Answer 6

Indexing compliance is a useful feature for managing and accessing data on a system, but it does not directly facilitate compatibility between different operating systems like POSIX compliance does.

Question 7

Journaling

Answer 7

Journaling compliance is an important feature for data integrity and reliability, it is not related to compatibility between operating systems.

Question 8

Snapshots

Answer 8

Like indexing and journaling, snapshot compliance helps in managing and protecting data, but does not contribute to the interoperability of different operating systems.

Question 9

devmgmt.msc

Answer 9

The Device Manager (devmgmt.msc) console allows administrators to view, edit, and troubleshoot the properties of installed hardware, update drivers, and remove or disable devices.

Question 10

diskmgmt.msc

Answer 10

The Disk Management (diskmgmt.msc) console displays a summary of any fixed and removable disks.

Question 11

dfrgui.exe

Answer 11

The Defragment and Optimize Drives tool (dfrgui.exe) runs various operations to speed up the performance of hard disk drives (HDDs) and solid-state drives (SSDs).

Question 12

lusrmgr.msc

Answer 12

The Local Users and Groups (lusrmgr.msc) console provides administrators with an advanced interface for creating, modifying, disabling, and deleting user accounts. This console is also useful for resetting the password for an account.

Question 13

Duress

Answer 13

A duress alarm is triggered manually and could be implemented as a wireless pendant, concealed sensor or trigger, or call contact.

Question 14

Circuit

Answer 14

A circuit-based alarm sounds when the circuit is opened or closed, depending on the type of alarm. This could be caused by a door opening or by a fence being cut.

Question 15

Motion

Answer 15

A motion-based alarm is linked to a detector triggered by movement within a room or other area. The sensors in these detectors are either microwave radio reflection or passive infrared (PIR)

Question 16

Proximity

Answer 16

Proximity alarms use radio frequency ID (RFID) tags and readers that can be used to track the movement of tagged objects within an area.

Question 17

RAT

Answer 17

A remote access Trojan (RAT) is malware that, once installed, allows the threat actor to access the PC, upload/exfiltrate data files, and install additional malware tools.

Question 18

Implicit Deny

Answer 18

Implicit deny means that unless there is a rule specifying that access should be granted, any request for access is denied.

Question 19

Explicit Deny

Answer 19

Explicit deny means that a specific rule is created that denies any access to a system or service.

Question 20

Windows subsystem for Linux (WSL)

Answer 20

Windows subsystem for Linux (WSL) allows the installation of a Linux distribution and the use of Linux applications.

Question 21

autorun.inf

Answer 21

In a legacy versions of Windows, an inserted disk (USB or optical) would automatically run commands defined in an autorun.inf file stored in the root of the drive.

Question 22

Execution control

Answer 22

Execution control refers to logical security technologies designed to prevent malicious software from running on a host regardless of what the user account privileges allow.

Question 23

Port Forwarding

Answer 23

Port forwarding means that the router takes a request from a host for a particular service and sends the request to another designated host.

Question 24

Port Triggering

Answer 24

Port triggering is used with applications that require more than one port. When a firewall detects activity on outbound port A, it opens inbound access for the external IP address on port B for a set period.

Question 25

Resistance

Answer 25

A resistor creates resistance. Resistance is the degree of opposition to the current caused by characteristics of the conductor and is measured in ohms.

Question 26

Current

Answer 26

Electricity flows in a circuit. Current is the amount of charge flowing through a conductor, measured in amps (A or I).

Question 27

Voltage

Answer 27

A circuit is made when conductors form a continuous path between the positive and negative terminals of a power source. Voltage is the potential difference between two points.

Question 28

Watts

Answer 28

A watt is a measure of electrical power. Components such as power supplies and add-on cards are usually rated by how many watts are required or provided.

Question 29

Port 3389

Answer 29

The Remote Desktop Protocol on a Windows workstation or server runs on TCP port 3389 by default but can be changed to another port.

Question 30

Port 22

Answer 30

Secure Shell (SSH) is a remote access protocol, but it connects to a command interpreter rather than a desktop window manager. SSH uses TCP port 22 (by default)

Question 31

Port 5900

Answer 31

Virtual Network Computing (VNC) is a freeware product with similar functionality to the Remote Desktop Protocol (RDP). It works over TCP port 5900.

