Lesson 2: Managing Windows

Question 1

What does MMC stand for?

Answer 1

Microsoft Management Console

Question 2

When configuring a task, what is the function of a trigger?

a. Determines which command, script, or executable is run by the taske
b. Has no function related to Task Scheduler
c. Determines when or how the task executes
d. Determines whether the task is enabled or not

Answer 2

c. Determines when or how the task executes

Question 3

True or false? In Disk Management, it is possible to reformat the boot partition.

Answer 3

False

In Disk Management, you cannot reformat the boot partition while the system is running. The boot partition is the one that contains the operating system, and it is in use during normal system operation. Reformatting it would make the system unbootable.
To reformat the boot partition, you would need to boot from a separate disk (such as a Windows installation disk or recovery disk) and perform the reformat operation outside of the normal system environment.
Thus, Disk Management does not allow you to reformat the boot partition while the operating system is actively running.

Question 4

devmgmt.msc

Answer 4

Device Manager

Question 5

Which console allows you to view and edit the properties of installed hardware. Change hardware configuration settings, update drivers, or remove/disable devices.

Answer 5

Device Manager

Question 6

•

Answer 6

•

Question 7

•

Answer 7

•

Question 8

diskmgmt.msc

Answer 8

Disk Management console

Question 9

What does Disk Management console host? (4)

Answer 9

- fixed and removable disks
- hard disk drives (HDDs)
- solid state drives (SSDs)
- optical drives—attached to the system.

Question 10

What are the 3 volumes on Disk 0 (the typical disk that holds the operating system)? (3)

Answer 10

- system volume
- boot volume
- recovery partitions

The system volume contains the operating system files and is usually allocated the drive letter C:

The boot volume contains the files used to boot the OS. This typically uses a boot system called extensible firmware interface (EFI). It is not usually assigned a drive letter.

Recovery partitions contain tools to repair a damaged installation and/or return the computer to its factory state. These can either contain the PC vendor’s tool or Microsoft’s Windows Recovery Environment (WinRE). They are not usually assigned drive letters.

Question 11

What disk tasks does Disk Management support? (3)

Answer 11

Initializing disks, Partitioning, Formatting

Initializing disks—If you add an unformatted HDD, SSD, or thumb drive, you will be prompted to initialize it. You can choose whether to use the master boot record (MBR) or Globally Unique ID (GUID) Partition Table (GPT) partition style for the new disk. MBR and GPT refer to the way the partition information is stored on the disk.

Partitioning—Each disk must be configured with at least one partition. You can create a new partition by right-clicking on an area of unpartitioned space. A wizard will prompt you to choose how much of the unallocated space to use and to select a file system.

Formatting—A new partition must be written with a file system—typically NTFS—to allow Windows to write and read files. The simpler FAT32 file system might be used for small, removable drives. You can also reformat existing partitions. This will delete all files from the volume. Along with the file system type, you can choose a volume label and allocation unit size.

Question 12

True or False? You cannot format or delete system or boot partitions.

Answer 12

True

Question 13

During setup, what must the boot partition be formatted as? What must the system partition be formatted as?

Answer 13

During setup,
- the boot partition must be formatted as NTFS
- the system partition must be formatted as FAT32

Question 14

What feature is now the preferred method of configuring redundant disk configurations?

Answer 14

Storage Spaces

Windows feature for creating a single storage resource from multiple devices. Data can be protected against device failure by RAID-like mirroring or parity.

Question 15

What are the 3 main problems that File storage is subject to?

Answer 15

Fragmentation
Capacity
Damage

Fragmentation—On a hard disk, ideally each file would be saved in contiguous clusters on the disk. In practice, over time as files grow, they become fragmented across non-contiguous clusters, reducing read performance.

Capacity—Typically, much more file creation occurs on a computer than file deletion. This means that capacity can reduce over time. If the boot volume has less than 20% free space, performance can be impaired. When space drops below 200 MB, a Low Disk Space warning is generated.

