Windows mod 5 Flashcards
Controls nearly all functions of computer. Computers rely on this to provide a means for interaction among users, software, and hardware.
Operating system (OS)
The person using a computer/device. User interaction with software and hardware is provided through OS interfaces.
User
Executable code deigned to carry out specific tasks on the computer, also referred to as programs or software.
Application
As OS consists of two parts:
OS Interface
OS Kernel
System Software
Allows a user to interface with applications, system, and hardware.
OS Interface
The heart of an OS. Manages the interaction between a user, applications, and hardware.
OS Kernel
The mechanical, magnetic, electronic, and electrical components of a computer.
Hardware
An OS Interface with data on a hard drive through a file system.
- file system
- directory
- file
File System Management
Defines the way data is named, stored, organized, and accessed.
File system
Is a container used to organize files and data for use by an OS.
Directory
Is a singular named resource used to store information/data.
File
It is the OSs responsibility to allocate and protect resources for all processes on the system.
Process Management
Is an executing instance of an application.
Process
The communications path between an OS and attached devices is made possible through special programs called device drivers.
Device Management
Is any hardware component or peripheral attached to a computer.
Device
Is a computer program that operates or controls a device attached to a computer.
Device driver
Is used as an interpreter
Driver
Only one user can perform a task at any given time.
Single user, single tasking
Only one user can perform multiple tasks (programs) at a time. (Not all mobile devices allow this.)
Single user, multi-tasking
One or more users can perform one or more tasks at one time.
Multiuser
Operates in a networked environment allowing a user to connect to another computer (server) to retrieve information.
Client
Provides various services, including email, file sharing, and printer access, as well as ensuring security, to other computers (clients) across a network.
Server
Two or more servers are grouped together, appearing as one system, providing a failover system with load balancing.
Cluster
One or more tasks are spread among two or more computers.
Distributed
If a node in the cluster fails, the services on that node are picked up by other service nodes.
Failover
Every OS has inherent vulnerabilities posing risks that must be acknowledged and managed
Information Assurance
Assurance that information is not disclosed to unauthorized individuals, processes, or devices. This is more comparable to “need to know” than a security level.
Confidentiality
Assurance that no unauthorized modification or destruction of information occurred in transit.
Integrity
Assurance of reliable access to data and services for authorized users.
Availability
Assurance that data delivery is proven to is proven to be from a reliable source.
Non-repudiation
Assurance of properly verifying a user’s credentials
Authentication
non-privileged user accounts are only granted access to what is authorized.
principle of least privilege
the privileged account in Windows
Administrator
Permissions are implemented by an Access Control List (ACL).
Discretionary Access Control (DAC)
details account permissions to a specific resource as determined by permissions set by the owner of that resource.
Access Control List (ACL)
policies are set by an administrator using a policy tool. OSs enforce system security policy using security labels (e.g., need-to-know).
Mandatory Access Control (MAC)
Access decisions are based on each account’s role or functional position.
Role-Based Access Control (RBAC)
is a record of system or user activities.
log file
occurs when computer data is copied or archived, usually to a separate location, and for the purpose of data recovery should data loss occur.
backup
is a sequence of events that begins when a system is powered on and ends once the OS kernel is loaded into memory space and begins executing.
boot process
is a set of instructions embedded onto a ROM, PROM, or EEPROM that tells the device how to communicate with other hardware and software.
Firmware
which creates cylinders, tracks, and sectors (commonly 512bytes in size) on the platters
low-level format
groups consecutive sectors together and prepare a hard drive for storing a file system.
Partitioning
groups sectors into addressable clusters used by a file system for storing and retrieving disk data.
high-level format
provides the initial interface between major hardware components and the OS with a primary goal of finding and loading the OS.
Basic Input/Output System (BIOS)
provides detailed information about the computer hardware and can be altered as the configuration changes by entering the BIOS setup.
CMOS
occurs when a computer is initially powered on. The BIOS executes a POST (Power-On Self-Test)to initialize and test hardware components. The POST uses beep codes and/or light indicators for error notification.
cold boot
(soft boot) occurs when an OS is restarted without an interruption of power. A POST is not performed during a warm boot.
warm boot
initialize and test hardware components. This uses beep codes and/or light indicators for error notification.
POST
contains a partition table identifying the location of all created partitions. Creation of additional partitions updates the existing partition table. it resides at the first physical sector of the drive (sector 0) and is not part of any partition. It is the first sector read from the boot device and it contains the information to continue the boot process. it is 512 bytes.
