Lesson 11: Managing Windows Flashcards
A security analyst is investigating a possible incident and wants to view the logs on a remote computer. What should the security analyst use to accomplish this?
A.msinfo32.exe
B.gpedit.msc
C.services.msc
D.eventvwr.msc
D. eventvwr.msc
The Event Viewer (eventvwr.msc) is a management console snap-in for viewing and managing logs on a Windows host. The default page summarizes system status, with recent error and warning events collected for viewing.
Other options
A. The System Information (msinfo32.exe) tool produces a comprehensive report about the system’s hardware and software components. Running the tool produces an inventory of system resources, firmware, OS versions, driver file locations, and more.
B. The Group Policy Editor (gpedit.msc) provides a more robust means of configuring many of the Windows settings than editing the registry directly.
C. The Services console (services.msc) starts, stops, and pauses processes running in the background. The services console could disable nonessential services to improve performance or security.
A user wants to use the xcopy command at a command (CMD) prompt but is unfamiliar with the syntax and switches. What can they use to learn more? (Select all that apply.)
A.xcopy help
B.help xcopy
C.xcopy |
D.xcopy /?
B. help xcopy and D. xcopy /?
B. When using help Command, the help system lists the syntax and switches used for the command.
D. The user can also display help on a particular command by using the /? switch.
Other options
A. Using xcopy help will result in an attempt to copy the help file if it exists in the directory.
C. Using xcopy | will result in an error stating the syntax is incorrect.
An incident handler is reviewing a possible cryptomining infection on one of the corporate servers. What should the handler use first to investigate?
A.eventvwr.msc
B.taskmgr.exe
C.regedit.exe
D.tasksch.msc
B. taskmgr.exe
The Task Manager (taskmgr.exe) tool can monitor the PC’s key resources. Cryptomining software will use resources heavily, so this would be the first place to look.
Other options
A. The Event Viewer (eventvwr.msc) is a management console snap-in for viewing and managing logs on a Windows host. The default page summarizes system status, with recent error and warning events collected for viewing.
C. The Registry Editor (regedit.exe) makes manual edits to the database of Windows configuration settings. The registry’s structure is a set of five root keys that contain computer and user databases.
D. The Task Scheduler (tasksch.msc) runs commands and scripts automatically. Many of Windows’s processes come with predefined schedules.
A software technician is working on a help ticket for a Windows-based computer that appears to have performance issues. What provides a console that offers live monitoring of resource utilization data for the CPU, system memory, disk/file system, and network?
A.certmgr.msc
B.taskschd.msc
C.resmon.exe
D.gpedit.msc
C. resmon.exe
The Resource Monitor (resmon.exe) provides a console for live monitoring of resource utilization data for the CPU, system memory, disk/file system, and network and shows an enhanced version of the sort of snapshot monitoring provided by Task Manager.
Other options
A. The Certificate Manager provides a console for managing digital certificates for the current user and trusted root certification authority certificates.
B. The Task Scheduler (taskschd.msc) is an administrative tool that runs software and scripts according to calendar or event triggers.
D. The Group Policy Editor (gpedit.msc) is a console for configuring detailed user and system registry settings via policies.
A user experiences issues with large files and wants to run diagnostics to help figure out what might be the issue. Which of the following commands should the user try?
A.format
B.diskpart
C.chkdsk
D.winver
C. chkdsk
The chkdsk scans the file system and/or disk sectors for faults and attempts to repair any problems detected.
Other option
A. The format command writes a new file system to a drive. This process deletes any data existing on the drive. The basic command is format X: /fs:SYS, where X is a drive letter, and SYS is the file system, such as NTFS, FAT32, or EXFAT.
B. The command diskpart is the interface underlying the Disk Management tool. The Disk Management tool prevents users from completing destructive actions, like deleting the system or boot volume. However, it does not have restrictions in this way, so users should use it with care.
D.The winver command reports version information. Users will often need to use this for support.
A Windows server administrator wants to use a scheduled local script to transfer logs from that server to a central security incident and event monitoring platform. Copying the logs over and ingesting them locally saves on the licensing. Which command should the script use?
