Windows OS

Question 1

Windows boot sequence?

Answer 1

BIOS initializes the hardware

Master Boot Record at start of Disk0

Loads code from boot sector of the active partition.

Bootloader loads & runs the bootloader from the file system

Question 2

What is Windows Registry?

Answer 2

a system-defined database in which applications and system components store and retrieve configuration data.

Question 3

What format is windos Registry?

Answer 3

A Tree format.

Each node is called a key.

Each key contains a subkey and data entries called values.

Question 4

What is HKCR?

Answer 4

HKEY_Classes_Root

key contains files name extension associations and COM classes registration information.

Question 5

What is HKCC?

Answer 5

HKEY_Current_Config

containes information a bout the current hardware profile of the local computer system.

this is stored in memory by the system kernel in order to mapp all other subkeys.

Question 6

HKCU

Answer 6

HKEY_CURRENT_USER

preferences include the setting environment variables, data about program groups, colors, printers, network connections.

Question 7

What Registry is used for start up application

Answer 7

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

Question 8

What are hives?

Answer 8

is a logical group of keys, subkeys in a regitry that has a set of supporting files containing backups of its dat.

Question 9

HKLM\SAM

Answer 9

is usually appears empty for most users. Unless they are given permission by admin. it is used to reference all the security accounts manger databases for all domains in the local system has been administratively authorized or configured.

Question 10

HKLM\SECURITY

Answer 10

normally empty unless given access. This is linked to the Security database of the domain into which the current user is logged on. The kernel will access it to read and enforce the security policy applicable to the current user. And all application and operations started by the user.

Question 11

HKLM\System

Answer 11

Only writable by admins. It contains information about eh windows system setup, data for secure random number generator, list the currently mounted devices contain a files systems.

Question 12

HKLM\SOFTWARE

Answer 12

contains software and windows settings. It is mostly modified by applications and system installers. It is organized by software vendor.

    Also includes a policy subkey for enforcing general usage policies for applications an system service including central certificates store for authenticating, authorizing and disallowing remote systems or services running outside the local network domain.

Question 13

How many are there What are the WinAPI?

Answer 13

They are 8?
Base Services
Advances services 
Graphic Devices Interfaces
UI
Common Dialog box library
Common control library
window shell
network services.

Question 14

What is Base Services?

Answer 14

Provides access to the basic resources availble to a windows system. Such as file systems, devices, process, threads, error handling. These files resides in System32 directory

Question 15

What is Advances services?

Answer 15

Provides access to function beyond the kernel. Like windows registry,shutdow/restart the system, stat/stop/create window services, manage user accounts.

Question 16

What is Graphic Devices Interface?

Answer 16

control external outputs.

Question 17

What is UI?

Answer 17

Provides the functions to create an manage screen windows.

Question 18

What is Common Dialog Box library?

Answer 18

provides applications the standard dialog boxes to open & save files, choose font, color etc.

Question 19

What is Common Control Library?

Answer 19

gives application advanced control provided by the OS. Like status bars, grogress bars toolbars, tabs.

Question 20

What is Window shell?

Answer 20

llows applications to access functions provided by OS shell. To change and enhance it.

Question 21

What is Network Services?

Answer 21

gives various networking abilities of the OS. Netbios/winsock,netdde, rpc.

Question 22

Windows File system type

Answer 22

FAT32

Question 23

File path types

Answer 23

A volume letter followed by : ex C:

A directory name C:\DIRECTORY

An optional filename C:\DIRECTORY\filename.txt

Question 24

Absolute filepath

Answer 24

is the full path
C:\Directory\FileName
\Directory\Gile name

Question 25

Relative filepath

Answer 25

..\Directory\FileName

Question 26

What is UNC?

Answer 26

Universal naming convention paths. which is used to access network resources. \\MYNETWORKDEVICELOCATION

Question 27

Where is the host file stored in windows

Answer 27

C:\Windows\System32\Drivers\etc\

Question 28

List the Admin share for windows? How man are there

Answer 28

7 ``` Diskvolumd$ Admin$ Fax$ Ipc$ Print$ Sysvol netlogn ```

Question 29

User profile location

Answer 29

On XP and 2000 C:\Documents and Settings\\Application Data On Windows plus its C:\Users\user-name\AppData\Roaming