Question 32

Port 443

Answer 32

Remote connection tools include TeamViewer and LogMeIn. Like Windows Quick Assist, these products are designed to work over HTTPS (TCP/443) across the internet.

Question 33

Simultaneous Authentication of Equals mechanism

Answer 33

Simultaneous Authentication of Equals (SAE) in WPA3 replaces the 4-way handshake in WPA2. The 4-way handshake mechanism is vulnerable to manipulations that allow a threat actor to recover the key.

Question 34

AES Galois Counter Mode Protocol mode

Answer 34

WPA3 replaces Advanced Encryption Standard Counter Mode with Cipher Block Chaining Message Authentication Code Protocol with the stronger AES Galois Counter Mode Protocol (GCMP) mode of operation.

Question 35

Rivest Cipher 4 (RC4)

Answer 35

WPA2 uses the Advanced Encryption Standard (AES) cipher deployed within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). AES replaces RC4 and CCMP replaces TKIP.

Question 36

4-way handshake association

Answer 36

WPA2 uses a 4-way handshake to allow a station to associate with an access point, authenticate its credential, and exchange a key to use for data encryption.

Question 37

Batch Script

Answer 37

A shell script written for the basic Windows CMD interpreter is often described as a batch script. A batch script would be the simplest way to create the script.

Question 38

Powershell

Answer 38

Windows PowerShell (PS) combines a script language with hundreds of prebuilt modules called cmdlets that can access and change most components and features of Windows and Active Directory.

Question 39

VBscript

Answer 39

VBScript is a scripting language based on Microsoft’s Visual Basic programming language. VBScript predates PowerShell.

Question 40

Python

Answer 40

Python is a general-purpose scripting and programming language that can be used to develop both automation scripts and software apps. A Python project can either be run via an interpreter or compiled as a binary executable.

Question 41

RADIUS

Answer 41

Remote Authentication Dial-in User Service (RADIUS) is one way of implementing the AAA server when configuring enterprise authentication. The firewall is configured as a client of the RADIUS server.

Question 42

TACACS+

Answer 42

Terminal Access Controller Access Control System Plus (TACACS+) is a way of implementing AAA and is often used in authenticating administrative access to routers and switches.

Question 43

Kerberos

Answer 43

On Windows networks, Kerberos is a protocol that allows a user account to authenticate to a domain controller (DC) over a trusted local cabled segment.

Question 44

How many bits long is an IPv6 address in total, and how many bits identify the host portion?

Answer 44

In IPv6, the address is 128 bits long and the network prefixes are used to identify logical networks within the first 64 bits. IPv6 uses hexadecimal values for notation.

Question 45

How many bits long is an IPv4 address in total?

Answer 45

In IPv4, the 32-bit address is combined with a 32-bit subnet mask, both of which are typically entered in dotted decimal notation.

Question 46

Time Drift

Answer 46

Processes such as authentication and backup depend on the time reported by the local PC being closely synchronized to the time kept by a server.

Question 47

Incident Documentation

Answer 47

Documenting the scene of an incident is important; using photographs and ideally video and audio. Investigators must record every action they take.

Question 48

Non-Writeable Optical Disk

Answer 48

Historically, most attended installations were run by booting from optical media (CD-ROM or DVD). As updates for the operating system and drivers become available, optical media will become quickly dated because ongoing updates cannot be added to the installation disc.

Question 49

Latent Evidence

Answer 49

Digital evidence is mostly latent. Latent means that the evidence cannot be seen with the naked eye; rather, it must be interpreted using a machine or process.

Question 50

Internet-based (Booting)

Answer 50

A computer that supports network boot could also be configured to boot to set up over the internet. In this scenario, the local network’s DHCP server must be configured to supply the DNS name of the installation server.

Question 51

API

Answer 51

An application programming interface (API) is a method used by developers to integrate custom-developed software with other software applications.

Question 52

Recovery Partition

Answer 52

A factory recovery partition is a tool used by the original equipment manufacturers (OEMs) to restore the OS environment to its ship state. The recovery partition is created on the internal fixed drive.