Damage—Hard disk operations are physically intensive, and the platters of the disk are easy to damage, especially if there is a power cut. If the disk does not recognize that a sector is damaged, files can become corrupted. SSDs can suffer from degradation of the memory circuitry, resulting in bad blocks, and can be damaged by impacts, overheating, and electrical issues.

Question 16

How can File storage problems be addressed?

Answer 16

Through use of disk maintenance tools.

Question 17

dfrgui.exe

Answer 17

Defragment and Optimize Drives tool

Question 18

What does Defragment and Optimize Drives tool do?

Answer 18

Runs various operations to speed up the performance of HDDs and SSDs

Question 18

What does Windows automatically schedules the disk optimizer to run?

Answer 18

Task Scheduler

Question 19

cleanmgr.exe

Answer 19

Disk Clean-up

Question 20

•

Answer 20

•

Question 21

taskschd.msc

Answer 21

Task Scheduler

Question 22

What does Task Scheduler do?

Answer 22

Enables execution of an action (such as running a programs, commands, scripts) automatically at a pre-set time or in response to some sort of trigger.

Question 23

lusrmgr.msc

Answer 23

Local Users and Groups console

Question 24

What does Local Users and Groups console do?

Answer 24

Creating, modifying, disabling, and deleting user accounts.

Question 25

What is a digital certificate’s purpose?

Answer 25

A digital certificate is a means of proving the identity of a subject, such as a user, computer, or service. The validity of each certificate is guaranteed by the issuing certification authority (CA).

Question 26

certmgr.msc

Answer 26

Certificate Manager console

Question 27

What does the Certificate Manager console do? (2)

Answer 27

• Shows which certificates have been installed
• Provides a mechanism for requesting and importing new certificates.

Question 28

What are the 3 mainly used subfolders in Cert Manager? (3)

Answer 28

- The Personal folder
- Trusted Root Certification Authorities folder
- Third-party Root Certification Authorities folder

The Personal folder stores the certificates that have been issued to the user account. User certificates can be used for tasks such as authenticating to a network access server, encrypting data, and adding a digital signature to a document or message to prove its authenticity.
Trusted Root Certification Authorities contains a superset of the certificates of all issuers that are trusted, including Microsoft’s own CA root, local enterprise CAs and third-party CAs. Most of these certificates are managed via Windows Update.
Third-party Root Certification Authorities contains trusted issuers from providers other than Microsoft or a local enterprise.

Question 29

True or false? certmgr.msc manages certificates for the all users?

Answer 29

False.
certmgr.msc manages certificates for the current user

Question 30

gpedit.msc

Answer 30

Group Policy Editor console

Question 31

What does the Group policy editor do?

Answer 31

Configures detailed user and system registry settings via policies

Question 32

secpol.msc

Answer 32

Local Security Policy editor

can be used to modify security settings specifically.

Question 33

regedit.exe

Answer 33

Registry Editor

Question 34

•

Answer 34

•

Question 35

The registry is structured as a set of five root keys that contain computer and user databases. What are the 5 keys?

Answer 35

- HKEY_CLASSES_ROOT
- HKEY_CURRENT_USER
- HKEY_LOCAL_MACHINE
- HKEY_USERS
- HKEY_CURRENT_CONFIG

The HKEY_LOCAL_MACHINE (HKLM) database governs system-wide settings. The HKEY_USERS database includes settings that apply to individual user profiles, such as desktop personalization. HKEY_CURRENT_USER is a subset of HKEY_USERS with the settings for logged in user.

Question 36

What are the binary files called where the registry database is stored?

Answer 36

Hives

Question 37

What files are hives comprised of? (3)

Answer 37

• a single file (with no extension)
• a .LOG file (containing a transaction log)
• a .SAV file (a copy of the key as it was at the end of setup)

The system hive also has an .ALT backup file. Most of these files are stored in the C:\Windows\System32\Config folder, but the hive file for each user profile (NTUSER.DAT) is stored in the folder holding the user’s profile.

