MOD D04: Windows Services - PE problems Flashcards
If a port is open, the service associated is able to be used.
[TRUE / FALSE]
TRUE
What port is HTTP traffic associated with?
Port 80
What port is SMTP traffic associated with?
Port 25
What port is Webmail SSL traffic associated with?
Port 2096
What port is SSH traffic associated with?
Port 22
What port is IMAP traffic associated with?
Port 143
What protocol is port 110 traffic associated with?
POP3 protocol
What protocol is port 995 traffic associated with?
POP3s
Service applications can be DLLs or executables.
[True / False]
TRUE
What does SCP stand for, regarding Windows Services?
Service Control Program (SCP)
What is the most common SCP?
The most common SCP is the services.msc GUI.
Windows services typically run in the background.
[True / False]
TRUE
The service panel is used to manage tasks.
[True / False]
FALSE
If you need to change settings on a service when it fails, what tab in the service panel allows you to make changes to this?
Recovery tab
If you wanted to access another machine remotely, which protocol would you use from the options below?
- HTTP
- SNMP
- HTTPS
- RDP
RDP
What does RDP stand for?
Remote Desktop Protocol
Where are authentication packages stored?
- DLL’s
- C:\
- the Kernel
- C:\Windows\System32\
DLLs
What can adversaries modify to reveal credentials?
Auto start mechanism
Local and Network Logon require the user to have an account in the SAM of that computer.
[True / False]
TRUE
Note: Both a local logon and a network logon require that the user has a user account in the Security Accounts Manager (SAM) on the local computer.
What is the Network Service that resolves server names to IP addresses?
DNS
What is the network service that provides secure transfer of web pages?
HTTPS
What protocol used for the management and monitoring of network-connected devices?
SNMP
(Simple Network Management Protocol)
POP3 and IMAP are protocols used with email technologies.
[True / False]
TRUE
A network service is associated with a unique port number.
[True / False]
TRUE
Only Microsoft provides services that run on Windows Server operating systems?
[True / False]
FALSE
The principle of “______” states that a system should have no more capabilities that it requires to perform its intended purpose?
Least privilege
Least privilege
What is a utility used by Windows to stop, start, and manage background services used by Windows and applications.
services.msc
What is a software component that permits an operating system to communicate with hardware devices?
Driver
A digitally signed driver shows that it is untrusted.
[True / False]
FALSE
When a service fails to start, typically an event is written to which log?
System
Which of the following is the process of granting the user access only to the resources he or she is permitted to use?
Authorization
Where is (are) most of the configurations for Windows stored?
Registry
What command is used to start a service in Powershell?
start-service
Which of the following items in Task Scheduler causes a task to run?
Trigger
What is the authentication protocol used in a Windows domain environment to authenticate logons and grant accounts access to domain resources?
- Putty
- Hyper Text Transfer Protocol
- Authentication
- Kerberos
Kerberos
Microsoft SBL is a database server.
[True / False]
FALSE
Note: Microsoft SQL is a DB server.
Which process, typically a target of malware, verifies users logging on to a Windows computer or server, handles password changes, and creates access tokens?
Local Security Authority Server Service (LSASS)
What service control manager handles all windows services?
services.exe