A.ftp Source [Destination] [Switches]
B.md Source [Destination] [Switches]
C.robocopy Source [Destination] [Switches]
D.rmdir Source [Destination] [Switches]
C. robocopy Source [Destination] [Switches]
The robocopy command (or “robust copy”) is another file copy utility. Microsoft now recommends using robocopy rather than xcopy. For example, robocopy works better with long file names and New Technology File System (NTFS) attributes.
Other options
A. While ftp could be used to copy the logs over, this is not the correct syntax. Also, robocopy is more reliable in the event of connection loss.
B. To create a directory, use the md command. For example, to create a directory called Data in the current directory, type md Data.
D. To delete an empty directory, enter rd Directory or rmdir Directory. If the directory is not empty, users can remove files and subdirectories from it using the /s switch.
A user starts experiencing a blue screen of death (BSoD) on start up. Where should the user check for changes after getting back on the computer?
A.WSL
B.devmgmt.msc
C.taskschd.msc
D.services.msc
B. devmgmt.msc
Most blue screens of death (BSoD), especially those that occur during startup, are caused by faulty hardware or hardware drivers. Device Manager (devmgmt.msc) allows users to view and edit the properties of installed hardware.
Other options
A. Windows Subsystem for Linux (WSL) allows the installation of a Linux distribution and the use of Linux applications. This is different from the Windows management utilities.
C. The Task Scheduler (taskschd.msc) runs commands and scripts automatically. Many of Windows’s processes come with predefined schedules.
D. The Services console (services.msc) starts, stops, and pauses processes running in the background.
A server administrator is writing a script that will help administer their servers. The administrator saves the script to the Desktop folder. Instead of typing out the full path to the script in the command prompt, the administrator wants to change the directory to the desktop to make it easier to run the script. Which of the following commands should the server administrator use?
A.dir C:\Users\user\Desktop
B.cd C:\Users\user\Desktop
C.Desktop:
D.C:\Users\user\Desktop help
B. cd C:\Users\user\Desktop
The cd command sets the focus to a different working directory. The administrator can change to any directory by entering the full path, such as cd C:\Users\user\Desktop.
Other options
A. Use the dir command to list the files and subdirectories from either the working drive and directory or from a specified path. For example, running dir C:\Users\user\Desktop will display the contents of Desktop.
C. Running Desktop: will attempt to change to the root of a drive named Desktop: which will fail. For example, D: changes to the D drive.
D. Running C:\Users\user\Desktop help will error out as it is not a valid command.
A computer technician wants to optimize the input/output operations performance of HDDs. What should the technician utilize?
A.devmgmt.msc
B.dfrgui.exe
C.resmon.exe
D.secpol.msc
B. dfrgui.exe
The Defragment and Optimize Drives tool (dfrgui.exe) runs various operations to speed up the performance of hard disk drives (HDDs).
Other options
A. Device Manager (devmgmt.msc) allows users to view and edit the properties of installed hardware. Users can change hardware configuration settings, update drivers, or remove/disable devices.
C. The Resource Monitor (resmon.exe) and Performance Monitor (perfmon.msc) view and log performance statistics. The Resource Monitor shows an enhanced version of the sort of snapshot monitoring provided by Task Manager.
D. The Local Security Policy (secpol.msc) views and edits the security settings. The Local Security Policy editor can be used to modify security settings specifically.
A helpdesk operator wants to use a set of tools that will help them during troubleshooting. What can help the operator customize their toolset?
A.mmc
B.gpedit.msc
C.lusrmgr.msc
D.taskschd.msc
A. mmc
The mmc command allows the operator to perform MMC customization and create a console with a personal selection of snap-ins. The console can be saved to the Administrative Tools folder as a file with an MSC extension.
Other options
B. The Group Policy Editor (gpedit.msc) provides a more robust means of configuring many of the Windows settings than editing the registry directly.
C. The Local Users and Groups (lusrmgr.msc) console provides an advanced interface for creating, modifying, disabling, and deleting user accounts.
D. The Task Scheduler (taskschd.msc) runs commands and scripts automatically. Many of Windows’s processes come with predefined schedules.
