{ "@context": "https://schema.org", "@type": "Organization", "name": "Brainscape", "url": "https://www.brainscape.com/", "logo": "https://www.brainscape.com/pks/images/cms/public-views/shared/Brainscape-logo-c4e172b280b4616f7fda.svg", "sameAs": [ "https://www.facebook.com/Brainscape", "https://x.com/brainscape", "https://www.linkedin.com/company/brainscape", "https://www.instagram.com/brainscape/", "https://www.tiktok.com/@brainscapeu", "https://www.pinterest.com/brainscape/", "https://www.youtube.com/@BrainscapeNY" ], "contactPoint": { "@type": "ContactPoint", "telephone": "(929) 334-4005", "contactType": "customer service", "availableLanguage": ["English"] }, "founder": { "@type": "Person", "name": "Andrew Cohen" }, "description": "Brainscape’s spaced repetition system is proven to DOUBLE learning results! Find, make, and study flashcards online or in our mobile app. Serious learners only.", "address": { "@type": "PostalAddress", "streetAddress": "159 W 25th St, Ste 517", "addressLocality": "New York", "addressRegion": "NY", "postalCode": "10001", "addressCountry": "USA" } }

Windows V2 Flashcards

(29 cards)

1
Q

What is Phase 1 of the Windows Boot Process?

A

Phase 1 (Pre-Boot): The PC’s firmware performs the POST, loads firmware settings, identifies a valid system disk, reads the MBR, and starts the Windows Boot Manager from %SystemDrive%\bootmgr.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the purpose of Phase 2 (Windows Boot Manager) in the Windows Boot Process?

A

Phase 2 (Windows Boot Manager) locates and initiates the Windows loader (Winload.exe) from the Windows boot partition at %SystemRoot%\system32\winload.exe.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What happens during Phase 3 (Windows OS Loader) in the boot process?

A

In Phase 3, essential drivers required to start the Windows kernel are loaded and the kernel begins running. The critical file is %SystemRoot%\system32\ntoskrnl.exe.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe what occurs in Phase 4 (Windows NT OS Kernel) of the Windows Boot Process.

A

Phase 4 involves the kernel loading the system registry hive, additional drivers marked as BOOT_START, and taking control by passing execution to the session manager process (Smss.exe) after the GUI loads.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does HKEY_LOCAL_MACHINE (HKLM) in the Windows Registry store?

A

HKLM holds settings specific to the local computer. It is maintained in memory by the system kernel and includes subkeys such as SAM, SECURITY, SYSTEM, and SOFTWARE.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What information is stored in the SAM subkey of HKLM?

A

The SAM subkey contains all built-in and configured user accounts, including usernames, unique identifiers, cryptographic password hashes, the location of each user’s registry hive, status flags, and domain group memberships.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What does HKEY_CLASSES_ROOT (HKCR) contain?

A

HKCR contains information about registered applications, such as file associations and OLE Object Class IDs, and is compiled from both user-based (HKCU) and machine-based (HKLM) software class settings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the role of HKEY_CURRENT_USER (HKCU) in the Windows Registry?

A

HKCU stores settings specific to the currently logged-in user and is linked to the corresponding subkey in HKEY_USERS, which stores individual user settings from NTUSER.DAT and USRCLASS.DAT files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is HKEY_CURRENT_CONFIG (HKCC) used for?

A

HKCC acts as a pointer to the hardware profile currently in use by referencing configuration information stored in the SYSTEM subkey of HKLM.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does HKEY_USERS (HKU) contain?

A

HKU contains a SID subkey for each loaded (logged in) user profile—including system, default, and special accounts—with settings loaded from each profile’s NTUSER.DAT and USRCLASS.DAT files.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is a Security Identifier (SID) in Windows?

A

A SID is a unique string that identifies a security principal (user account or group) in Windows. It is structured with an ‘S’ flag, a revision level, an ID authority, sub-authority values, and a Relative Identifier (RID).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How is the SID used when a user signs in on Windows?

