Fundamentals of Cyber security Operations - Week 2 Flashcards
Which software is used for exploring processes in Windows ?
SysInternals Suite , process explorer
What is thread ?
A thread is a unit of execution in process
What is an handle ?
A handle is an abstract reference to memory block or objects managed by an Operating System
How to view handles of a process ?
We have to use sysinternals processexplorer tool , Navigate to view, then lower pane view
What is an Windows registry ?
The windows registry is a hierarchical database that stores most of the operating systems and Desktop Environment configuration settings
How to open registry editor
In search window , search for regedit
How many hives are in registry editor
Total 5 hives are in registry editor
Which Registry hive stores hardware information use at boot-up ?
HKEY_CURRENT_CONFIG
Which registry hive store settings and configurations for all users
HKEY_USERS
Which registry hive Store local computer configuration
HKEY_LOCAL_MACHINE
Which registry Hive stores settings and configuration of current user
HKEY_CURRENT_USER
How to change a end user licence agreement key value of process Explorer.
Click to select Process Explorer in HKEY_CURRENT_USER > Software > Sysinternals > Process Explorer. Scroll down to locate the key EulaAccepted.
Change the 1 to 0 for Value data. The value of 0 indicates that the EULA was not accepted. Click OK to continue.
Which tool is used in Windows to write automated scripts ?
Powershell
How to know the alias of commands in PowerShell ?
Get-Alias dir
Which command is used in PowerShell to see live network traffic.
netstat
How to display routing table in PowerSwell ?
netstat -r
How to empty Recycle bin using powershell ?
Open PowerShell & type clear-recyclebin
Types of Memory for processes in Windows
There are two main types of memory usage:
1. working set
2.private working set.
The private working set is the amount of memory used by a process that cannot be shared among other processes, while working set includes the memory shared by other processes.
What is an Task Manager ?
The Task Manager is a system monitor program that provides information about the processes and programs running on a computer. It also allows the termination of processes and programs and modification of process priority.
How to open System Logs in Event Viewer ?
Computer Management >System Tools > Windows Log >System
When was vi editor is created ?
vi editor is created in 1976
What are the updated version of vi editor?
vim is the person of vi editor
Which file contains configuration settings of user terminal
bashrc contains configuration for the terminal
Which configuration file is responsible to define the prompt structure of the prompt displayed by the terminal
bashrc file
For example, the line PS1=’[\e[1;32m][\u@\h \W]$[\e[0m]
Which directory contains configuration files related to system wide services ?
/etc
What is the name of text editor in arch linux ?
SciTE
What is the name of light weight web server in arch linux?
nginx
how to kill a program nginx in arch linux ?
pkill nginx
How to search a command in man ?
man -k grep
What means single . dot with cd ?
It means present working directory
What is the CDN of Amazon Web Services
Amazon CloudFront
What is command to display process running in background ?
ps -elf
What is command to display current running process hierarchy ?
ps - ejH
What is the default port of telnet
tcp port 23
Why we not use telnet ?
Telnet will transmit data in clear text, it does not provide encryption
How to exit from telnet ?
What is systemd in Linux ?
Systemd is a modern init system
What is init system ?
An init system is a set of rules and conventions governing the way the user space in a given Linux system is created and made available to the user. Init systems also specify system-wide parameters such as global configuration files, logging structure and service management.
When init process starts
init process start at boot time .
Which is the first process of Linux System
In Linux, the init process is the first process loaded when the computer boots. Init is directly or indirectly, the parent of all processes running on the system. It is started by the kernel at boot time and continues to run until the computer shuts down. Typically, init has the process ID 1
Which process has the process ID 1
I init process has the process ID 1
Which is the event logging service of systemd
system-journald or journald
What do you mean by mounting a filesystem ?
Mounting a file system means make it accessible to operating system.
Mounting a file system is a process of linking the physical partition on the block device(Hard Didk, SSD, pendrive etc) to a directory
What is a Mount point ?
Mount point is the directory where a file system is linked ?
What are the different types of file systems in Linux ?
ext3, ext4
What is the example of block device ?
Hard Didk, SSD, pendrive etc
In which file system Linux operating system is stored ?
Linux operating system is stored in root filesystem
In which format will chmod command takes permissions ?
The chmod command take permission in the octal format (0-7 video)
In that way, a breakdown of the 665 is as follows:
6 in octal is 110 in binary. Assuming each position of the permissions of a file can be 1 or 0, 110 means rw- (read=1, write=1 and execute=0).
Therefore, the chmod 665 myFile.txt command changes the permissions to:
Owner: rw- (6 in octal or 110 in binary)
Group: rw- (6 in octal or 110 in binary)
Other: r-x (5 in octal or 101 in binary)
What are the three types of Linux permissions?
Three Types of Linux permissions are, 4 2 1 read write execute
Read = 4
write= 2
Execute = 1
What is Setuid, setgid, and the sticky bit ?
setuid: a bit that makes an executable run with the privileges of the owner of the file
setgid: a bit that makes an executable run with the privileges of the group of the file
sticky bit: a bit set on directories that allows only the owner or root can delete files and subdirectories
https://www.cbtnuggets.com/blog/technology/system-admin/linux-file-permissions-understanding-setuid-setgid-and-the-sticky-bit
Why some commands required root privileges to execute ?
Some command requires root privileges to execute because , setuid & setgid is used. It means an executable run only with the privileges of the owner of the file.
How many bits are reserved for permissions in file & directories
Total 9 bits are reserved for files and directories to set permissions
rwx rwx rwx
3 + 3 + 3
What is the difference between file and directory permission ?
Execution bit in files and directories means different. Executive power file to
A file with the execution bit set is an executable script or program.
A directory with the execution bit set specifies whether a user can enter that directory.
How many types of files are in Linux ?
There are three types of files in Linux,
1. Regular files
2. Directory files
3. Special files
How regular file denoted by LS command ?
regular file denoted by “ - “
How directory files denoted by LS command ?
Directory files denoted by “d”
How many types of special files in Linux ?
We have five types of special files in Linux,
1. Block Files
2. Character device files
3. Pipe files
4. Symbolic Link files
5. Socket Files
How block files are denoted by LS command ?
Block files are denoted by “b”
How character files are denoted by LS command ?
Character files are denoted by “c”
How pipe file are denoted by ls commands ?
Pipe files are denoted by “p”
How Symbolic link files are denoted by LS command ?
Symbolic links files are denoted by “ l “
How socket files are denoted by ls command ?
Socket files are denoted by “s”
Where we find all types of files ?
In /dev/ we find all three types of files.
How many types of links in Linux ?
In Linux we have two types of links,
1. Symbolic Links chij Hai Ki
2. Hard links
How many minimum sub-drectory counts are in a directory, while using ls command ?
Minimum count is two . & .. ,
. is for itself
. . is for going to parent directory
If we rename the file , then what happenes to its symbolic links ?
Symbolic links are no longer accessible , but they listed by ls command .