Question 38

What are subkeys and data items called in each root key?

Answer 38

Value entries

Question 39

What tool can you use to search for a key or value?

Answer 39

The Find tool

Question 40

What are the 3 parts a value entry has?

Answer 40

• The name of the value
• The data type of the value (such as string or binary value)
• The value itself

Question 41

•

Answer 41

•

Question 42

Review Question
True or False: SSDs cannot benefit from occasional defragmentation or optimization.

Answer 42

False
With flash drives and SSDs, while seek time is not a performance factor, the file system can still benefit from occasional defragmentation or optimization. There are several things to consider, including the lifespan of the SSD. You can read more about the technical considerations in optimizing SSDs at

Question 43

Review Question
You are supporting a user who has installed a vendor keyboard driver. The keyboard no longer functions correctly. Under Windows 10, what are the steps to revert to the previous driver?

Answer 43

Open Device Manager
Expand Keyboards, then right-click the device and select Properties.
On the Driver tab, select Roll Back Driver.

Question 44

Review Question
You are troubleshooting an issue with a wireless adapter. When you open Device Manager, you find the device’s icon is shown with a down arrow superimposed. What does this mean, and why might this configuration have been imposed?

Answer 44

The icon indicates that the device has been disabled.
It could be that there was a fault, or there may be a network configuration or security reason for disabling the adapter.

In this sort of situation, use incident logs and device documentation to establish the reason behind the configuration change.

Question 45

Review Question
In Windows, what is the difference between the boot volume and the system volume?

Answer 45

The boot volume contains the boot files
The system volume contains the system root (OS files)

The boot volume is not normally assigned a drive letter
The system volume is normally allocated the drive letter C:

Question 46

Review Question
If a single physical disk is divided into three partitions in a non-Windows environment, how many different file systems can be supported?

Answer 46

Three—each partition can use a different file system.

Question 47

msinfo32.exe

Answer 47

System Information

Question 48

What does system Information (msinfo32.exe) provide?

Answer 48

Utility that provides a report of the PC’s hardware and software configuration.

Question 49

eventvwr.msc

Answer 49

Event Viewer

Question 50

What does Event Viewer (eventvwr.msc) do?

Answer 50

A management console snap-in for viewing and managing logs on a Windows host.

Question 51

What are the default log files in Windows Logs folder? (4)

Answer 51

- System log
- Application log
- Security log
- Setup log

The System log contains information about events that affect the core OS. These include service load failures, hardware conflicts, driver load failures, network issues, and so on.
The Application log contains information regarding non-core processes and utilities and some third-party apps. For example, app installers write events to the Application log.
The Security log holds the audit data for the system.
The Setup log records events generated during installation.

Question 52

What are the different event levels? (5)

Answer 52

- Critical
- Error
- Warning
- Information
- Audit Success/Failure

Critical—An issue that should be treated as the highest priority in the context of the source application. Critical is often used to report a process that has halted or stopped responding.
Error—A less severe issue that should be investigated once critical issues have been resolved.
Warning—A state that could potentially lead to an error or critical condition if not remediated, such as the system running low on disk space.
Information—Logs an operation or state that is noteworthy but does not require remediation.
Audit Success/Failure—Events in the security log are classified as either successful, such as a user authenticating, or failed, such as a password not being entered correctly.

Question 53

•

Answer 53

•

Question 54

taskmgr.exe

Answer 54

Task Manager tool

Question 55

What can Task Manager tool be used for?

Answer 55

This tool can be used to monitor the PC’s key resources.

You can open it by pressing CTRL+SHIFT+ESC, by right-clicking the taskbar or Start, or by pressing CTRL+ALT+DEL and selecting Task Manager.

Question 56

How can you view more information about a process?

Answer 56

Via the Details tab

Question 57

How can you privilege one task over another or, conversely, set one task to have fewer resources than another?

Answer 57

You can do this by right-clicking the process and choosing an option from the Set Priority submenu.

