Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Wall prep > Registry Keys > Flashcards

Registry Keys Flashcards

1
Q

Which registry hive contains configuration information for all hardware devices and software settings on a Windows system?
A) HKEY_USERS
B) HKEY_CLASSES_ROOT
C) HKEY_LOCAL_MACHINE
D) HKEY_CURRENT_USER

A

C) HKEY_LOCAL_MACHINE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Which registry hive stores user-specific configuration information and preferences, such as desktop settings and application data?
A) HKEY_USERS
B) HKEY_CLASSES_ROOT
C) HKEY_LOCAL_MACHINE
D) HKEY_CURRENT_USER

A

D) HKEY_CURRENT_USER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

In which registry hive are file associations and COM object registration stored?
A) HKEY_USERS
B) HKEY_CLASSES_ROOT
C) HKEY_LOCAL_MACHINE
D) HKEY_CURRENT_USER

A

B) HKEY_CLASSES_ROOT

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which registry hive contains information about the currently logged-in user’s profile settings?
A) HKEY_USERS
B) HKEY_CLASSES_ROOT
C) HKEY_CURRENT_CONFIG
D) HKEY_CURRENT_USER

A

D) HKEY_CURRENT_USER

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

The HKEY_CURRENT_CONFIG hive provides information about:
A) System-wide hardware settings
B) User-specific configuration settings
C) Current hardware profile settings
D) Current user preferences

A

C) Current hardware profile settings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

The HKEY_USERS hive contains subkeys corresponding to:
A) Active user profiles on the system
B) System-wide hardware settings
C) Installed software applications
D) File associations and COM objects

A

A) Active user profiles on the system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

The HKEY_CLASSES_ROOT hive is a merged view of:
A) HKEY_CURRENT_USER and HKEY_USERS
B) HKEY_LOCAL_MACHINE\SOFTWARE and HKEY_CURRENT_USER\Software
C) HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER
D) HKEY_CURRENT_CONFIG and HKEY_LOCAL_MACHINE

A

B) HKEY_LOCAL_MACHINE\SOFTWARE and HKEY_CURRENT_USER\Software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which subkey under HKEY_LOCAL_MACHINE contains information about installed hardware devices?
A) SOFTWARE
B) SYSTEM
C) HARDWARE
D) SAM

A

B) SYSTEM

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

The HKEY_CURRENT_USER\Software subkey stores:
A) System-wide hardware settings
B) User-specific software settings and preferences
C) Hardware device configurations
D) File associations

A

B) User-specific software settings and preferences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Which subkey under HKEY_LOCAL_MACHINE contains information about installed software applications?
A) SYSTEM
B) SOFTWARE
C) HARDWARE
D) SAM

A

B) SOFTWARE

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

The HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion subkey contains:
A) Windows version information
B) File associations
C) User-specific settings
D) Installed hardware devices

A

A) Windows version information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

The HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\Windows\CurrentVersion\
Run subkey contains:
A) User-specific startup programs
B) System-wide startup programs
C) File associations
D) Hardware device configurations

A

B) System-wide startup programs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which registry hive contains the SID (Security Identifier) for each user account on the system?
A) HKEY_LOCAL_MACHINE
B) HKEY_USERS
C) HKEY_CURRENT_USER
D) HKEY_CURRENT_CONFIG

A

B) HKEY_USERS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

The HKEY_LOCAL_MACHINE\SOFTWARE\Policies subkey is used to store:
A) Group Policy settings
B) User-specific settings
C) File associations
D) Hardware device configurations

A

A) Group Policy settings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control subkey contains:
A) Information about installed hardware devices
B) System-wide security settings
C) User-specific settings
D) Installed software applications

A

B) System-wide security settings

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

The HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\
CurrentVersion\Uninstall subkey contains:
A) System-wide security settings
B) User-specific settings
C) Information about installed software applications
D) File associations

A

C) Information about installed software applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Which subkey under HKEY_USERS contains the user’s profile information and configuration settings?
A) .DEFAULT
B) S-1-5-21
C) SID
D) Classes

A

B) S-1-5-21

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services subkey contains information about:
A) Installed software applications
B) System services and drivers
C) User-specific settings
D) File associations

A

B) System services and drivers

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum subkey stores:
A) System-wide security settings
B) Information about installed hardware devices
C) User-specific settings
D) Installed software applications

A

B) Information about installed hardware devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

The HKEY_CLASSES_ROOT.doc subkey contains information about:
A) User-specific settings
B) File associations for .doc files
C) Installed software applications
D) System-wide security settings

A

B) File associations for .doc files

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What are the 5 extracted subkeys of HKEY_LOCAL_MACHINE?