A security analyst is investigating a possible incident where an alert showed a possible indicator of malware. The malware has a tactic of replacing system files with its own version, which also runs the malware code. Which of the following commands has the best chance of helping the security analyst?
A.sfc
B.chkdsk
C.winver
D.shutdown
A. sfc
The Windows Resource Protection mechanism prevents damage to, or malicious use, of system files and registry keys and files. In addition, the System File Checker utility (sfc) provides a manual interface for verifying system files and restoring them from the cache if found corrupt or damaged.
Other options
B. The chkdsk scans the file system and/or disk sectors for faults and can attempt to repair any problems detected.
C. The winver command reports version information. Users will often need to use this for support.
D. The shutdown command can safely halt the system or log out.
A security administrator revisits the security of client machines and wants to push out configuration changes to users. What is the best way to do this?
A.regedit.exe
B.services.msc
C.lusrmgr.msc
D.gpedit.msc
D. gpedit.msc
The Group Policy Editor (gpedit.msc) provides a more robust means of configuring many of these Windows settings than editing the registry directly.
Other options
A. The Registry Editor (regedit.exe) makes manual edits to the database of Windows configuration settings. The registry is structured as a set of five root keys that contain computer and user databases.
B. The Services console (services.msc) starts, stops, and pauses processes running in the background. The services console could be used to disable nonessential services to improve performance or security.
C. The Local Users and Groups (lusrmgr.msc) console provides an advanced interface for creating, modifying, disabling, and deleting user accounts.
A user wants to learn and grow with different versions of Windows operating systems, so the user installs dual versions of Windows OS on their computer. The computer currently boots to Windows 10, but the user wants to change the default operating system to another version. What should the user utilize to do this?
A.msconfig.exe
B.resmon.exe
C.taskschd.msc
D.gpedit.msc
A. msconfig.exe
The System Configuration Utility (msconfig.exe) modifies various settings and files that affect the way the computer boots and loads Windows. For example, users can change the default OS, add boot options (such as Safe Mode boot) with minimal drivers and services, and set the timeout value.
Other options
B. Resource Monitor (resmon.exe) shows an enhanced version of the snapshot monitoring provided by Task Manager.
C. The Task Scheduler (taskschd.msc) runs commands and scripts automatically. Many of Windows’s processes come with predefined schedules.
D. The Group Policy Editor (gpedit.msc) provides a more robust means of configuring many of the Windows settings than editing the registry directly.
A vulnerability manager has significantly improved patching in the environment and now wants to focus on system security. Which of the following options will directly support the manager’s intent of making the system more secure?
A.msinfo32.exe
B.resmon.exe
C.services.msc
D.dfrgui.exe
C. services.msc
From Task Manager, the Open Services button links to the Services (services.msc) console. This can disable nonessential services to improve performance or security.
Other options
A. The System Information (msinfo32.exe) tool produces a comprehensive report about the system’s hardware and software components. For example, running the tool produces an inventory of system resources, firmware, OS versions, driver file locations, etc.
B. Resource Monitor (resmon.exe) shows an enhanced version of the snapshot monitoring provided by Task Manager.
D. The Defragment and Optimize Drives tool (dfrgui.exe) runs various operations to speed up the performance of HDDs and SSDs.
A server administrator performs a statistical analysis on server operations to provide optimized resources. For example, the administrator wants to see resource performance graphs and key statistics, such as threads started by a process or hard page faults/second. What is the best tool to use?
A.taskmgr.exe
B.services.msc
C.msconfig.exe
D.resmon.exe
D. resmon.exe
Resource Monitor (resmon.exe) shows an enhanced version of the type of snapshot monitoring provided by the Task Manager.
Other options
A. The Task Manager (taskmgr.exe) tool can monitor key resources of personal computers (PCs). Use Task Manager to determine if any resources are at 90–100% utilization, and then note which process is most active.
B. The Open Services button links to the Services (services.msc) console from the Task Manager. The Open Services button can disable nonessential services to improve performance or security.
C. The System Configuration Utility (msconfig.exe) modifies various settings and files that affect the way the computer boots and loads Windows.
