1. When a user makes changes to the settings of a Windows system, where are these changes stored?
- win.ini
- boot.ini
- Registry
- Control Panel
Explanation: The registry contains information about applications, users, hardware, network settings, and file types. The registry also contains a unique section for every user, which contains the settings configured by that particular user.
2. Which user account should be used only to perform system management and not as the account for regular use?
- standard user
- administrator
- power user
- guest
Explanation: The administrator account is used to manage the computer and is very powerful. Best practices recommend that it be used only when it is needed to avoid accidentally performing significant changes to the system.
3. Which command is used to manually query a DNS server to resolve a specific host name?
- ipconfig /displaydns
- net
- tracert
- nslookup
Explanation: The nslookup command was created to allow a user to manually query a DNS server to resolve a given host name. The ipconfig /displaydns command only displays previously resolved DNS entries. The tracert command was created to examine the path that packets take as they cross a network and can resolve a hostname by automatically querying a DNS server. The net command is used to manage network computers, servers, printers, and network drives.
4. For security reasons a network administrator needs to ensure that local computers cannot ping each other. Which settings can accomplish this task?
- smartcard settings
- MAC address settings
- file system settings
- firewall settings
Explanation: Smartcard and file system settings do not affect network operation. MAC address settings and filtering may be used to control device network access but cannot be used to filter different data traffic types.
5. What contains information on how hard drive partitions are organized?
- BOOTMGR
- Windows Registry
- CPU
- MBR
Explanation: The master boot record (MBR) contains a small program that is responsible for locating and loading the operating system. The BIOS executes this code and the operating system starts to load.
6. What utility is used to show the system resources consumed by each user?
- Device Manager
- User Accounts
- Task Manager
- Event Viewer
Explanation: The Windows Task Manager utility includes a Users tab from which the system resources consumed by each user can be displayed.
7. What term is used to describe a logical drive that can be formatted to store data?
- sector
- volume
- partition
- cluster
- track
Explanation: Hard disk drives are organized by several physical and logical structures. Partitions are logical portions of the disk that can be formatted to store data. Partitions consist of tracks, sectors, and clusters. Tracks are concentric rings on the disk surface. Tracks are divided into sectors and multiple sectors are combined logically to form clusters
8. How much RAM is addressable by a 32-bit version of Windows?
- 16 GB
- 8 GB
- 4 GB
- 32 GB
Explanation: A 32-bit operating system is capable of supporting approximately 4 GB of memory. This is because 2^32 is approximately 4 GB.
9. Which Windows version was the first to introduce a 64-bit Windows operating system?
- Windows 10
- Windows 7
- Windows NT
- Windows XP
Explanation: There are more than 20 releases and versions of the Windows operating system. The Windows XP release introduced 64-bit processing to WIndows computing.
10. Which net command is used on a Windows PC to establish a connection to a shared directory on a remote server?
- net start
- net session
- net use
- net share
Explanation: The net command is a very important command in Windows. Some common net commands include the following:
- net accounts – sets password and logon requirements for users
- net session – lists or disconnects sessions between a computer and other computers on the network
- net share – creates, removes, or manages shared resources
- net start – starts a network service or lists running network services
- net stop – stops a network service
- net use – connects, disconnects, and displays information about shared network resources
- net view – shows a list of computers and network devices on the network
11. What is the purpose of the cd command?
- changes directory to the previous directory
- changes directory to the root directory
- changes directory to the next highest directory
- changes directory to the next lower directory
Explanation: CLI commands are typed into the Command Prompt window of the Windows operating system. The cd command is used to change the directory to the Windows root directory.
12. What would be displayed if the netstat -abno command was entered on a Windows PC?
- only active UDP connections in an LISTENING state
- a local routing table
- all active TCP and UDP connections, their current state, and their associated process ID (PID)
- only active TCP connections in an ESTABLISHED state
Explanation: With the optional switch -abno, the netstat command will display all network connections together with associated running processes. It helps a user identify possible malware connections.
13. A security incident has been filed and an employee believes that someone has been on the computer since the employee left last night. The employee states that the computer was turned off before the employee left for the evening. The computer is running slowly and applications are acting strangely. Which Microsoft Windows tool would be used by the security analyst to determine if and when someone logged on to the computer after working hours?
- PowerShell
- Event Viewer
- Performance Monitor
- Task Manager
Explanation: Event Viewer is used to investigate the history of application, security, and system events. Events show the date and time that the event occurred along with the source of the event. If a cybersecurity analyst has the address of the Windows computer targeted or the date and time that a security breach occurred, the analyst could use Event Viewer to document and prove what occurred on the computer.