A

SAM
Security
Software
System
Default

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q
  1. HKEY_CLASSES_ROOT is a subkey of which other key?
A

HKEY_LOCAL_MACHINE\Software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Which hive stores the necessary information which makes sure that the correct program opens when the user opens a file through the windows explorer?

A

HKEY_CLASSES_ROOT

24
Q

Which hive contains the config info related to the user currently logged on?

A

HKEY_CURRENT_USER

25
Q

Which hive controls the user level settings associated with user profile such as desktop wall paper, screen colors, display settings etc.?

A

HKEY_CURRENT_USER

26
Q

Which hive contains most of the configuration information for installed software which includes the Windows OS?

A

HKEY_LOCAL_MACHINE

27
Q

Which hive contains the information about the physical state of the computer which includes bus type, installed cards, memory type, startup control parameters and device drives?

A

HKEY_LOCAL_MACHINE

28
Q

Which hive in the Windows registry is a virtual hive that merges two physical hives: HKEY_LOCAL_MACHINE\Software\Classes and HKEY_CURRENT_USER\Software\Classes?

A

HKEY_CLASSES_ROOT

29
Q

Which hive serves as a central repository for file type associations, COM object registration, and other related information?

A

HKEY_CLASSES_ROOT

30
Q

Which hive stores file extension information?

A

HKEY_CLASSES_ROOT

31
Q

Which hive contains information about all the currently active user profiles?

A

HKEY_USERS

32
Q

Each registry key under HKEY_USERS hive relates to a user on the computer, which is named after the user’s?

A

security identifier (SID)

33
Q

What do the registry keys and registry values under each SID control (3)?

A

–the user specific mapped drives
–installed printers
–environmental variables and so on.

34
Q

The last system shut down can be found in the following key?

A. HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\
Services\
LanmanServer\Shares

B. HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows NT\
CurrentVersion

C. HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\
Control\Windows

D. HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\Run

A

C. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\
Control\Windows

35
Q

ProductName, CurrentBuildNumber, and CSDVersion in the following key?

A.HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion

B.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\
Windows NT\CurrentVersion

C.HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\
Control\Windows

D.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\
Run\

A

B.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows NT\CurrentVersion

36
Q

Find the time zone settings in the following key?

A.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\
TimeZoneInformation

B.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
TimeZoneInformation

C.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\
TimeZone

D.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\
Winlogon\Time

A

A.HKEY_LOCAL_MACHINE\
SYSTEM\CurrentControlSet\
Control\
TimeZoneInformation

37
Q

Find information about shares in the following key?

A.HKEY_CURRENT_USER\ControlPanel\Desktop\Shares

B.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\
LanmanServer\Shares

C.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\
CurrentVersion\Shares

D.HKEY_CLASSES_ROOT\exefile\
shell\open\Shares

A

B.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Services\LanmanServer\
Shares

38
Q

Registry entries for wireless network connections are in the following key?

A.HKEY_CURRENT_USER\Software\
Microsoft\Windows\
CurrentVersion\Explorer{GUID}

B.HKEY_LOCAL_MACHINE |SOFTWARE\Microsoft\WZCSVC\
Parameters\Interfaces{GUID}

C..HKEY_CURRENT_USER\Software\
Microsoft\Windows\
CurrentVersion{GUID}

D.HKEY_LOCAL_MACHINE\SYSTEM\
Microsoft\WZCSVC\Parameters\
Interfaces{GUID}

A

B.HKEY_LOCAL_MACHINE |SOFTWARE\Microsoft\WZCSVC\Parameters\Interfaces{GUID}

39
Q

Registry keys accessed and parsed when a user logs in to a system (4)?