MBR
*max supported partition size is 2TB
contains the hex value AA55 or 55AA, which classifies the MBR as valid.
magic number
This is 64 byes and is located at byte offsets 446 through 509 (0x1BE to 0x1FD). It has space for four entries (16 bytes each) to describe each of the partitions.
partition table
full access to physical memory is available.
real mode
Access to memory is controlled.
protected mode
one of the most dangerous types of malware attacks due to the ability to infect the MBR.
bootkit
Is an improved method of booting due to its highly secure way of carrying out the boot process, checking the integrity of drivers and OS boot loaders that use verification and initialization of digitally signed code.
UEFI
Uses Logical Block Addressing (LBA) in place of the Cylinder-Head-Sector (CHS) addressing used with MBR. This allows for 128 possible partitions with partition sizes of up to approximately 9.4ZBs (zettabytes).
The Globally Unique Identifier (GUID) Partition Table (GPT)
defines the usable blocks on a disk and the number and size of partition entries that make up the partition table.
GPT Header
Firmware is initialized.
Security (SEC)
Low-level hardware is initialized.
Pre-EFI Initialization (PEI)
UEFI drivers are loaded and executed.
Driver Execution Environment (DXE)
A GPT or MBR determination is made based on boot configuration.
Boot Device Selection (BDS)
Depending on the boot device selected, the firmware boots an OS loader, UEFI Shell, or UEFI application.
Transient System Load (TSL)
UEFI program is cleared from memory and released to the OS.
Run Time (RT)
Accounts automatically created when an OS is installed. At a minimum, every Windows system has an Administrator and Guest built-in account.
Built-In
User account with the highest level of privileges and permissions. Users authenticated as Administrator can install software/devices, change system configuration settings, and manage other user accounts. This account cannot be deleted.
Administrator
Built-in
Intended for temporary access when an individual user account does not exist.Guest account abilities are greatly limited, but a password is typically not required to access the system.
Guest
Built-in
Account authenticated by the local machine. Local account credentials are maintained in a local database called the Security Accounts Manager (SAM).
Local
Local account credentials are maintained in a local database
Security Accounts Manager (SAM)
Account authenticated by a domain controller. A domain controller is a centralized server in a Windows network that stores domain account credentials in a database called Active Directory.
Domain
A centralized server in a Windows network that stores domain account credentials
domain controller
stores domain account credentials
Active Directory
Each Windows system is considered standalone with regards to authentication.
workgroup
When a user logs on to a system for the first time and/or does not have a profile, the settings contained in this directory are used to create the user’s profile.(C:\Documents and Settings\Default User prior to Windows 7)
Default
The settings contained in are used to add settings and programs to existing accounts that affect all users that log on to the system.(C:\Documents and Settings\All Users prior to Windows 7)
Public
contains folders and files of installed software, like Microsoft Office, Adobe Acrobat, Symantec Antivirus, or other optional third party and non-OS software.
Program Files
Contains folders and files of the specific Windows OS and is referred to as “system root”.
Windows folder
is used to identify the Windows directory name value for where the OS is installed.
%SystemRoot%
contains most of the built-in Windows system files, programs, and commands.
System32 Folder
contains a subdirectory for each user who has logged on to the system.
Users Folder
are on/off type features.
attributes
may have varying values, (e.g., name, size, times, dates)
properties
Allows backup programs to know which files to backup.
Archive
A
Protects the file from being over-written or modified.
Read-only
R
Compressed file or directory (NTFS only)
Compression
C
Hidden from standard directory listings and common users
Hidden
H
Encrypted file or directory (NTFS only)
Encryption
E
System file, generally protected from common user access.
System
S
is a mechanism by which a system determines the level of access an authenticated user has to system resources (e.g., files and directories).
Authorization
to assign file and directory permissions.
Discretionary Access Control Lists(DACL)
is the most common file system offered by Microsoft.
New Technology File System
NTFS
Meaning for Folders
Permits viewing and listing of files and subfolders
Meaning for Files
Permits viewing file contents
Read
Meaning for Folders
Permits adding of files and subfolders
Meaning for Files
Permits writing to a file
Write
Meaning for Folders
Permits viewing and listing of files and subfolders as well as file execution; inherited by files and folders
Meaning for Files
Permits viewing file contents and file execution
Read and Execute
Meaning for Folders
Permits viewing a listing of files and subfolders; inherited by folders only
Meaning for Files
N/A
List Folder Contents
Meaning for Folders
Permits reading and writing of files and subfolders; allows deletion of the folder
Meaning for Files
Permits reading and writing of the file; allows deletion of the file
Modify
Meaning for Folders
Permits reading, writing, changing of permissions, and deleting of files and subfolders
Meaning for Files
Permits reading, writing, changing of permissions, and deleting of the file
Full Control
This group cannot be manually updated because all accounts are considered members.
Everyone
they only apply when the shared folder is accessed over the network.
Share permissions
