Registry Keys Flashcards
Which registry hive contains configuration information for all hardware devices and software settings on a Windows system?
A) HKEY_USERS
B) HKEY_CLASSES_ROOT
C) HKEY_LOCAL_MACHINE
D) HKEY_CURRENT_USER
C) HKEY_LOCAL_MACHINE
Which registry hive stores user-specific configuration information and preferences, such as desktop settings and application data?
A) HKEY_USERS
B) HKEY_CLASSES_ROOT
C) HKEY_LOCAL_MACHINE
D) HKEY_CURRENT_USER
D) HKEY_CURRENT_USER
In which registry hive are file associations and COM object registration stored?
A) HKEY_USERS
B) HKEY_CLASSES_ROOT
C) HKEY_LOCAL_MACHINE
D) HKEY_CURRENT_USER
B) HKEY_CLASSES_ROOT
Which registry hive contains information about the currently logged-in user’s profile settings?
A) HKEY_USERS
B) HKEY_CLASSES_ROOT
C) HKEY_CURRENT_CONFIG
D) HKEY_CURRENT_USER
D) HKEY_CURRENT_USER
The HKEY_CURRENT_CONFIG hive provides information about:
A) System-wide hardware settings
B) User-specific configuration settings
C) Current hardware profile settings
D) Current user preferences
C) Current hardware profile settings
The HKEY_USERS hive contains subkeys corresponding to:
A) Active user profiles on the system
B) System-wide hardware settings
C) Installed software applications
D) File associations and COM objects
A) Active user profiles on the system
The HKEY_CLASSES_ROOT hive is a merged view of:
A) HKEY_CURRENT_USER and HKEY_USERS
B) HKEY_LOCAL_MACHINE\SOFTWARE and HKEY_CURRENT_USER\Software
C) HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER
D) HKEY_CURRENT_CONFIG and HKEY_LOCAL_MACHINE
B) HKEY_LOCAL_MACHINE\SOFTWARE and HKEY_CURRENT_USER\Software
Which subkey under HKEY_LOCAL_MACHINE contains information about installed hardware devices?
A) SOFTWARE
B) SYSTEM
C) HARDWARE
D) SAM
B) SYSTEM
The HKEY_CURRENT_USER\Software subkey stores:
A) System-wide hardware settings
B) User-specific software settings and preferences
C) Hardware device configurations
D) File associations
B) User-specific software settings and preferences
Which subkey under HKEY_LOCAL_MACHINE contains information about installed software applications?
A) SYSTEM
B) SOFTWARE
C) HARDWARE
D) SAM
B) SOFTWARE
The HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion subkey contains:
A) Windows version information
B) File associations
C) User-specific settings
D) Installed hardware devices
A) Windows version information
The HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\CurrentVersion\
Run subkey contains:
A) User-specific startup programs
B) System-wide startup programs
C) File associations
D) Hardware device configurations
B) System-wide startup programs
Which registry hive contains the SID (Security Identifier) for each user account on the system?
A) HKEY_LOCAL_MACHINE
B) HKEY_USERS
C) HKEY_CURRENT_USER
D) HKEY_CURRENT_CONFIG
B) HKEY_USERS
The HKEY_LOCAL_MACHINE\SOFTWARE\Policies subkey is used to store:
A) Group Policy settings
B) User-specific settings
C) File associations
D) Hardware device configurations
A) Group Policy settings
The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control subkey contains:
A) Information about installed hardware devices
B) System-wide security settings
C) User-specific settings
D) Installed software applications
B) System-wide security settings
The HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall subkey contains:
A) System-wide security settings
B) User-specific settings
C) Information about installed software applications
D) File associations
C) Information about installed software applications
Which subkey under HKEY_USERS contains the user’s profile information and configuration settings?
A) .DEFAULT
B) S-1-5-21
C) SID
D) Classes
B) S-1-5-21
The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services subkey contains information about:
A) Installed software applications
B) System services and drivers
C) User-specific settings
D) File associations
B) System services and drivers
The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum subkey stores:
A) System-wide security settings
B) Information about installed hardware devices
C) User-specific settings
D) Installed software applications
B) Information about installed hardware devices
The HKEY_CLASSES_ROOT.doc subkey contains information about:
A) User-specific settings
B) File associations for .doc files
C) Installed software applications
D) System-wide security settings
B) File associations for .doc files
What are the 5 extracted subkeys of HKEY_LOCAL_MACHINE?
SAM
Security
Software
System
Default
- HKEY_CLASSES_ROOT is a subkey of which other key?
HKEY_LOCAL_MACHINE\Software
Which hive stores the necessary information which makes sure that the correct program opens when the user opens a file through the windows explorer?
HKEY_CLASSES_ROOT
Which hive contains the config info related to the user currently logged on?
HKEY_CURRENT_USER
Which hive controls the user level settings associated with user profile such as desktop wall paper, screen colors, display settings etc.?
HKEY_CURRENT_USER
Which hive contains most of the configuration information for installed software which includes the Windows OS?
HKEY_LOCAL_MACHINE
Which hive contains the information about the physical state of the computer which includes bus type, installed cards, memory type, startup control parameters and device drives?
HKEY_LOCAL_MACHINE
Which hive in the Windows registry is a virtual hive that merges two physical hives: HKEY_LOCAL_MACHINE\Software\Classes and HKEY_CURRENT_USER\Software\Classes?
HKEY_CLASSES_ROOT
Which hive serves as a central repository for file type associations, COM object registration, and other related information?
HKEY_CLASSES_ROOT
Which hive stores file extension information?
HKEY_CLASSES_ROOT
Which hive contains information about all the currently active user profiles?
HKEY_USERS
Each registry key under HKEY_USERS hive relates to a user on the computer, which is named after the user’s?
security identifier (SID)
What do the registry keys and registry values under each SID control (3)?
–the user specific mapped drives
–installed printers
–environmental variables and so on.
The last system shut down can be found in the following key?
A. HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\
Services\
LanmanServer\Shares
B. HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows NT\
CurrentVersion
C. HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\
Control\Windows
D. HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\Run
C. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\Windows
ProductName, CurrentBuildNumber, and CSDVersion in the following key?
A.HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion
B.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\
Windows NT\CurrentVersion
C.HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\
Control\Windows
D.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\
Run\
B.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows NT\CurrentVersion
Find the time zone settings in the following key?
A.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\
TimeZoneInformation
B.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
TimeZoneInformation
C.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\
TimeZone
D.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\
Winlogon\Time
A.HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\
Control\
TimeZoneInformation
Find information about shares in the following key?
A.HKEY_CURRENT_USER\ControlPanel\Desktop\Shares
B.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\
LanmanServer\Shares
C.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\
CurrentVersion\Shares
D.HKEY_CLASSES_ROOT\exefile\
shell\open\Shares
B.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\LanmanServer\
Shares
Registry entries for wireless network connections are in the following key?
A.HKEY_CURRENT_USER\Software\
Microsoft\Windows\
CurrentVersion\Explorer{GUID}
B.HKEY_LOCAL_MACHINE |SOFTWARE\Microsoft\WZCSVC\
Parameters\Interfaces{GUID}
C..HKEY_CURRENT_USER\Software\
Microsoft\Windows\
CurrentVersion{GUID}
D.HKEY_LOCAL_MACHINE\SYSTEM\
Microsoft\WZCSVC\Parameters\
Interfaces{GUID}
B.HKEY_LOCAL_MACHINE |SOFTWARE\Microsoft\WZCSVC\Parameters\Interfaces{GUID}
Registry keys accessed and parsed when a user logs in to a system (4)?
A.HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Control\Windows
B.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion
\Explorer\UserAssist
C.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
Run
D.HKEY_LOCAL_MACHINE\SYSTEM\
Microsoft\Windows\CurrentVersion\
Run\
E.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
RunOnce
F.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\
G.HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\ RunOnce
H.HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\
Run
I.HKEY_CURRENT_USER\ControlPanel\
Desktop
J.HKEY_CURRENT_USER\Software\
Microsoft\Windows NT\ CurrentVersion\Windows\
C.HKEY_CURRENT_USER\
Software\Microsoft\Windows\CurrentVersion\Run
E.HKEY_CURRENT_USER\
Software\Microsoft\Windows\CurrentVersion\RunOnce
G.HKEY_LOCAL_MACHINE\
Software\Microsoft\Windows\CurrentVersion\ RunOnce
H.HKEY_LOCAL_MACHINE\
Software\Microsoft\Windows\CurrentVersion\Run
Look for malware in these locations (2)?
A.HKEY_CURRENT_USER\ControlPanel\Desktop
B.HKEY_CURRENT_USER\Software\
Microsoft\Windows NT\ CurrentVersion\Windows\
C.HKEY_CLASSES_ROOT\exefile\
CurrentVersion\shell\command
D.HKEY_LOCAL_MACHINE\SOFTWARE\
Classes\exefile\shell\open\command
E.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses
F.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Windows
G.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
RunOnce\
H.HKEY_CLASSES_ROOT\exefile\shell\
open\Command
D.HKEY_LOCAL_MACHINE\
SOFTWARE\Classes\
exefile\shell\open\command
H.HKEY_CLASSES_ROOT\
exefile\shell\open\
Command
Notifications are handled by the Registry key?
A.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\
Explorer\Notify
B.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\
Notifications
C.HKEY_LOCAL_MACHINE
\SOFTWARE\Microsoft\
WindowsNT\
CurrentVersion\
Winlogon\Notify
D.HKEY_CLASSES_ROOT\exefile\shell\
open\Notify
C.HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\
WindowsNT\CurrentVersion\
Winlogon\Notify
Shows mounted USB Devices?