Question 58

What does the Performance tab in Task Manager display? (5)

Answer 58

- the CPU
- memory
- disk(s)
- network
- graphics processing unit (GPU) subsystems

Question 59

What does the CPU page display in Task Manager?

Answer 59

The number of cores and logical processors (HyperThreading) The statistics show overall utilization, system uptime, and a count of the number of processes, threads, and handles.

Question 59

•

Answer 59

•

Question 60

•

Answer 60

•

Question 60

What does the Services tab monitor?

Answer 60

The Services tab monitors the state of all registered background processes

Question 61

•

Answer 61

•

Question 62

What is a Service? What do Services provide?

Answer 62

A service is a Windows process that does not require any sort of user interaction and therefore runs in the background (without a window).

Services provide functionality for many parts of the Windows OS, such as allowing logon, browsing the network, or indexing file details to optimize searches.

Question 63

How can you get to Services (services.msc) console?

Answer 63

From Task Manager, the Open Services button.

Question 64

Can you prevent a service from running at startup?

Answer 64

Yes, you can prevent a service from running at startup by setting it to Manual or prevent it from running completely by setting it to Disabled

Question 65

resmon.exe

Answer 65

Resource Monitor

Question 66

What is the Resource Monitor (resmon.exe) console used for? (3)

Answer 66

- live monitoring of resource utilization data for the CPU and GPU
- system memory
- disk/file system, and network.

Question 67

perfmon.msc

Answer 67

Performance Monitor

Question 68

What is the Performance Monitor (perfmon.msc) used for? (3)

Answer 68

- Tracks system performance in real-time,
- Logs data for analysis,
- Helps troubleshoot issues like slowdowns or resource bottlenecks.

Question 69

In Performance Monitor, you can create log files, referred to as Data Collector Sets, to record information for viewing later. What are the 2 types of logs?

Answer 69

• Counter logs
• Trace logs

Counter logs allow you to collect statistics about resources, such as memory, disk, and processor. These can be used to determine system health and performance.

Trace logs can collect statistics about services, providing you with detailed reports about resource behavior. In essence, trace logs provide extensions to the Event Viewer, logging data that would otherwise be inaccessible.

Question 70

What does msconfig.exe do?

Answer 70

Utility for configuring Windows startup settings. (Used to modify various settings and files that affect the way the computer boots and loads Windows)

Question 70

msconfig.exe

Answer 70

System Configuration Utility

Question 71

In the General tab of System Configuration, what are the 3 startup options?

Answer 71

• Normal startup (load all device drivers and services)
• Diagnostic startup (load basic devices and services only)
• Selective startup (load system services, or load startup items, or use original boot configuration)

Question 72

What does BCD stand for?

Answer 72

Boot Configuration Data

Question 73

What is the command to add boot paths?

Answer 73

the bcdedit command

Question 74

Review Question
You are monitoring CPU Usage and notice that it often jumps to 100% and then falls back. Does this indicate a problem?

Answer 74

Probably not—CPU Usage usually peaks and falls. If it stays over 80–90%, the system could require a faster CPU, or if it spikes continually, there could be a faulty application.

Question 74

Review Question
You are monitoring system performance and notice that a substantial number of page faults are occurring. Does this indicate that a memory module is faulty?

Answer 74

No—it shows the system is using the pagefile intensively and could benefit from more system RAM being installed.

Question 75

Review Question
You have a computer with two SATA disks. You want to evaluate the performance of the primary disk. How would you select this in Performance Monitor, and what might be appropriate counters to use?

Answer 75

Select the Physical Disk object, select the counter, and then select the 0 C: instance.

Counters that are useful for evaluating performance include % Disk Time and Average Disk Queue Length.

Question 76

Review Question
You take a support call where the user doesn’t understand why a program runs at startup when the Startup folder is empty. What is the likely cause, and how could you verify this?

Answer 76

The program has added a registry entry to run at startup. You could check this (and optionally disable the program) by using Task Manager.

