CCNA Cyber Ops FAQ: Windows-Based Analysis

CCNA Cyber Ops FAQ: Windows-Based Analysis

Q1. Which of the follow best describes Windows process permissions?
A. User authentication data is stored in a token that is used to describe the security context of all processes associated with the user.

B. Windows generates processes based on super user–level security permissions and limits processes based on predefined user authentication settings.

C. Windows process permissions are developed by Microsoft and enforced by the host system administrator.

D. Windows grants access to all processes unless otherwise defined by the Windows administrator.

Answer: A. Although the other answers are somewhat correct, Answer A is the most specific and correct definition of process permissions as they relate to Windows.

Q2. Which of the following of the following is a true statement about a stack and heap?
A. Heaps can allocate a block of memory at any time and free it at any time.

B. Stacks can allocate a block of memory at any time and free it at any time.

C. Heaps are best for when you know exactly how much memory you should use.

D. Stacks are best when you don’t know how much memory to use.

Answer: A. Answer A is the best comparison of a heap and stack.

Q3. What is the Windows registry?
A. A list of registered software on the Windows operating system

B. Memory allocated to running programs

C. A database used to store information necessary to configure the system for users, applications, and hardware devices

D. A list of drivers for applications running on the Windows operating system

Answer: C. Answer C is the correct definition of the Windows registry.

Q4. Which of the following is a function of the Windows registry?
A. To register software with the application provider
B. To load device drivers and start up programs
C. To back up application registration data
D. To log upgrade information

Answer: B. Some of the functions of the Windows registry are to load device drivers, run startup programs, set environmental variables, and store user settings and operating system parameters.

Q5. Which of the following statements is true?
A. WMI is a command standard used by most operating systems.

B. WMI cannot run on older versions of Windows such as Windows 98.

C. WMI is a defense program designed to prevent scripting languages from managing Microsoft Windows computers and services.

D. WMI allows scripting languages to locally and remotely manage Microsoft Windows computers and services.

Answer: D. Answer D is the correct explanation of WMI.

Q6. What is a virtual address space in Windows?
A. The physical memory allocated for processes

B. A temporary space for processes to execute

C. The set of virtual memory addresses that reference the physical memory object a process is permitted to use

D. The virtual memory address used for storing applications

Answer: C. Answer C is the best explanation of virtual address space in Windows.

Q7. What is the difference between a handle and pointer?
A. A handle is an abstract reference to a value, whereas a pointer is a direct reference.

B. A pointer is an abstract reference to a value, whereas a handle is a direct reference.

C. A pointer is a reference to a handle.

D. A handle is a reference to a pointer.

Answer: A. Answer A is the correct explanation of a pointer and handle.

Q8. Which of the following is true about handles?
A. When Windows moves an object such as a memory block to make room in memory and the location of the object is impacted, the handles table is updated.

B. Programmers can change a handle using Windows API.

C. Handles can grant access rights against the operating system.

D. When Windows moves an object such as a memory block to make room in memory and the location of the object is impacted, the pointer to the handle is updated.

Answer: A. Answer A is a correct statement. Answer B is incorrect because programmers don’t change handles. Answer C is incorrect because the OS provides handles. Answer D is incorrect because a pointer and handle are different things.

Q9. Which of the following is true about Windows services?
A. Windows services only function when a user has accessed the system.

B. The Services Control Manager is the programming interface for modifying the configuration of Windows Services.

C. Microsoft Windows services run in their own user session.

D. Stopping a service requires a system reboot.

Answer: C. Windows services run in their own session and therefore can operate with or without a user logged in.

Q10. What is an IIS parser log used for?
A. For logging specific Windows events
B. For backing up Windows logs
C. To generate alerts and log events
D. To provide universal query access to text-based data such as logs

Answer: D. Answer D is the correct explanation of a log parser.

Q11. Which is the best definition of a Windows process?
A. A program that is running within Windows

B. The basic unit an operating system allocates process time to

C. A group of worker threads that efficiently execute asynchronous callbacks for the application

D. A unit of execution that is manually scheduled by an application

Answer: A. Answer A is the best definition of a Windows process. Answer B describes a thread, Answer C describes a thread pool, and Answer D describes a fiber.

Q12. Which statement about virtual address space is true?
A. The virtual address space is shared by the system and referenced by a page table for each process.

B. The virtual address space is private and cannot be accessed by other processes unless it is specifically shared.

C. The virtual address represents the physical location of any object in memory.

D. Virtual address space cannot be shared.

Answer: B. Answer B is the only correct statement. Virtual address space is not shared unless it is specified. It is a reference to the physical location and not the actual physical location of an object in memory.

Q13. RAM is an example of which of the following?
A. Magnetic storage
B. Nonvolatile memory
C. Volatile memory
D. Removable storage

Answer: C. RAM is an example of volatile memory.

Q14. Which command is used to view the Windows Registry?
A. winedit
B. winreg
C. regedit
D. cntedit

Answer: C. The command regedit is used to view the Windows Registry.

Q15. Which of the following is not a Windows Registry hive?
A. HKEY_LOCAL (HKLM)
B. HKEY_CLASSES_ROOT (HKCR)
C. HKEY_CURRENT_CONFIG (HCU)
D. HKEY_USERS (HKU)

Answer: A. HKEY_LOCAL (HKLM) is not a Windows Registry hive.

Q16. What does WMI stand for?
A. Windows Management Instructions
B. Windows Management Instrumentation
C. Windows Monitor Instrumentation
D. Windows Monitor Instructions

Answer: B. Windows Management Instrumentation is the correct name.

Q17. Which of the following is something WMI can’t be used for?
A. To schedule times for processes to run
B. To assign and change drive label
C. To uninstall an application
D. To enable or disable error logging

Answer: C. WMI can’t be used to uninstall an application.

Q18. What can cause a handle leak?
A. A loop that leverages a handle
B. A Windows compiler error
C. A handle that’s not released after being used
D. A pointer to a handle

Answer: C. A handle that’s not released after being used is an example of how a handle leak could occur.

Q19. What is the command to bring up the Windows Services Control manager?
A. cntmanage
B. services.msc
C. regedit
D. services.exe

Answer: B. The correct command is services.msc.

Q20. What tool can be used in Windows to format a log for a SQL server?
A. SIEM
B. Programing Language
C. Event View
D. Log Parser

Answer: D. The Log Parser is a common Windows tool that can be used to adjust logs for this purpose.

 

More Resources

About the author

Scott

Leave a Comment