A.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\
DeviceClasses
B.HKEY_CURRENT_USER\
Software\
Microsoft\Windows\
CurrentVersion\
RunOnce\Devices
C.HKEY_CURRENT_USER\
ControlPanel\
DeviceClasses
D.HKEY_CURRENT_USER\
Software\
Microsoft\Windows\
CurrentVersion\
Explorer\MountPoint2
A.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\
Control\
DeviceClasses
UserAssist key gives information on what types of files or applications have been accessed on a particular system?
A.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
Explorer\UserAssist
B.HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Control\Windows\
UserAssist
C.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\UserAssist
D.HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\
Explorer\UserAssist
D.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
MRU Lists?
A.HKEY_CLASSES_ROOT\SOFTWARE\
Microsoft\Windows\CurrentVersion\
Explorer\RecentDocs
B.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\
Explorer\RecentDocs
C.HKEY_CURRENT_USER\SOFTWARE\
Microsoft\Windows\CurrentVersion\
Explorer\RecentDocs
D.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\
Winlogon\RecentDocs
C.HKEY_CURRENT_USER\SOFTWARE\
Microsoft\Windows\CurrentVersion\
Explorer\RecentDocs
Volumes the user added to the system will appear in the following key?
A.HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\
Explorer\MountPoint2
B.HKEY_LOCAL_MACHINE\Software\
Microsoft\WindowsNT\CurrentVersion\MountPoint2
C.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
Explorer\MountPoint2
D.HKEY_CURRENT_USER\System\
Microsoft\Windows\CurrentVersion\
Explorer\MountPoint2
C.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoint2
All values in this key are executed at system startup?
A.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\
Run\
B.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\
RunOnce\
C.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\WindowsNT\CurrentVersion\Winlogon
D.HKEY_CURRENT_USER\ControlPanel\Desktop
A.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
All values in this key are executed at system startup and are deleted later?
A.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
Run\
B.HKEY_CURRENT_USER\Software\
Microsoft\Windows NT\ CurrentVersion\Windows\
C.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\
RunOnce\
D.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\
C.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\
The value Shell will be executed when any user logs on?
A.HKEY_CURRENT_USER\Software\
Microsoft\Windows NT\ CurrentVersion\Windows\
B.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\WindowsNT\CurrentVersion\Winlogon
C.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
Run\
D.HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\
RunOnce
B.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon
Each subkey (GUID name) represents an installed component?
A.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\WZCSVC\Parameters\
Interfaces{GUID}
B.HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Active Setup\
Installed Components\
C.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\
LanmanServer\
InstalledComponents
D.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT{GUID}
B.HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Active Setup\Installed Components\
BootExecute contains files of native applications executed before Windows Run?
A.HKEY_CURRENT_USER\ControlPanel\Desktop\Sessions
B.HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Active Setup\Sessions
C.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\
Session Manager
D.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Session Manager
C.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
List of services that run at system startup. If the value Start is 2, startup is automatic. If the value Start is 3, startup is manual and starts on demand for service. If the value Start is 4, service is disabled?
A.HKEY_CURRENT_USER\Software\
Microsoft\Windows NT\ CurrentVersion\Windows\
B.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
Run\
C.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\
D.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\Explorer\Services
C.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\
Values in this subkey run when this specific user logs on?
A.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\Run\
B.HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run\
C.HKEY_CURRENT_USER\SYSTEM\Microsoft\Windows\
CurrentVersion\Run\
D.HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\
Control\Run\
B.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
All values in this subkey run when this specific user logs on, and then the values are deleted?
A. HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
RunOnce\
B.HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\
RunOnce
C.HKEY_CLASSES_ROOT\exefile\shell\
open\Command\RunOnce\
D.HKEY_CURRENT_USER\SYSTEM\
Microsoft\Windows\CurrentVersion\
RunOnce\
A. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\
For this specific user, if a screensaver is enabled, a value named scrnsave.exe is present. Whatever is in the path found in the string data for this value will execute when the screensaver runs?
A.HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Control\Windows
B.HKEY_CURRENT_USER\ControlPanel\Desktop
C.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\
Run\
D.HKEY_CURRENT_USER\Software\
Microsoft\Windows NT\ CurrentVersion\Windows\
B.HKEY_CURRENT_USER\ControlPanel\Desktop
The string specified in the value run executes when this user logs on?
A.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
RunOnce
B.HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\
Run
C.HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Control\Windows
D.HKEY_CURRENT_USER\Software\
Microsoft\Windows NT\ CurrentVersion\Windows\
D.HKEY_CURRENT_USER\Software\Microsoft\Windows NT\ CurrentVersion\Windows\
What information does the UserAssist key give?
- UserAssist tracks user interactions with applications, particularly those launched through the Windows shell (like the Start Menu and Taskbar).