Question 77

What two key combinations allow you to go into Task Manager?

Answer 77

Ctrl+Alt+Del
Ctrl+Shift+Esc

Question 78

How do you perform a scan to identify file system errors in read-only mode?

Answer 78

run chkdsk command without any switches

Note that sfc is not the correct answer as this verifies the integrity of protected system files rather than checks the file system on a drive.

Question 79

You are attempting to run a command but receive the message “The requested operation requires elevation.” What must you do to run the command?

Answer 79

Open a new command prompt window with sufficient privileges. You can right-click the Command Prompt icon and select Run as administrator or press CTRL+SHIFT+ENTER to execute the icon or cmd.exe command.

Question 80

Which Windows command is probably best suited for scripting file backup operations?

Answer 80

The robocopy command offers more options than those offered by the xcopy command, so it will usually be the better choice.

The copy command is quite basic and probably not suitable.

Question 81

Why might you run the shutdown command with the /t switch?

Answer 81

To specify a delay between running the command and shutdown starting. You might do this to give users a chance to save work or to ensure that a computer is restarted overnight.

Question 81

A server administrator is writing a script that will help administer their servers. The administrator saves the script to the Desktop folder. Instead of typing out the full path to the script in the command prompt, the administrator wants to change the directory to the desktop to make it easier to run the script. Which of the following commands should the server administrator use?

A.dir C:\Users\user\Desktop
B.cd C:\Users\user\Desktop
C.Desktop:
D.C:\Users\user\Desktop help

Answer 81

B. cd C:\Users\user\Desktop
The cd command sets the focus to a different working directory. The administrator can change to any directory by entering the full path, such as cd C:\Users\user\Desktop.

Use the dir command to list the files and subdirectories from either the working drive and directory or from a specified path. For example, running dir C:\Users\user\Desktop will display the contents of Desktop.

Running Desktop: will attempt to change to the root of a drive named Desktop: which will fail. For example, D: changes to the D drive.

Running C:\Users\user\Desktop help will error out as it is not a valid command.

Question 82

Is the command format d: /fs:exfat /q valid? If so, what is its effect, and what precaution might you need to take before running it?

Answer 82

Yes, it is valid. It formats drive D with the exFAT file system by using a quick format (does not scan for bad sectors).

This will delete the file table on the drive so existing data files can be overwritten—the formatted drive will appear to be empty in Explorer. If there are existing files that need to be preserved, they should be backed up before running the format command.

Question 83

A user experiences issues with large files and wants to run diagnostics to help figure out what might be the issue. Which of the following commands should the user try?

A.format
B.diskpart
C.chkdsk
D.winver

Answer 83

C. chkdsk
The chkdsk scans the file system and/or disk sectors for faults and attempts to repair any problems detected.

The format command writes a new file system to a drive. This process deletes any data existing on the drive. The basic command is format X: /fs:SYS, where X is a drive letter, and SYS is the file system, such as NTFS, FAT32, or EXFAT.

The command diskpart is the interface underlying the Disk Management tool. The Disk Management tool prevents users from completing destructive actions, like deleting the system or boot volume. However, it does not have restrictions in this way, so users should use it with care.

The winver command reports version information. Users will often need to use this for support.

Question 83

A user starts experiencing a blue screen of death (BSoD) on start up. Where should the user check for changes after getting back on the computer?

A.WSL
B.devmgmt.msc
C.taskschd.msc
D.services.msc

Answer 83

B. devmgmt.msc
Most blue screens of death (BSoD), especially those that occur during startup, are caused by faulty hardware or hardware drivers. Device Manager (devmgmt.msc) allows users to view and edit the properties of installed hardware.

Windows Subsystem for Linux (WSL) allows the installation of a Linux distribution and the use of Linux applications. This is different from the Windows management utilities.

The Task Scheduler (taskschd.msc) runs commands and scripts automatically. Many of Windows’s processes come with predefined schedules.

The Services console (services.msc) starts, stops, and pauses processes running in the background.