Question 53

Windows Refresh

Answer 53

Windows supports refresh and reset options to try to repair the installation. Using refresh recopies the system files and reverts most system settings to the default but can preserve user personalization settings, data files, and apps installed via Windows Store.

Question 54

Clean Install

Answer 54

A clean install of the operating system is an installation option where no previous operating system will be repaired.

Question 55

/?

Answer 55

When used with a particular command, lists the syntax and switches used for the command.

Question 56

• (asterisk)

Answer 56

The * (asterisk) is a wildcard character that you can use to indicate a string of characters

Question 57

w/

Answer 57

when used with dir command, can be used to list files using a wide format with no details

Question 58

Inbound filtering

Answer 58

Inbound filtering determines whether remote hosts can connect to given TCP/UDP ports on internal hosts that are behind a firewall or router.

Question 58

Screened subnet

Answer 58

In an enterprise network, a screened subnet is a means of establishing a more secure configuration. The idea of a screened subnet is that some hosts are placed in a separate network segment.

Question 59

% disk time

Answer 59

The % disk time metric is the percentage of elapsed time that the selected disk drive is busy servicing read or write requests.

Question 60

Average disk queue length

Answer 60

The average disk queue length is the number of requests outstanding on the disk at the time the performance data is collected.

Question 61

Available bytes

Answer 61

The available bytes metric is a memory metric. It represents the amount of memory available, which should not be below 10% of the total system memory.

Question 62

Pages/sec

Answer 62

The pages/sec value is a memory metric. This represents the number of pages read from or written to disk to resolve hard page faults.

Question 63

Radio Frequency

Answer 63

With proximity sensors, radio frequency ID (RFID) tags and readers can be used to track the movement of tagged objects within an area.

Question 64

Passive Infrared

Answer 64

A security mechanism might use passive infrared (PIR) technology. This technology uses temperature and can detect moving heat sources.

Question 65

Microwave radio

Answer 65

The sensors in microwave radio security devices use detectors. These detectors may use reflection, such as those used in radar for example.

Question 66

Concealed sensor

Answer 66

A duress alarm is manually triggered and could be implemented as a wireless pendant or concealed sensor or button. The alarm is triggered like a panic button.

Question 67

Concurrent Logins

Answer 67

Concurrent logins set a limit to the number of simultaneous sessions a user can open. Most users should only need to sign in to one computer at a time.

Question 68

Use timeout

Answer 68

Use timeout/screen lock will lock the desktop if the system detects no user-input device activity. This is a sensible, additional layer of protection.

Question 69

Perform a soft reset

Answer 69

A soft reset is usually effective in restoring unresponsive or frozen systems and is one of the first things to try when faced with a malfunctioning app or slow performance.

Question 70

stdin

Answer 70

In a Linux distribution with no graphical user interface, a terminal interface is used. The default shell command interpreter uses the stream stdin (0) for the user’s keyboard input.

Question 71

stderr

Answer 71

A terminal shell is often used in Linux and working at a terminal is referred to as using a shell interactively. Any errors in a terminal stream are identified by stderr (2).

Question 72

std

Answer 72

In Linux, communication within a shell is identified by streams and std refers to a standard stream that is further categorized as stdin, stdout, and stderr.

Question 73

stdout

Answer 73

A Linux terminal is connected by a teletype (tty) device that handles text output. The stdout (1) stream reads data from a shell from the tty device and displays it through the terminal.

Question 74

Transparent Proxy

Answer 74

A proxy server can improve both performance and security. A transparent proxy does not require any client configuration as the server handles the appropriate settings.

Question 75

Intercepting Proxy

Answer 75

Some networks use a proxy to provide network connectivity. An intercepting proxy does not require that each client is individually configured.

Question 76

Manual Proxy

Answer 76

With a manual proxy, each client must be configured with the IP address and TCP port to use to forward traffic via the proxy.

Question 77

Autoconfiguring Proxy

Answer 77

Proxy server settings can be done via Network and internet settings on a Windows client. This includes a fully manual option to input proxy settings or to automatically detect proxy settings. Whichever setting is used, it would still have to be configured on the client itself.

Question 78

Idle Debugger

Answer 78

IDLE is the Python Integrated Development and Learning Environment. While IDLE does have a debugger, it is for Python scripts, not Windows issues.