Question 30

Windows directory layout

Answer 30

``` \Perflogs(Hidden) \Program Files \Program Files (x86) \ProgramData \Users -> Public ->[username]->AppData \Windows ->System,System32,SysWowo64 ->WinSxs ```

Question 31

What in \Perflogs

Answer 31

May hold windows performance log, but on default configuration, it is empty.

Question 32

what in \Program Files

Answer 32

32-bit architecture: All apps (both 16-bit and 32-bit) are installed in this folder. 64-bit architecture: 64-bit apps are installed in this folder.

Question 33

What is \Program Files (x86) ?

Answer 33

Appears on 64-bit editions of Windows. 32-bit and 16-bit apps are by default installed in this folder, even though 16-bit apps do not run on 64-bit Windows

Question 34

\ProgramData

Answer 34

Contains program data that are expected to be accessed by computer programs regardless of the user account in the context of which they run. For example, an app may store specific information needed to operate DVD recorders or image scanners connected to a computer, because all users use them. Windows itself uses this folder. For example, Windows Defender stores its virus definitions in \ProgramData\Microsoft\Windows Defender. Programs do not have permission to store files in this folder, but have permission to create subfolders and store files in them. The organization of the files is at the discretion of the developer.

Question 35

\Users

Answer 35

User profile folders. This folder contains one subfolder for each user that has logged onto the system at least once. In addition, it has two other folders: "Public" and "Default" (Hidden). It also has two folder like-items called "Default User" (an NTFS junction point to "Default" folder) and "All Users" (a NTFS symbolic link to "C:\ProgramData").

Question 36

What in \User\Public

Answer 36

This folder serves as a buffer for users of a computer to share files. By default this folder is accessible to all users that can log on to the computer. Also, by default, this folder is shared over the network, although anonymous access (i.e. without a valid password-protected user account) to it is denied. This folder contains user data, not program data, meaning that users are expected to be sole decider of what is in this folder and how it is organized. It is unethical for an app to store its proprietary data here. (There are other folders dedicated to program data.)

Question 37

What in \User\[username]\AppData?

Answer 37

This folder stores per-user application data and settings. The folder contains three subfolders: Roaming, Local, and LocalLow. Roaming is for networked based logins for roaming profiles. Data saved in Roaming will synchronize to the computer when the user logs into that. Local and LocalLowdoes not sync up with networked computers. 

Question 38

What in \Windows

Answer 38

Windows itself is installed into this folder

Question 39

What in \Windows ->Sys*

Answer 39

These folders store dynamic-link library (DLL) files that implement the core features of Windows and Windows API. Any time a program asks Windows to load a DLL file and do not specify a path, these folders are searched after app's own folder is searched."System" stores 16-bit DLLs and is normally empty on 64-bit editions of Windows. "System32" stores either 32-bit or 64-bit DLL files, depending on whether the Windows edition is 32-bit or 64-bit. "SysWOW64" only appears on 64-bit editions of Windows and stores 32-bit DLLs.

Question 40

whats in \Windows\WinSxs

Answer 40

This folder is officially called "Windows component store" and constitutes the majority of Windows. A copy of all Windows components, as well as all Windows updates and service packs is stored in this folder. Starting with Windows 7 and Windows Server 2008 R2, Windows automatically scavenges this folder to keep its size in check. For security reasons and to avoid the DLL Hell issue, Windows enforces very stringent requirements on how the files in this folder are organized

Question 41

What type of logging does windows uses?

Answer 41

Windows Event Logs

Question 42

Where are logs stored in windows

Answer 42

C:\\WINDOWS\systems32\config\ & C:\\WINDOWS\system32\Winevrt\Logs

Question 43

What are the log categories?

Answer 43

``` Application log System log Security log Directory Service log DNS Server log File replication services log ```

Question 44

What is Application log?

Answer 44

Any event by an application. These are determined by the developers of the application.

Question 45

What is System log?

Answer 45

Any event logged by the OS. Example failure to start a dirve etc.

Question 46

What is Security log?

Answer 46

Any event that matters about the security of the system. Valid and invalid logins and logoff. File deletion.

Question 47

What is Directory Services log?

Answer 47

records event of AD. This is available only on the domain controller

Question 48

What is DNS server log?

Answer 48

records evnets for DNS server and name resolution.

Question 49

What is File replication services log?

Answer 49

records events of domain controller replication.

Question 50

Log types

Answer 50

``` Information warning error success audit failure audit ```

Question 51

how to open a file?

Answer 51

just type file name.

Question 52

How to use a space from the command line

Answer 52

use ""

Question 53

What is the following command: attrib

Answer 53

sets or displays the read-only, archive, system, and hidden attributes of a file or directory. +- are used to add and remove

Question 54

What is the following command: attrib +- H

Answer 54

adds/remove hidden to a file for directory

Question 55

What is the following command: attrib +- S

Answer 55

adds/remove system attribute.

Question 56

What is the following command: attrib /D

Answer 56

does the directory as well.

Question 57

What is the following command: net

Answer 57

used to admin accounts on windows net [accounts | computer | config | continue | file | group | help | helpmsg | localgroup | name | pause | print | send | session | share | start | statistics | stop | time | use | user | view]

Question 58

what is the following command: diskpart

Answer 58

is used to manage windows drives (disk,partitions, volums, or virtual disk)

Question 59

what is the following command: format

Answer 59

used to format disk for window.

Question 60

what is the following command: set

Answer 60

list the environment variables

Question 61

What is LDAP?

Answer 61

It provides a mechanism used to connect to, search, and modify Internet directories

Question 62

SECURITY Accounts Manger

Answer 62

Is a database in Windows OS that contains user names password

Question 63

Windows file protection

Answer 63

Application that watches certain files on the windows OS. If these files changes they change them back. This is used to monitor if files change restore them back,

Question 64

Kerberos

Answer 64

Defines how the client interacts with a network authenticatin service. Clients obtain tickets from Kerberos Key distribution center. And they present these ticket to the servers when connections are established. Added in windows server 2000

Question 65

WINS

Answer 65

Windows Internet Name Service (WINS) is a legacy computer name registration and resolution service that maps computer NetBIOS names to IP addresses.

Question 66

Windows defender

Answer 66

is an anti-spyware and anti adware software that is included as part of the operating system itself. Windows Defender can be updated like an Anti-virus solution.

Question 67

Windows firewall

Answer 67

is a host based firewall that is included with each copy of Windows. 

Question 68

Data Execution Prevention

Answer 68

During the execution of a process, it will contain several memory locations that do not contain executable code. Attackers use these sections to initiate code injection attacks. After arbitrary code has been inserted, they can carry out attacks such as buffer overflows. Data Execution Prevention is a security technique that is used to prevent the execution of code from such data pages. This is done by marking data pages as non-executable. This makes it harder for code to be run in those memory locations.

Question 69

User Account control

Answer 69

is a security feature first introduce in vista limit and privileges only to authorized user. If application tries to perform user must authenticate before running.

Question 70

Bitlocker

Answer 70

is a full disk encryption

Question 71

what is admin for windows hash? What is the format

Answer 71

500 Format username:unique security ID number: LM hash : NTLM hash:::

Question 72

NTLM

Answer 72

New Technology LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users.

Question 73

What is Active Directory?

Answer 73

are the foundations of distributed networks built in windows 2000+. provide secure structured hierarchal data storage objects for user, computers printers and services.

Question 74

What are the concepts in Active Directory?

Answer 74

``` Attributes Containers and leaves Objects name and identities naming Contexts and directory partitions Domain Trees Forest Active Directory Server and Dynamic DNS Replication and data Integrity. ```

Question 75

What are the concepts in Active Directory Attributes?

Answer 75

Each object in AD contains a set of attributes that define the characteristics of the object

Question 76

What are the concepts in Active Directory Containers and leaves?

Answer 76

Containers are object that contain other objects. Leave are objects that can contain no other objects.

Question 77

What are the concepts in Active Directory Objects name and identities?

Answer 77

Different identities for a given object. Relative Distinguished Name Distinguished Name Object GUID

Question 78

What are the concepts in Active Directory domain tree?

Answer 78

is made up of several domains that share a common schema and configuration, forming a contiguous namespace.

Question 79

What are the concepts in Active Directory forest?

Answer 79

is a set of one or more domains trees that do not form a contiguous name space.

Question 80

What are the concepts in Active Directory server and Dynamic DNS?

Answer 80

publish there addresses such that clients can find them knowing only there domain name.

Question 81

What are the concepts in Active Directory replication and data integrity?

Answer 81

replicates on other servers to populate changes.

Question 82

dir /a

Answer 82

shows the hidden directories of a folder

Question 83

rmdir /s

Answer 83

removes the folder and everything in the folder

Question 84

what does "create con"

Answer 84

Create a file and lets you add the test

Question 85

what does "type filename"

Answer 85

displays the contents of the text file

Question 86

what does more filename

Answer 86

displays the contents of the text file

Question 87

what does del do?

Answer 87

deletes a file name