Question 84

A security administrator revisits the security of client machines and wants to push out configuration changes to users. What is the best way to do this?

A.regedit.exe
B.services.msc
C.lusrmgr.msc
D.gpedit.msc

Answer 84

D. gpedit.msc
The Group Policy Editor (gpedit.msc) provides a more robust means of configuring many of these Windows settings than editing the registry directly.

The Registry Editor (regedit.exe) makes manual edits to the database of Windows configuration settings. The registry is structured as a set of five root keys that contain computer and user databases.

The Services console (services.msc) starts, stops, and pauses processes running in the background. The services console could be used to disable nonessential services to improve performance or security.

The Local Users and Groups (lusrmgr.msc) console provides an advanced interface for creating, modifying, disabling, and deleting user accounts.

Question 85

A server administrator performs a statistical analysis on server operations to provide optimized resources. For example, the administrator wants to see resource performance graphs and key statistics, such as threads started by a process or hard page faults/second. What is the best tool to use?

A.taskmgr.exe
B.services.msc
C.msconfig.exe
D.resmon.exe

Answer 85

D. resmon.exe
Resource Monitor (resmon.exe) shows an enhanced version of the type of snapshot monitoring provided by the Task Manager.

The Task Manager (taskmgr.exe) tool can monitor key resources of personal computers (PCs). Use Task Manager to determine if any resources are at 90–100% utilization, and then note which process is most active.

The Open Services button links to the Services (services.msc) console from the Task Manager. The Open Services button can disable nonessential services to improve performance or security.

The System Configuration Utility (msconfig.exe) modifies various settings and files that affect the way the computer boots and loads Windows.

Question 86

A Windows server administrator wants to use a scheduled local script to transfer logs from that server to a central security incident and event monitoring platform. Copying the logs over and ingesting them locally saves on the licensing. Which command should the script use?

A.xcopy Source [Destination] [Switches]
B.md Source [Destination] [Switches]
C.robocopy Source [Destination] [Switches]
D.rmdir Source [Destination] [Switches]

Answer 86

C. robocopy Source [Destination] [Switches]
The robocopy command (or “robust copy”) is another file copy utility. Microsoft now recommends using robocopy rather than xcopy. For example, robocopy works better with long file names and New Technology File System (NTFS) attributes.

Microsoft now recommends using robocopy rather than xcopy. robocopy is designed to work better with long file names and NTFS attributes.

To create a directory, use the md command. For example, to create a directory called Data in the current directory, type md Data.

To delete an empty directory, enter rd Directory or rmdir Directory. If the directory is not empty, users can remove files and subdirectories from it using the /s switch.

Question 87

A computer technician wants to optimize the input/output operations performance of HDDs. What should the technician utilize?

A.devmgmt.msc
B.dfrgui.exe
C.resmon.exe
D.secpol.msc

Answer 87

B. dfrgui.exe
The Defragment and Optimize Drives tool (dfrgui.exe) runs various operations to speed up the performance of hard disk drives (HDDs).

Device Manager (devmgmt.msc) allows users to view and edit the properties of installed hardware. Users can change hardware configuration settings, update drivers, or remove/disable devices.

The Resource Monitor (resmon.exe) and Performance Monitor (perfmon.msc) view and log performance statistics. The Resource Monitor shows an enhanced version of the sort of snapshot monitoring provided by Task Manager.

The Local Security Policy (secpol.msc) views and edits the security settings. The Local Security Policy editor can be used to modify security settings specifically.

Question 87

A user wants to learn and grow with different versions of Windows operating systems, so the user installs dual versions of Windows OS on their computer. The computer currently boots to Windows 10, but the user wants to change the default operating system to another version. What should the user utilize to do this?

A.msconfig.exe
B.resmon.exe
C.taskschd.msc
D.gpedit.msc

Answer 87

A. msconfig.exe
The System Configuration Utility (msconfig.exe) modifies various settings and files that affect the way the computer boots and loads Windows. For example, users can change the default OS, add boot options (such as Safe Mode boot) with minimal drivers and services, and set the timeout value.

