Fundamentals of Cyber security Operations - Week 2

Question 1

Which software is used for exploring processes in Windows ?

Answer 1

SysInternals Suite , process explorer

Question 2

What is thread ?

Answer 2

A thread is a unit of execution in process

Question 3

What is an handle ?

Answer 3

A handle is an abstract reference to memory block or objects managed by an Operating System

Question 4

How to view handles of a process ?

Answer 4

We have to use sysinternals processexplorer tool , Navigate to view, then lower pane view

Question 5

What is an Windows registry ?

Answer 5

The windows registry is a hierarchical database that stores most of the operating systems and Desktop Environment configuration settings

Question 6

How to open registry editor

Answer 6

In search window , search for regedit

Question 7

How many hives are in registry editor

Answer 7

Total 5 hives are in registry editor

Question 8

Which Registry hive stores hardware information use at boot-up ?

Answer 8

HKEY_CURRENT_CONFIG

Question 9

Which registry hive store settings and configurations for all users

Answer 9

HKEY_USERS

Question 10

Which registry hive Store local computer configuration

Answer 10

HKEY_LOCAL_MACHINE

Question 11

Which registry Hive stores settings and configuration of current user

Answer 11

HKEY_CURRENT_USER

Question 12

How to change a end user licence agreement key value of process Explorer.

Answer 12

Click to select Process Explorer in HKEY_CURRENT_USER > Software > Sysinternals > Process Explorer. Scroll down to locate the key EulaAccepted.
Change the 1 to 0 for Value data. The value of 0 indicates that the EULA was not accepted. Click OK to continue.

Question 13

Which tool is used in Windows to write automated scripts ?

Answer 13

Powershell

Question 14

How to know the alias of commands in PowerShell ?

Answer 14

Get-Alias dir

Question 15

Which command is used in PowerShell to see live network traffic.

Answer 15

netstat

Question 16

How to display routing table in PowerSwell ?

Answer 16

netstat -r

Question 17

How to empty Recycle bin using powershell ?

Answer 17

Open PowerShell & type clear-recyclebin

Question 18

Types of Memory for processes in Windows

Answer 18

There are two main types of memory usage:
1. working set
2.private working set.
The private working set is the amount of memory used by a process that cannot be shared among other processes, while working set includes the memory shared by other processes.

Question 19

What is an Task Manager ?

Answer 19

The Task Manager is a system monitor program that provides information about the processes and programs running on a computer. It also allows the termination of processes and programs and modification of process priority.

Question 20

How to open System Logs in Event Viewer ?

Answer 20

Computer Management >System Tools > Windows Log >System

Question 21

When was vi editor is created ?

Answer 21

vi editor is created in 1976

Question 22

What are the updated version of vi editor?

Answer 22

vim is the person of vi editor

Question 23

Which file contains configuration settings of user terminal

Answer 23

bashrc contains configuration for the terminal

Question 24

Which configuration file is responsible to define the prompt structure of the prompt displayed by the terminal

Answer 24

bashrc file
For example, the line PS1=’[\e[1;32m][\u@\h \W]$[\e[0m]

Question 25

Which directory contains configuration files related to system wide services ?

Answer 25

/etc

Question 26

What is the name of text editor in arch linux ?

Answer 26

SciTE

Question 27

What is the name of light weight web server in arch linux?

Answer 27

nginx

Question 28

how to kill a program nginx in arch linux ?

Answer 28

pkill nginx

Question 29

How to search a command in man ?

Answer 29

man -k grep

Question 30

What means single . dot with cd ?

Answer 30

It means present working directory

Question 31

What is the CDN of Amazon Web Services

Answer 31

Amazon CloudFront

Question 32

What is command to display process running in background ?

Answer 32

ps -elf

Question 33

What is command to display current running process hierarchy ?

Answer 33

ps - ejH

Question 34

What is the default port of telnet

Answer 34

tcp port 23

Question 35

Why we not use telnet ?

Answer 35

Telnet will transmit data in clear text, it does not provide encryption

Question 36

How to exit from telnet ?

Answer 36

Question 37

What is systemd in Linux ?

Answer 37

Systemd is a modern init system

Question 38

What is init system ?

Answer 38

An init system is a set of rules and conventions governing the way the user space in a given Linux system is created and made available to the user. Init systems also specify system-wide parameters such as global configuration files, logging structure and service management.

Question 39

When init process starts

Answer 39

init process start at boot time .

