MOD D05: Windows File Sys Logging

Question 1

What does FAT stand for?

Answer 1

File Allocation Table

Question 2

What is at the end of the File Allocation Table?

Answer 2

EOF

(End of File)

Question 3

What devices are File Allocation Table systems still widely used on?

Answer 3

USB Memory Sticks

(slide answer: till widely used on USB memory sticks or memory cards for file storage.)

Question 4

How many sectors does a FAT file system have?

• 16
• 64
• 128
• 4
• 1
• 32
• 8

Answer 4

4

Question 5

What part of FAT contains the startup code?

Answer 5

Boot Sector

Question 6

What is the maximum amount of clusters that FAT32 allows?

Answer 6

268,435,456

Question 7

How many bits is each FAT12 entry?

Answer 7

12

Question 8

How many bits is each FAT32 entry for addressing clusters?

Answer 8

28

Question 9

What is the maximum volume size of FAT 32?

Answer 9

2 TB

Question 10

What is the maximum volume size of FAT12?

• 32 MB
• 16 MB
• 16 Mb
• 64 Mb
• 8 MB

Answer 10

16 MB

Question 11

What is the FAT terminated by?

• 55BB
• End of file marker / EOF marker
• B5B5
• FI
• done

Answer 11

End of file marker / EOF marker

Question 12

When was NTFS Introduced?

• 1993
• 1990
• 2000
• 1984
• 2001
• 2004
• 8675309

Answer 12

1993

Question 13

What was the max file size for NTFS when it was released?

• 48 TB
• 30 TB
• 42 TB
• 32 TB
• 4 GB
• 16 TB
• 4 PB

Answer 13

16 TB

Question 14

Does FAT32 allow for compression?

Answer 14

NO

Question 15

Which file system works with Win 98?

• NAFS
• NTFS
• FAT32
• EXT4
• EXT3
• EXT2

Answer 15

FAT32

Question 16

What does MFT stand for?

Answer 16

Master File Table

Question 17

If you want to see what type of file system you are running, what is the windows command line syntax?

Answer 17

fsutil fsinfo volumeinfo C:

Question 18

What is the max file size in NTFS?

• 100 TB
• 60 GB
• 32 GB
• 256 TB
• 32 TB
• 16 PB
• 512 Mb
• 64 PT
• 128 TB
• 512
• 256

Answer 18

256 TB

Question 19

Can an administrator clear the windows logs

[Yes / No]

Answer 19

Yes

Question 20

Where can you view event logs? (GUI)

• System Accountant
• C:\Windows\System32
• Windows Event Viewer
• auditpol

Answer 20

Windows Event Viewer

Question 21

Third party applications can integrate into Windows logging.

[True / False]

Answer 21

True

Question 22

If a driver fails, which log records this failure?

• Application
• System
• Special
• Security

Answer 22

System

Question 23

A Success audit is a type of log.

[True / False]

Answer 23

True

Question 24

A failed login attempt would be recorded in which log?

• Application
• System
• Special
• Security

Answer 24

Security

Question 25

Where are the event logs stored on windows? * SYSTEM * C:\windows\log * C:\windows\system32 * C:\windows\system32\winevt\logs * HKLM:\SAM * $C

Answer 25

C:\windows\system32\winevt\logs

Question 26

What helps when sifting through logs? * powershell * systeminfo * ascil * Log manager * notepad * sysanalyzer

Answer 26

Log manager

Question 27

What is the number that is associated with each log called?

Answer 27

Event ID

Question 28

If you wanted your computer to run a disk cleanup once every two weeks, what would allow you to set that up?

Answer 28

Task Scheduler

Question 29

What partition in Windows 10 contains the files that start the operating system?

Answer 29

Active Primary

Question 30

What file table does NTFS use for managing access to files in Windows 10?

Answer 30

MFT

Question 31

What option in NTFS supports reducing the amount of space needed to store a file?

Answer 31

Compress / Compression

Question 32

What process places a file system on a disk by creating the root of the directory structure and the file system?

Answer 32

Formatting

Question 33

What is the name at the end of a file called that indicates the type of data contained in the program?

Answer 33

File extension

Question 34

Which logs can only admin typically see? * Application * System * Special * Security

Answer 34

Security

Question 35

What is a way that the OS records important actions?

Answer 35

logging

Question 36

What are records of events that happen in your computer, either by a person or by a running process? They help you track what happened and troubleshoot problems.

Answer 36

logs

Question 37

What windows command allows you to display a list of folder’s files? * Dir * list * ls * view * pwd

Answer 37

Dir

Question 38

How do you clear the screen in windows command line? * view no more * exit * clear * avada kedavra * cls

Answer 38

cls

Question 39

In Powershell, what command allows you to get events and event logs?

Answer 39

Get-EventLog

Question 40

What Powershell command allows you to delete a log?

Answer 40

Remove-eventlog

Question 41

What is the smallest unit that can be accessed on a storage device like an HDD or SSD?

Answer 41

Sector