A.HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Control\Windows

B.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion
\Explorer\UserAssist

C.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
Run

D.HKEY_LOCAL_MACHINE\SYSTEM\
Microsoft\Windows\CurrentVersion\
Run\

E.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
RunOnce

F.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\

G.HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\ RunOnce

H.HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\
Run

I.HKEY_CURRENT_USER\ControlPanel\
Desktop

J.HKEY_CURRENT_USER\Software\
Microsoft\Windows NT\ CurrentVersion\Windows\

A

C.HKEY_CURRENT_USER\
Software\Microsoft\Windows\CurrentVersion\Run

E.HKEY_CURRENT_USER\
Software\Microsoft\Windows\CurrentVersion\RunOnce

G.HKEY_LOCAL_MACHINE\
Software\Microsoft\Windows\CurrentVersion\ RunOnce

H.HKEY_LOCAL_MACHINE\
Software\Microsoft\Windows\CurrentVersion\Run

40
Q

Look for malware in these locations (2)?

A.HKEY_CURRENT_USER\ControlPanel\Desktop

B.HKEY_CURRENT_USER\Software\
Microsoft\Windows NT\ CurrentVersion\Windows\

C.HKEY_CLASSES_ROOT\exefile\
CurrentVersion\shell\command

D.HKEY_LOCAL_MACHINE\SOFTWARE\
Classes\exefile\shell\open\command

E.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\DeviceClasses

F.HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Windows

G.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
RunOnce\

H.HKEY_CLASSES_ROOT\exefile\shell\
open\Command

A

D.HKEY_LOCAL_MACHINE\
SOFTWARE\Classes\
exefile\shell\open\command

H.HKEY_CLASSES_ROOT\
exefile\shell\open\
Command

41
Q

Notifications are handled by the Registry key?

A.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\
Explorer\Notify

B.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\
Notifications

C.HKEY_LOCAL_MACHINE
\SOFTWARE\Microsoft\
WindowsNT\
CurrentVersion\
Winlogon\Notify

D.HKEY_CLASSES_ROOT\exefile\shell\
open\Notify

A

C.HKEY_LOCAL_MACHINE\
SOFTWARE\Microsoft\
WindowsNT\CurrentVersion\
Winlogon\Notify

42
Q

Shows mounted USB Devices?

A.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\
DeviceClasses

B.HKEY_CURRENT_USER\
Software\
Microsoft\Windows\
CurrentVersion\
RunOnce\Devices

C.HKEY_CURRENT_USER\
ControlPanel\
DeviceClasses

D.HKEY_CURRENT_USER\
Software\
Microsoft\Windows\
CurrentVersion\
Explorer\MountPoint2

A

A.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\
Control\
DeviceClasses

43
Q

UserAssist key gives information on what types of files or applications have been accessed on a particular system?

A.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
Explorer\UserAssist

B.HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Control\Windows\
UserAssist

C.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\UserAssist

D.HKEY_Local_Machine\Software\Microsoft\Windows\CurrentVersion\
Explorer\UserAssist

A

D.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist

44
Q

MRU Lists?

A.HKEY_CLASSES_ROOT\SOFTWARE\
Microsoft\Windows\CurrentVersion\
Explorer\RecentDocs

B.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\
Explorer\RecentDocs

C.HKEY_CURRENT_USER\SOFTWARE\
Microsoft\Windows\CurrentVersion\
Explorer\RecentDocs

D.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\
Winlogon\RecentDocs

A

C.HKEY_CURRENT_USER\SOFTWARE\
Microsoft\Windows\CurrentVersion\
Explorer\RecentDocs

45
Q

Volumes the user added to the system will appear in the following key?

A.HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\
Explorer\MountPoint2

B.HKEY_LOCAL_MACHINE\Software\
Microsoft\WindowsNT\CurrentVersion\MountPoint2

C.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
Explorer\MountPoint2

D.HKEY_CURRENT_USER\System\
Microsoft\Windows\CurrentVersion\
Explorer\MountPoint2

A

C.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoint2

46
Q

All values in this key are executed at system startup?

