Lesson 5: Working with Windows and CLI Systems

Answer 1

Alternate data streams: A feature in NTFS file system that allows attaching hidden streams of data to files. Example: An executable file with an alternate data stream containing malicious code.

Answer 2

American Standard Code for Information Interchange (ASCII): A character encoding standard for electronic communication. Example: A text file encoded in ASCII format.

Answer 3

Areal density: The number of bits that can be stored in a given area of a storage medium. Example: A hard drive with a high areal density can store more data in the same physical space.

Answer 4

Attribute ID: A unique identifier for a file system attribute. Example: $ATTRIBUTE_LIST is an attribute ID in NTFS file system.

Answer 5

Boot.ini: A configuration file used by Windows operating systems to define the boot options. Example: Changing the Boot.ini file can allow booting into different operating systems installed on the same computer.

Answer 6

BootSect.dos: A file created by Windows operating systems to provide compatibility with older operating systems that do not support the NTFS file system. Example: BootSect.dos is used by Windows to boot a computer that has a dual-boot configuration with an older operating system installed.

Answer 7

Bootstrap process: The initial process of loading an operating system into memory and preparing it for execution. Example: The BIOS bootstrap process loads the boot sector of the hard drive into memory and hands over control to the operating system

Answer 8

Clusters: A unit of disk space allocation used by file systems. Example: A file that is 20KB in size may occupy two 16KB clusters on a file system with a cluster size of 16KB.

Answer 9

Cylinder: A group of tracks on a hard drive that are located on the same radial position. Example: A hard drive with 8 cylinders may have 16 tracks per cylinder, resulting in a total of 128 tracks.

Answer 10

Data runs: A sequence of contiguous clusters that belong to a file. Example: A 10MB file may have data runs spanning multiple clusters on a file system.

Answer 11

Device drivers: Software programs that allow the operating system to communicate with hardware devices. Example: A video card driver that enables the operating system to display graphics on a monitor.

Answer 12

Drive slack: The unused space between the end of the file and the end of the last cluster occupied by the file. Example: A 5KB file that occupies a 16KB cluster on a file system will have 11KB of drive slack.

Answer 13

Encrypting File System (EFS): A feature in Windows operating systems that provides encryption for files and folders. Example: A user can encrypt a sensitive file using EFS to protect it from unauthorized access.

Answer 14

File Allocation Table (FAT): A file system used by early versions of Windows operating systems. Example: A USB drive formatted with the FAT file system can be used on different computers running Windows.

Answer 15

File slack: The unused space between the end of a file and the end of the last sector occupied by the file. Example: A 5KB file that occupies a 4KB sector on a file system will have 3KB of file slack.

Answer 16

File system: A method used by operating systems to organize and manage files on a storage device. Example: FAT and NTFS are file systems used by Windows operating systems.

Answer 17

Geometry: A parameter that defines the physical layout of a storage device. Example: A hard drive geometry may be described as 16 heads, 8 cylinders, and 128 sectors per track.

Answer 18

Hal.dll: A file in Windows operating systems that provides hardware abstraction layer functions. Example: Hal.dll may be corrupted, resulting in a Blue Screen of Death error.

Answer 19

Head: A component of a hard drive that reads and writes data on a platter. Example: A hard drive with 8 heads may have 8

Answer 20

What does CHS stand for?
Cylinder, Head, Sector

Answer 21

one bit recording is how disk manufacturers ensure that a platter’s outer tracks store as much data as possible. True or False?
True

Answer 22

Areal density refers to which of the following?
Number of bits per square inch of a disk platter

Answer 23

Clusters in Windows always begin numbering at what number?
2

Answer 24

How many sectors are typically in a cluster on a disk drive?
8 or more

Answer 25

list three items stored in the FAT database.
Cluster allocation information, file allocation information, root directory information

Answer 26

What does the Ntuser.dat file contain?
User-specific configuration settings

Answer 27

in FAT32, a 123 KB file uses how many sectors?
4

Answer 28

What is the space on a drive called when a file is deleted? (Choose all that apply.)
Unallocated space, free space

Answer 29

list two features NTFS has that FAT does not.
Support for file encryption, support for larger partition sizes

Answer 30

What does MFT stand for?
Master File Table

Answer 31

in NTFS, files smaller than 512 bytes are stored in the MFT. True or False?
True

Answer 32

In Windows 7 and later, how much data from RAM is loaded into RAM slack on a disk drive?
64KB

Answer 33

What’s a virtual cluster number?
A logical cluster number that refers to a cluster number in a sparse file

Answer 34

Why was EFI boot firmware developed?
To replace the traditional BIOS firmware

Answer 35

Device drivers contain what kind of information?
Instructions for how to communicate with specific hardware devices

Answer 36

Which of the following Windows 8 files contains user-specific information?
Ntuser.dat

Answer 37

Virtual machines have which of the following limitations when running on a host computer?
Virtual machines are limited to the host computer’s peripheral configurations, such as mouse, keyboard, CD/DVD drives, and other devices.

Answer 38

An image of a suspect drive can be loaded on a virtual machine. True or False?
True

Answer 39

EFS can encrypt which of the following?
Files, folders, and volumes