Question 40

Which is the first process of Linux System

Answer 40

In Linux, the init process is the first process loaded when the computer boots. Init is directly or indirectly, the parent of all processes running on the system. It is started by the kernel at boot time and continues to run until the computer shuts down. Typically, init has the process ID 1

Question 41

Which process has the process ID 1

Answer 41

I init process has the process ID 1

Question 42

Which is the event logging service of systemd

Answer 42

system-journald or journald

Question 43

What do you mean by mounting a filesystem ?

Answer 43

Mounting a file system means make it accessible to operating system.
Mounting a file system is a process of linking the physical partition on the block device(Hard Didk, SSD, pendrive etc) to a directory

Question 44

What is a Mount point ?

Answer 44

Mount point is the directory where a file system is linked ?

Question 45

What are the different types of file systems in Linux ?

Answer 45

ext3, ext4

Question 46

What is the example of block device ?

Answer 46

Hard Didk, SSD, pendrive etc

Question 47

In which file system Linux operating system is stored ?

Answer 47

Linux operating system is stored in root filesystem

Question 48

In which format will chmod command takes permissions ?

Answer 48

The chmod command take permission in the octal format (0-7 video)

In that way, a breakdown of the 665 is as follows:

6 in octal is 110 in binary. Assuming each position of the permissions of a file can be 1 or 0, 110 means rw- (read=1, write=1 and execute=0).
Therefore, the chmod 665 myFile.txt command changes the permissions to:
Owner: rw- (6 in octal or 110 in binary)
Group: rw- (6 in octal or 110 in binary)
Other: r-x (5 in octal or 101 in binary)

Question 49

What are the three types of Linux permissions?

Answer 49

Three Types of Linux permissions are, 4 2 1 read write execute
Read = 4
write= 2
Execute = 1

Question 50

What is Setuid, setgid, and the sticky bit ?

Answer 50

setuid: a bit that makes an executable run with the privileges of the owner of the file

setgid: a bit that makes an executable run with the privileges of the group of the file

sticky bit: a bit set on directories that allows only the owner or root can delete files and subdirectories

https://www.cbtnuggets.com/blog/technology/system-admin/linux-file-permissions-understanding-setuid-setgid-and-the-sticky-bit

Question 51

Why some commands required root privileges to execute ?

Answer 51

Some command requires root privileges to execute because , setuid & setgid is used. It means an executable run only with the privileges of the owner of the file.

Question 52

How many bits are reserved for permissions in file & directories

Answer 52

Total 9 bits are reserved for files and directories to set permissions
rwx rwx rwx
3 + 3 + 3

Question 53

What is the difference between file and directory permission ?

Answer 53

Execution bit in files and directories means different. Executive power file to
A file with the execution bit set is an executable script or program.
A directory with the execution bit set specifies whether a user can enter that directory.

Question 54

How many types of files are in Linux ?

Answer 54

There are three types of files in Linux,
1. Regular files
2. Directory files
3. Special files

Question 55

How regular file denoted by LS command ?

Answer 55

regular file denoted by “ - “

Question 56

How directory files denoted by LS command ?

Answer 56

Directory files denoted by “d”

Question 57

How many types of special files in Linux ?

Answer 57

We have five types of special files in Linux,
1. Block Files
2. Character device files
3. Pipe files
4. Symbolic Link files
5. Socket Files

Question 58

How block files are denoted by LS command ?

Answer 58

Block files are denoted by “b”

Question 59

How character files are denoted by LS command ?

Answer 59

Character files are denoted by “c”

Question 60

How pipe file are denoted by ls commands ?

Answer 60

Pipe files are denoted by “p”

Question 61

How Symbolic link files are denoted by LS command ?

Answer 61

Symbolic links files are denoted by “ l “

Question 62

How socket files are denoted by ls command ?

Answer 62

Socket files are denoted by “s”

Question 63

Where we find all types of files ?

Answer 63

In /dev/ we find all three types of files.

Question 64

How many types of links in Linux ?

Answer 64

In Linux we have two types of links,
1. Symbolic Links chij Hai Ki
2. Hard links

Question 65

How many minimum sub-drectory counts are in a directory, while using ls command ?

Answer 65

Minimum count is two . & .. ,
. is for itself
. . is for going to parent directory

Question 66

If we rename the file , then what happenes to its symbolic links ?

Answer 66

Symbolic links are no longer accessible , but they listed by ls command .