A.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\
Run\

B.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\
RunOnce\

C.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\WindowsNT\CurrentVersion\Winlogon

D.HKEY_CURRENT_USER\ControlPanel\Desktop

A

A.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

47
Q

All values in this key are executed at system startup and are deleted later?

A.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
Run\

B.HKEY_CURRENT_USER\Software\
Microsoft\Windows NT\ CurrentVersion\Windows\

C.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\
RunOnce\

D.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\

A

C.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\

48
Q

The value Shell will be executed when any user logs on?

A.HKEY_CURRENT_USER\Software\
Microsoft\Windows NT\ CurrentVersion\Windows\

B.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\WindowsNT\CurrentVersion\Winlogon

C.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
Run\

D.HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\
RunOnce

A

B.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon

49
Q

Each subkey (GUID name) represents an installed component?

A.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\WZCSVC\Parameters\
Interfaces{GUID}

B.HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Active Setup\
Installed Components\

C.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\
LanmanServer\
InstalledComponents

D.HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT{GUID}

A

B.HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Active Setup\Installed Components\

50
Q

BootExecute contains files of native applications executed before Windows Run?

A.HKEY_CURRENT_USER\ControlPanel\Desktop\Sessions

B.HKEY_LOCAL_MACHINE\SOFTWARE \Microsoft\Active Setup\Sessions

C.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Control\
Session Manager

D.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Session Manager

A

C.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager

51
Q

List of services that run at system startup. If the value Start is 2, startup is automatic. If the value Start is 3, startup is manual and starts on demand for service. If the value Start is 4, service is disabled?

A.HKEY_CURRENT_USER\Software\
Microsoft\Windows NT\ CurrentVersion\Windows\

B.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
Run\

C.HKEY_LOCAL_MACHINE\SYSTEM\
CurrentControlSet\Services\

D.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\Explorer\Services

A

C.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\

52
Q

Values in this subkey run when this specific user logs on?

A.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\
Control\Run\

B.HKEY_CURRENT_USER\Software\Microsoft\Windows\
CurrentVersion\Run\

C.HKEY_CURRENT_USER\SYSTEM\Microsoft\Windows\
CurrentVersion\Run\

D.HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\
Control\Run\

A

B.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\

53
Q

All values in this subkey run when this specific user logs on, and then the values are deleted?

A. HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
RunOnce\

B.HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\
RunOnce

C.HKEY_CLASSES_ROOT\exefile\shell\
open\Command\RunOnce\

D.HKEY_CURRENT_USER\SYSTEM\
Microsoft\Windows\CurrentVersion\
RunOnce\

A

A. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce\

54
Q

For this specific user, if a screensaver is enabled, a value named scrnsave.exe is present. Whatever is in the path found in the string data for this value will execute when the screensaver runs?

A.HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Control\Windows

B.HKEY_CURRENT_USER\ControlPanel\Desktop

C.HKEY_LOCAL_MACHINE\SOFTWARE\
Microsoft\Windows\CurrentVersion\
Run\

D.HKEY_CURRENT_USER\Software\
Microsoft\Windows NT\ CurrentVersion\Windows\

A

B.HKEY_CURRENT_USER\ControlPanel\Desktop

55
Q

The string specified in the value run executes when this user logs on?

A.HKEY_CURRENT_USER\Software\
Microsoft\Windows\CurrentVersion\
RunOnce

B.HKEY_LOCAL_MACHINE\Software\
Microsoft\Windows\CurrentVersion\
Run

C.HKEY_LOCAL_MACHINE\SYSTEM\
ControlSet001\Control\Windows

D.HKEY_CURRENT_USER\Software\
Microsoft\Windows NT\ CurrentVersion\Windows\

A

D.HKEY_CURRENT_USER\Software\Microsoft\Windows NT\ CurrentVersion\Windows\

56
Q

What information does the UserAssist key give?

A
  • UserAssist tracks user interactions with applications, particularly those launched through the Windows shell (like the Start Menu and Taskbar).

Wall prep (11 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions