Windows OS Flashcards

1
Q

Windows boot sequence?

A

BIOS initializes the hardware

Master Boot Record at start of Disk0

Loads code from boot sector of the active partition.

Bootloader loads & runs the bootloader from the file system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Windows Registry?

A

a system-defined database in which applications and system components store and retrieve configuration data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What format is windos Registry?

A

A Tree format.

Each node is called a key.

Each key contains a subkey and data entries called values.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is HKCR?

A

HKEY_Classes_Root

key contains files name extension associations and COM classes registration information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is HKCC?

A

HKEY_Current_Config

containes information a bout the current hardware profile of the local computer system.

this is stored in memory by the system kernel in order to mapp all other subkeys.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

HKCU

A

HKEY_CURRENT_USER

preferences include the setting environment variables, data about program groups, colors, printers, network connections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What Registry is used for start up application

A

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What are hives?

A

is a logical group of keys, subkeys in a regitry that has a set of supporting files containing backups of its dat.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

HKLM\SAM

A

is usually appears empty for most users. Unless they are given permission by admin. it is used to reference all the security accounts manger databases for all domains in the local system has been administratively authorized or configured.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

HKLM\SECURITY

A

normally empty unless given access. This is linked to the Security database of the domain into which the current user is logged on. The kernel will access it to read and enforce the security policy applicable to the current user. And all application and operations started by the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

HKLM\System

A

Only writable by admins. It contains information about eh windows system setup, data for secure random number generator, list the currently mounted devices contain a files systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

HKLM\SOFTWARE

A

contains software and windows settings. It is mostly modified by applications and system installers. It is organized by software vendor.

    Also includes a policy subkey for enforcing general usage policies for applications an system service including central certificates store for authenticating, authorizing and disallowing remote systems or services running outside the local network domain.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How many are there What are the WinAPI?

A
They are 8?
Base Services
Advances services 
Graphic Devices Interfaces
UI
Common Dialog box library
Common control library
window shell
network services.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is Base Services?

A

Provides access to the basic resources availble to a windows system. Such as file systems, devices, process, threads, error handling. These files resides in System32 directory

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Advances services?

A

Provides access to function beyond the kernel. Like windows registry,shutdow/restart the system, stat/stop/create window services, manage user accounts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Graphic Devices Interface?

A

control external outputs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is UI?

A

Provides the functions to create an manage screen windows.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is Common Dialog Box library?

A

provides applications the standard dialog boxes to open & save files, choose font, color etc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is Common Control Library?

A

gives application advanced control provided by the OS. Like status bars, grogress bars toolbars, tabs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is Window shell?

A

llows applications to access functions provided by OS shell. To change and enhance it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is Network Services?

A

gives various networking abilities of the OS. Netbios/winsock,netdde, rpc.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Windows File system type

A

FAT32

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

File path types

A

A volume letter followed by : ex C:

A directory name C:\DIRECTORY

An optional filename C:\DIRECTORY\filename.txt

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

Absolute filepath

A

is the full path
C:\Directory\FileName
\Directory\Gile name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Relative filepath

A

..\Directory\FileName

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

What is UNC?

A

Universal naming convention paths. which is used to access network resources.
\MYNETWORKDEVICELOCATION

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Where is the host file stored in windows

A

C:\Windows\System32\Drivers\etc\

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

List the Admin share for windows?

How man are there

A

7

Diskvolumd$
Admin$
Fax$
Ipc$
Print$
Sysvol
netlogn
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

User profile location

A

On XP and 2000 C:\Documents and Settings\Application Data

On Windows plus its C:\Users\user-name\AppData\Roaming

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

Windows directory layout

A
\Perflogs(Hidden)
\Program Files
\Program Files (x86)
\ProgramData
\Users
-> Public
->[username]->AppData
\Windows
->System,System32,SysWowo64
->WinSxs
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What in \Perflogs

A

May hold windows performance log, but on default configuration, it is empty.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

what in \Program Files

A

32-bit architecture: All apps (both 16-bit and 32-bit) are installed in this folder.

64-bit architecture: 64-bit apps are installed in this folder.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is \Program Files (x86) ?

A

Appears on 64-bit editions of Windows. 32-bit and 16-bit apps are by default installed in this folder, even though 16-bit apps do not run on 64-bit Windows

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

\ProgramData

A

Contains program data that are expected to be accessed by computer programs regardless of the user account in the context of which they run. For example, an app may store specific information needed to operate DVD recorders or image scanners connected to a computer, because all users use them. Windows itself uses this folder. For example, Windows Defender stores its virus definitions in \ProgramData\Microsoft\Windows Defender. Programs do not have permission to store files in this folder, but have permission to create subfolders and store files in them. The organization of the files is at the discretion of the developer.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

\Users

A

User profile folders. This folder contains one subfolder for each user that has logged onto the system at least once. In addition, it has two other folders: “Public” and “Default” (Hidden). It also has two folder like-items called “Default User” (an NTFS junction point to “Default” folder) and “All Users” (a NTFS symbolic link to “C:\ProgramData”).

36
Q

What in \User\Public

A

This folder serves as a buffer for users of a computer to share files. By default this folder is accessible to all users that can log on to the computer. Also, by default, this folder is shared over the network, although anonymous access (i.e. without a valid password-protected user account) to it is denied. This folder contains user data, not program data, meaning that users are expected to be sole decider of what is in this folder and how it is organized. It is unethical for an app to store its proprietary data here. (There are other folders dedicated to program data.)

37
Q

What in \User[username]\AppData?

A

This folder stores per-user application data and settings. The folder contains three subfolders: Roaming, Local, and LocalLow. Roaming is for networked based logins for roaming profiles. Data saved in Roaming will synchronize to the computer when the user logs into that. Local and LocalLowdoes not sync up with networked computers. 

38
Q

What in \Windows

A

Windows itself is installed into this folder

39
Q

What in \Windows ->Sys*

A

These folders store dynamic-link library (DLL) files that implement the core features of Windows and Windows API. Any time a program asks Windows to load a DLL file and do not specify a path, these folders are searched after app’s own folder is searched.”System” stores 16-bit DLLs and is normally empty on 64-bit editions of Windows. “System32” stores either 32-bit or 64-bit DLL files, depending on whether the Windows edition is 32-bit or 64-bit. “SysWOW64” only appears on 64-bit editions of Windows and stores 32-bit DLLs.

40
Q

whats in \Windows\WinSxs

A

This folder is officially called “Windows component store” and constitutes the majority of Windows. A copy of all Windows components, as well as all Windows updates and service packs is stored in this folder. Starting with Windows 7 and Windows Server 2008 R2, Windows automatically scavenges this folder to keep its size in check. For security reasons and to avoid the DLL Hell issue, Windows enforces very stringent requirements on how the files in this folder are organized

41
Q

What type of logging does windows uses?

A

Windows Event Logs

42
Q

Where are logs stored in windows

A

C:\WINDOWS\systems32\config\ & C:\WINDOWS\system32\Winevrt\Logs

43
Q

What are the log categories?

A
Application log
System log
Security log
Directory Service log
DNS Server log
File  replication services log
44
Q

What is Application log?

A

Any event by an application. These are determined by the developers of the application.

45
Q

What is System log?

A

Any event logged by the OS. Example failure to start a dirve etc.

46
Q

What is Security log?

A

Any event that matters about the security of the system. Valid and invalid logins and logoff. File deletion.

47
Q

What is Directory Services log?

A

records event of AD. This is available only on the domain controller

48
Q

What is DNS server log?

A

records evnets for DNS server and name resolution.

49
Q

What is File replication services log?

A

records events of domain controller replication.

50
Q

Log types

A
Information
warning 
error
success audit 
failure audit
51
Q

how to open a file?

A

just type file name.

52
Q

How to use a space from the command line

A

use “”

53
Q

What is the following command: attrib

A

sets or displays the read-only, archive, system, and hidden attributes of a file or directory. +- are used to add and remove

54
Q

What is the following command: attrib +- H

A

adds/remove hidden to a file for directory

55
Q

What is the following command: attrib +- S

A

adds/remove system attribute.

56
Q

What is the following command: attrib /D

A

does the directory as well.

57
Q

What is the following command: net

A

used to admin accounts on windows

net [accounts | computer | config | continue | file | group | help | helpmsg | localgroup | name | pause | print | send | session | share | start | statistics | stop | time | use | user | view]
58
Q

what is the following command: diskpart

A

is used to manage windows drives (disk,partitions, volums, or virtual disk)

59
Q

what is the following command: format

A

used to format disk for window.

60
Q

what is the following command: set

A

list the environment variables

61
Q

What is LDAP?

A

It provides a mechanism used to connect to, search, and modify Internet directories

62
Q

SECURITY Accounts Manger

A

Is a database in Windows OS that contains user names password

63
Q

Windows file protection

A

Application that watches certain files on the windows OS. If these files changes they change them back. This is used to monitor if files change restore them back,

64
Q

Kerberos

A

Defines how the client interacts with a network authenticatin service.

Clients obtain tickets from Kerberos Key distribution center. And they present these ticket to the servers when connections are established. 

Added in windows server 2000
65
Q

WINS

A

Windows Internet Name Service (WINS) is a legacy computer name registration and resolution service that maps computer NetBIOS names to IP addresses.

66
Q

Windows defender

A

is an anti-spyware and anti adware software that is included as part of the operating system itself. Windows Defender can be updated like an Anti-virus solution.

67
Q

Windows firewall

A

is a host based firewall that is included with each copy of Windows. 

68
Q

Data Execution Prevention

A

During the execution of a process, it will contain several memory locations that do not contain executable code. Attackers use these sections to initiate code injection attacks. After arbitrary code has been inserted, they can carry out attacks such as buffer overflows. Data Execution Prevention is a security technique that is used to prevent the execution of code from such data pages. This is done by marking data pages as non-executable. This makes it harder for code to be run in those memory locations.

69
Q

User Account control

A

is a security feature first introduce in vista limit and privileges only to authorized user. If application tries to perform user must authenticate before running.

70
Q

Bitlocker

A

is a full disk encryption

71
Q

what is admin for windows hash?

What is the format

A

500

Format username:unique security ID number: LM hash : NTLM hash:::

72
Q

NTLM

A

New Technology LAN Manager (NTLM) is a suite of Microsoft security protocols intended to provide authentication, integrity, and confidentiality to users.

73
Q

What is Active Directory?

A

are the foundations of distributed networks built in windows 2000+.

provide secure structured hierarchal data storage objects for user, computers printers and services.

74
Q

What are the concepts in Active Directory?

A
Attributes
Containers and leaves
Objects name and identities
naming Contexts and directory partitions
Domain Trees 
Forest
Active Directory Server and Dynamic DNS
Replication and data Integrity.
75
Q

What are the concepts in Active Directory Attributes?

A

Each object in AD contains a set of attributes that define the characteristics of the object

76
Q

What are the concepts in Active Directory Containers and leaves?

A

Containers are object that contain other objects. Leave are objects that can contain no other objects.

77
Q

What are the concepts in Active Directory Objects name and identities?

A

Different identities for a given object.

Relative Distinguished Name
Distinguished Name
Object GUID

78
Q

What are the concepts in Active Directory domain tree?

A

is made up of several domains that share a common schema and configuration, forming a contiguous namespace.

79
Q

What are the concepts in Active Directory forest?

A

is a set of one or more domains trees that do not form a contiguous name space.

80
Q

What are the concepts in Active Directory server and Dynamic DNS?

A

publish there addresses such that clients can find them knowing only there domain name.

81
Q

What are the concepts in Active Directory replication and data integrity?

A

replicates on other servers to populate changes.

82
Q

dir /a

A

shows the hidden directories of a folder

83
Q

rmdir /s

A

removes the folder and everything in the folder

84
Q

what does “create con”

A

Create a file and lets you add the test

85
Q

what does “type filename”

A

displays the contents of the text file

86
Q

what does more filename

A

displays the contents of the text file

87
Q

what does del do?

A

deletes a file name