Resource Monitor (resmon.exe) shows an enhanced version of the snapshot monitoring provided by Task Manager.

The Task Scheduler (taskschd.msc) runs commands and scripts automatically. Many of Windows’s processes come with predefined schedules.

The Group Policy Editor (gpedit.msc) provides a more robust means of configuring many of the Windows settings than editing the registry directly.

Question 87

A security analyst is investigating a possible incident where an alert showed a possible indicator of malware. The malware has a tactic of replacing system files with its own version, which also runs the malware code. Which of the following commands has the best chance of helping the security analyst?

A.sfc
B.chkdsk
C.winver
D.shutdown

Answer 87

A. sfc
The Windows Resource Protection mechanism prevents damage to, or malicious use, of system files and registry keys and files. In addition, the System File Checker utility (sfc) provides a manual interface for verifying system files and restoring them from the cache if found corrupt or damaged.

The chkdsk scans the file system and/or disk sectors for faults and can attempt to repair any problems detected.

The winver command reports version information. Users will often need to use this for support.

The shutdown command can safely halt the system or log out.

Question 88

An incident handler is reviewing a possible cryptomining infection on one of the corporate servers. What should the handler use first to investigate?

A.eventvwr.msc
B.taskmgr.exe
C.regedit.exe
D.taskschd.msc

Answer 88

B. taskmgr.exe
The Task Manager (taskmgr.exe) tool can monitor the PC’s key resources. Cryptomining software will use resources heavily, so this would be the first place to look.

The Event Viewer (eventvwr.msc) is a management console snap-in for viewing and managing logs on a Windows host. The default page summarizes system status, with recent error and warning events collected for viewing.

The Registry Editor (regedit.exe) makes manual edits to the database of Windows configuration settings. The registry’s structure is a set of five root keys that contain computer and user databases.

The Task Scheduler (taskschd.msc) runs commands and scripts automatically. Many of Windows’s processes come with predefined schedules.

Question 89

A helpdesk operator wants to use a set of tools that will help them during troubleshooting. What can help the operator customize their toolset?

A.mmc
B.gpedit.msc
C.lusrmgr.msc
D.taskschd.msc

Answer 89

A. mmc
The mmc command allows the operator to perform MMC customization and create a console with a personal selection of snap-ins. The console can be saved to the Administrative Tools folder as a file with an MSC extension.

The Group Policy Editor (gpedit.msc) provides a more robust means of configuring many of the Windows settings than editing the registry directly.

The Local Users and Groups (lusrmgr.msc) console provides an advanced interface for creating, modifying, disabling, and deleting user accounts.

The Task Scheduler (taskschd.msc) runs commands and scripts automatically. Many of Windows’s processes come with predefined schedules.

Question 90

A security analyst is investigating a possible incident and wants to view the logs on a remote computer. What should the security analyst use to accomplish this?

A.msinfo32.exe
B.gpedit.msc
C.services.msc
D.eventvwr.msc

Answer 90

D. eventvwr.msc
The Event Viewer (eventvwr.msc) is a management console snap-in for viewing and managing logs on a Windows host. The default page summarizes system status, with recent error and warning events collected for viewing.

The System Information (msinfo32.exe) tool produces a comprehensive report about the system’s hardware and software components. Running the tool produces an inventory of system resources, firmware, OS versions, driver file locations, and more.

The Group Policy Editor (gpedit.msc) provides a more robust means of configuring many of the Windows settings than editing the registry directly.

The Services console (services.msc) starts, stops, and pauses processes running in the background. The services console could disable nonessential services to improve performance or security.

Question 91

A software technician is working on a help ticket for a Windows-based computer that appears to have performance issues. What provides a console that offers live monitoring of resource utilization data for the CPU, system memory, disk/file system, and network?

