CCNA Cyber Ops FAQ: Windows-Based Analysis
Q1. Which of the follow best describes Windows process permissions?
A. User authentication data is stored in a token that is used to describe the security context of all processes associated with the user.
B. Windows generates processes based on super user–level security permissions and limits processes based on predefined user authentication settings.
C. Windows process permissions are developed by Microsoft and enforced by the host system administrator.
D. Windows grants access to all processes unless otherwise defined by the Windows administrator.
Q2. Which of the following of the following is a true statement about a stack and heap?
A. Heaps can allocate a block of memory at any time and free it at any time.
B. Stacks can allocate a block of memory at any time and free it at any time.
C. Heaps are best for when you know exactly how much memory you should use.
D. Stacks are best when you don’t know how much memory to use.
Q3. What is the Windows registry?
A. A list of registered software on the Windows operating system
B. Memory allocated to running programs
C. A database used to store information necessary to configure the system for users, applications, and hardware devices
D. A list of drivers for applications running on the Windows operating system
Q4. Which of the following is a function of the Windows registry?
A. To register software with the application provider
B. To load device drivers and start up programs
C. To back up application registration data
D. To log upgrade information
Q5. Which of the following statements is true?
A. WMI is a command standard used by most operating systems.
B. WMI cannot run on older versions of Windows such as Windows 98.
C. WMI is a defense program designed to prevent scripting languages from managing Microsoft Windows computers and services.
D. WMI allows scripting languages to locally and remotely manage Microsoft Windows computers and services.
Q6. What is a virtual address space in Windows?
A. The physical memory allocated for processes
B. A temporary space for processes to execute
C. The set of virtual memory addresses that reference the physical memory object a process is permitted to use
D. The virtual memory address used for storing applications
Q7. What is the difference between a handle and pointer?
A. A handle is an abstract reference to a value, whereas a pointer is a direct reference.
B. A pointer is an abstract reference to a value, whereas a handle is a direct reference.
C. A pointer is a reference to a handle.
D. A handle is a reference to a pointer.
Q8. Which of the following is true about handles?
A. When Windows moves an object such as a memory block to make room in memory and the location of the object is impacted, the handles table is updated.
B. Programmers can change a handle using Windows API.
C. Handles can grant access rights against the operating system.
D. When Windows moves an object such as a memory block to make room in memory and the location of the object is impacted, the pointer to the handle is updated.
Q9. Which of the following is true about Windows services?
A. Windows services only function when a user has accessed the system.
B. The Services Control Manager is the programming interface for modifying the configuration of Windows Services.
C. Microsoft Windows services run in their own user session.
D. Stopping a service requires a system reboot.
Q10. What is an IIS parser log used for?
A. For logging specific Windows events
B. For backing up Windows logs
C. To generate alerts and log events
D. To provide universal query access to text-based data such as logs
Q11. Which is the best definition of a Windows process?
A. A program that is running within Windows
B. The basic unit an operating system allocates process time to
C. A group of worker threads that efficiently execute asynchronous callbacks for the application
D. A unit of execution that is manually scheduled by an application
Q12. Which statement about virtual address space is true?
A. The virtual address space is shared by the system and referenced by a page table for each process.
B. The virtual address space is private and cannot be accessed by other processes unless it is specifically shared.
C. The virtual address represents the physical location of any object in memory.
D. Virtual address space cannot be shared.
Q13. RAM is an example of which of the following?
A. Magnetic storage
B. Nonvolatile memory
C. Volatile memory
D. Removable storage
Q14. Which command is used to view the Windows Registry?
A. winedit
B. winreg
C. regedit
D. cntedit
Q15. Which of the following is not a Windows Registry hive?
A. HKEY_LOCAL (HKLM)
B. HKEY_CLASSES_ROOT (HKCR)
C. HKEY_CURRENT_CONFIG (HCU)
D. HKEY_USERS (HKU)
Q16. What does WMI stand for?
A. Windows Management Instructions
B. Windows Management Instrumentation
C. Windows Monitor Instrumentation
D. Windows Monitor Instructions
Q17. Which of the following is something WMI can’t be used for?
A. To schedule times for processes to run
B. To assign and change drive label
C. To uninstall an application
D. To enable or disable error logging
Q18. What can cause a handle leak?
A. A loop that leverages a handle
B. A Windows compiler error
C. A handle that’s not released after being used
D. A pointer to a handle
Q19. What is the command to bring up the Windows Services Control manager?
A. cntmanage
B. services.msc
C. regedit
D. services.exe
Q20. What tool can be used in Windows to format a log for a SQL server?
A. SIEM
B. Programing Language
C. Event View
D. Log Parser
More Resources