Windows Flashcards

(25 cards)

1
Q

What is the first phase of the Windows Boot Process?

A

Pre-Boot phase

In this phase, the PC’s firmware initiates a POST and loads firmware settings. The system identifies a valid system disk and reads the MBR, starting the Windows Boot Manager.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does the Windows Boot Manager do?

A

Finds and starts the Windows loader (Winload.exe)

It is located on the Windows boot partition at %SystemRoot%\system32\winload.exe.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which file is key during the Windows OS Loader phase?

A

%SystemRoot%\system32\ntoskrnl.exe

Essential drivers required to start the Windows kernel are loaded in this phase.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does the Windows NT OS Kernel do?

A

Picks up registry settings, loads drivers, and passes control to the session manager process (Smss.exe)

The kernel loads the system registry hive into memory and handles the GUI.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does HKEY_LOCAL_MACHINE (HKLM) store?

A

Settings specific to the local computer

Maintained in memory by the system kernel and contains sub-keys for SAM, SECURITY, SYSTEM, and SOFTWARE.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What information does the SAM sub-key contain?

A

Built-in accounts and configured accounts

Includes usernames, user identifiers, password hashes, registry hive locations, and domain status.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the purpose of the SECURITY sub-key?

A

Linked to the security database of the domain

It enforces the security policy for the current user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What does the SYSTEM sub-key contain?

A

Information about the Windows System setup

It is crucial for the operational configuration of the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What type of information does HKEY_CLASSES_ROOT (HKCR) contain?

A

Information about registered applications

This includes file associations and OLE Object Class IDs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does HKEY_CURRENT_USER (HKCU) store?

A

Settings specific to the currently logged-in user

HKCU is a link to the user-specific subkey in HKEY_USERS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is the function of HKEY_CURRENT_CONFIG (HKCC)?

A

Acts as a pointer to the current hardware profile

It is a shortcut to the HKLM hive, where configuration information is stored.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What does HKEY_USERS (HKU) contain?

A

A SID sub-key for all loaded user profiles

User profile settings are stored in NTUSER.DAT and USRCLASS.dat files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is a Security Identifier (SID)?

A

A unique identifier for a security principal or security group

Each account or group has a unique SID issued by an authority such as a Windows Domain Controller.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What are the components of a SID?

A

String ID, revision level, ID authority

Each component helps to define the SID structure and its authority level.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does the PowerShell command ‘Get’ do?

A

To get something

Example: get-help.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the function of the ‘tasklist’ command?

A

Displays a list of currently running processes

Can be used on local or remote computers.

17
Q

What does the ‘ipconfig’ command do?

A

Displays current TCP/IP network configuration values

It can also refresh DHCP and DNS settings.

18
Q

What is SysWOW64?

A

Subsystem of Windows OS for running 32-bit applications on 64-bit Windows

It allows compatibility for older applications.

19
Q

What is a Dynamic Link Library (DLL)?

A

A library containing code and data used by multiple programs

It allows for shared functionality among applications.

20
Q

What is a hard link?

A

A directory entry that associates a name with a file

It points to the inode of the file and shares the same data block.

21
Q

What is a symbolic link?

A

A file that contains a reference to another file or directory

It affects pathname resolution and can be treated as an alias in Unix systems.

22
Q

What information does an inode store?

A

Metadata for each file and directory

Includes file size, ownership, timestamps, access permissions, and number of links.

23
Q

What is the Universal Naming Convention (UNC)?

A

A format for specifying the location of resources on a network

Example: \server-01\share-01\file1.txt.

24
Q

Where are Windows Registry files stored?

A

C:\Windows\System32\config\

This location contains critical system configuration data.

25
Where can you find Windows event logs?
C:\Windows\System32\config\ ## Footnote Logged circumstances are located in C:\Windows\System32\Winevt\Logs\.