A

Upon sign-in, Windows creates an access token that contains the user’s SID along with the SIDs of any groups the user belongs to, enabling the enforcement of security policies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Break down the components of the SID example: S-1-5-21-776561741-162531612-682003330-500.

A

‘S’ indicates the string is a SID, ‘1’ is the revision level, ‘5’ is the ID authority, the following series (21-776561741-162531612-682003330) represents the sub-authority values with a domain/system identifier, and ‘500’ is the Relative Identifier (RID) unique to the account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Name some well-known SIDs and their associated accounts.

A

Examples include: S-1-5-18 for Local System, S-1-5-19 for Local Service, S-1-5-20 for Network Service, S-1-5-[4a]-500 for the Administrator account, and S-1-5-[4a]-501 for the Guest account.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the purpose of the ‘Get’ command in PowerShell?

A

The ‘Get’ command retrieves information from the system, such as with ‘get-help’ which provides documentation on various commands.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

List basic PowerShell commands along with their use cases.

A

Key commands include: Get (retrieve data), Start (run processes or jobs), Out (send output to a file), Stop (terminate processes), Set (define or change settings), and New (create items like SMB shares).

17
Q

What does the ‘tasklist’ command do in Windows and what are some of its options?

A

‘tasklist’ displays a list of currently running processes. Options include /s (specify remote computer), /u and /p (specify user credentials), /fo (output format such as table, list, or csv), /fi (filter criteria), /m (modules loaded), and /v (verbose information).

18
Q

What are some key options for the ‘ipconfig’ command in Windows?

A

‘ipconfig’ options include: /all for detailed TCP/IP configuration, /release to send a DHCP release message, /renew to request a new IP address, and /flushdns to clear the DNS resolver cache.

19
Q

What is the function of the ‘netstat’ command in Windows?

A

‘netstat’ displays active TCP connections and shows the ports on which the computer is listening for communications.

20
Q

What does the ‘tracert’ command do, and what is one of its options?

A

‘tracert’ determines the network path to a destination by sending ICMP echo requests with incrementally increasing TTL values; the /h option specifies the maximum number of hops.

21
Q

What is SysWOW64 in the context of Windows?

A

SysWOW64 is a subsystem in 64-bit Windows that enables the operating system to run 32-bit applications.

22
Q

What is a Dynamic Link Library (DLL) and its purpose in Windows?

A

A DLL is a library that contains code and data which can be used by multiple programs at the same time, promoting modular design and efficient memory use.

23
Q

Define a Hard Link and its usage in file systems.

A

A Hard Link is a directory entry that associates a name with a file on a file system. On Windows, only NTFS supports hard links, and on Unix-like systems a hard link points to a file’s inode.

24
Q

What is a Symbolic Link (symlink) in Windows, and how does it work?

A

A Symbolic Link is a file that contains a reference to another file or directory in the form of an absolute or relative path. On Windows, symlinks are limited in support and often work as shortcuts.

25
What is an inode in the context of file systems?
An inode is a data structure that stores metadata about a file or directory (such as size, ownership, timestamps, permissions, and pointers to data blocks) used by Unix-like file systems.
26
What does the Universal Naming Convention (UNC) refer to in Windows?
UNC is a standard for specifying network file paths using the format: \\host-name\\share-name followed by the file path (e.g., \\server-01\\share-01\\file1.txt).
27
Where are Windows System Registry files typically stored on Windows NT systems?
They are typically stored in the directory C:\Windows\System32\config\.
28
Where is Windows DNS information located in the file system?
Windows DNS information is commonly stored in C:\WINDOWS\system32\DNS.
29
Where are Windows event logs stored and what types of logs can be found there?
Windows event logs are stored in C:\WINDOWS\System32\config\ and detailed logs in C:\Windows\System32\Winevt\Logs\. These include Event, Error, Warning, and Information logs.