A.certmgr.msc
B.taskschd.msc
C.resmon.exe
D.gpedit.msc

Answer 91

C. resmon.exe
The Resource Monitor (resmon.exe) provides a console for live monitoring of resource utilization data for the CPU, system memory, disk/file system, and network and shows an enhanced version of the sort of snapshot monitoring provided by Task Manager.

The Certificate Manager provides a console for managing digital certificates for the current user and trusted root certification authority certificates.

The Task Scheduler (taskschd.msc) is an administrative tool that runs software and scripts according to calendar or event triggers.

The Group Policy Editor (gpedit.msc) is a console for configuring detailed user and system registry settings via policies.

Question 92

A vulnerability manager has significantly improved patching in the environment and now wants to focus on system security. Which of the following options will directly support the manager’s intent of making the system more secure?

A.msinfo32.exe
B.resmon.exe
C.services.msc
D.dfrgui.exe

Answer 92

C. services.msc
From Task Manager, the Open Services button links to the Services (services.msc) console. This can disable nonessential services to improve performance or security.

The System Information (msinfo32.exe) tool produces a comprehensive report about the system’s hardware and software components. For example, running the tool produces an inventory of system resources, firmware, OS versions, driver file locations, etc.

Resource Monitor (resmon.exe) shows an enhanced version of the snapshot monitoring provided by Task Manager.

The Defragment and Optimize Drives tool (dfrgui.exe) runs various operations to speed up the performance of HDDs and SSDs.

Question 93

Lesson 2 - Summery

Answer 93

Lesson 2
Summary
You should be able to use management consoles and command-line utilities to manage Windows users, devices, apps, and performance.

Guidelines for Managing Windows

Document standard procedures and work instructions to make best use of Windows management consoles and command-line utilities for different tasks:

Use Device Manager, Disk Management, Disk Defragmenter, Disk Cleanup, chkdsk, diskpart, and format to ensure hardware availability, reliability, and performance.
Use Local Users and Groups and Certificate Manager to manage users, personal digital certificates, and trusted root certificates.
Use Group Policy Editor and Registry Editor for fine-grained settings configuration.
Use System Information, Event Viewer, and winver to audit software and hardware inventory and monitor logs.
Use Task Manager, Resource Monitor, Performance Monitor, System Configuration, shutdown, and sfc to optimize process, service, and startup performance.
Use cd, dir, md, rmdir, x:, copy, xcopy, and robocopy to manage the file system from the command prompt.
Additional practice questions for the topics covered in this lesson are available on the CompTIA Learning Center.

Question 93

A user wants to use the xcopy command at a command (CMD) prompt but is unfamiliar with the syntax and switches. What can they use to learn more? (Select all that apply.)

A.xcopy help
B.help xcopy
C.xcopy |
D.xcopy /?

Answer 93

A. xcopy help and D. xcopy /?
When using help Command, the help system lists the syntax and switches used for the command.

The user can also display help on a particular command by using the /? switch.

Using xcopy help will result in an attempt to copy the help file if it exists in the directory.

Using xcopy | will result in an error stating the syntax is incorrect.

Question 94

Which of the following is NOT a registry hive?
HKEY_DEFAULT_USER
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS

Answer 94

HKEY_DEFAULT_USER

Question 95

Which of the following components are visible using the Performance tab of Task Manager? Select all that apply.
a. IOPS
b. Memory
c. CPU
d. Disk

Answer 95

b. Memory
c. CPU
d. Disk

Question 96

What is the name of the graphical system performance tool used in Windows?

a. System Tool
b. Performance Tool
c. Task Manager
d. System Manager

Answer 96

c. Task Manager

Question 97

Which of the following are valid operations for a Windows service? (Select two).

a. Initialize
b. Terminate
c. Start
d. Stop

Answer 97

c. Start and d. Stop

Question 98

What does Security Center alert with event ID 1 indicate?

a. The Windows Security Center Service has started.
b. Windows operating system has rebooted.
c. The Windows Security Center has been reconfigured.
d. The Windows Security Center Service has stopped

Answer 98

**a. **