Labs for Quiz 1 Vargas

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

The default root user account was removed from Kali in the 2020.1 release.

true

one can download 64-bit, 32-bit and Apple M1 versions of Kali.

true

some very small differences do exist between the registries of the different Windows versions

true

the .ISO contains all of the files needed to install an operating system

true

there are third party utilities that also allow one to edit and manage the Windows Registry, such as RegCool and RegAlyzer

true

values of the REG_BINARY type contain raw binary data and are displayed in hexadecimal format

true

verifying the SHA256 sum of the downloaded file does NOT mean that the file has not been trojanized.

true

when creating VM's, we change GW ENTERPRISE B50 LAB to the computer's D: Drive.

true

whenever an application or peripheral is installed on a system, related entries are added in a specific location in the Windows Registry. The Registry entry is then accessed by the operating system, as needed.

true

while Registry Editor is the default application used to view and make changes to the Registry, it is not the Registry itself.

true

REG_MULTI_SZ

- Data entries that comprise multiple text strings - Commas or spaces separate the strings, and two null characters (which the registry editors do not display) terminate the entry.

Each hive contains a ________ ____

registry tree

MAC address policy options

• Include all network adapter MAC addresses • Include only NAT network adapter MAC address (default) • Generate new MAC addresses for all network adapters o Assigns a new MAC address to each network card. This is the best option when both the source VM and the copy must operate on the same network

How to turn off windows updates

• Open an elevated Command Prompt (CMD) or PowerShell session • Type 'sconfig' and press Enter • Select option 5 and press Enter • Select 'M' (for Manual updates) and press Enter o One would select 'A' to automatically download and install updates or 'D' for download only • Select '15' and press Enter to exit to the command line

Minimum requirements for installing Kali

• Processor: i386, amd64, or ARM platform • Disk Space: Minimum of 20 GB • Memory (RAM): Minimum of 1GB (2GB or more is recommended) • CD-DVD Drive / USB boot support / VirtualBox

Ways to shutdown Kali

- Via the GUI - Click on the circle icon in the top right of the desktop - Via the CLI - At the command line, enter the command 'sudo shutdown -h now':

REG_SZ

- fixed-length text strings. Most of the entries that use this type are either Boolean or have short text string values. - This data type is common and probably arises almost as frequently as the REG_DWORD type.

bootloader

- the first program started by the BIOS/UEFI - loads the Linux kernel into memory and then executes it.

REG_DWORD

- two 16-bit words, making the value 32 bits. - the most common data type in the registry. Entries of this type contain device driver information, Boolean values, quantities (e.g., the number of seconds that can elapse before something happens or doesn't happen), and other assorted information.

OVF file extensions

.OVA, .OFV

How to enable root

1. As the CLI, run the command 'sudo su' 2. Enter the appropriate password 3. Run the command 'passwd root' 4. Enter and then reenter the password one wants for the root account 5. Log out and log back in as root

two ways to delete a powered off VM (one cannot delete a running VM):

1. Select the VM on the right panel of the VirtualBox Manager, select the "Machine" menu item and select 'Remove 2. Right click on the VM from the right panel and select 'Remove' from the dropdown menu

There are _ Windows 10 hives

5

GNOME

A common desktop environment.

KDE Plasma

A common desktop environment.

Xfce

A desktop environment is a variety of components that provide the GUI

Subkey (registry key)

A folder within a subfolder. Subkeys may, in turn, contain other subkeys.

Key (registry key)

A subfolder

Sysinternals Process Monitor (Procmon)

A way to confirm that the registry is constantly being referred to by windows.

When a user logs in, their credentials must match those saved in ______ _________

Active Directory

Sections under view in regedit menu

Address Bar Split Display Binary Data Refresh Font

Manual (Kali guided option)

Allows for greater flexibility by allowing the user to choose the purpose and size of each partition. This mode is required for software RAID configurations. This option is meant for experienced users because it presents more granular options

Bare Metal

Allows one to download a .ISO file that one uses to install Kali directly onto computer hardware, as opposed to running it as a guest virtual machine - Can also be used to create VM's

ARM (Kali)

Allows one to install Kali on computers with ARM chips.

Everything (Kali)

An all-packages-in-one solution.

Using load hive ex

Another reason for doing this would be to change a particular part of the Registry on a remote system. For example, if you needed to repair an area of the Registry, you could load the related hive file into the Registry of another machine and then repair the problem on the remote machine.

REG_EXPAND-SZ

Applies to entries that include one or more variables that an OS service or an application needs to resolve. The variables are the same variables one uses in batch files and scripts (e.g., \%systemroot%, \%username%).

Separate /home, /var, and /tmp partitions

Appropriate for servers and multi-user systems. It divides the file tree into many partitions. In addition to the root (/) and user accounts (/home) partitions, it also creates partitions for server software data (/var) and temporary files (/tmp). These divisions have several advantages. For example, users cannot lock up the server by consuming all available hard drive space (they can only fill up /tmp and /home). Also, daemon data (especially logs) can no longer clog up the rest of the system.

Registry values

Are instructions that are located within Registry keys (folders that contain more data), all within one of several Registry hives (main folders that categorize all the data in the Registry using subfolders).

Save the machine state

Because it saves the system's 'state', when one restarts the VM, it will continue from where it left off if there was any activity on the system.

Cancel

Cancels the operation and nothing is deleted.

HKEY_CURRENT_USER (HKCU)

Contains configuration information for Windows and software specific to the currently logged in user

HKEY_CLASSES_ROOT (HKCR)

Contains file extension association information, as well as a programmatic identifier (ProgID), Class ID (CLSID), and Interface ID (IID) data. Contains the necessary information for Windows to know what to do when it is asked to do something, such as, view the contents of a drive, or open a certain type of file, etc.

HKEY_LOCAL_MACHINE (HKLM)

Contains the majority of the configuration information for software installed, as well as for the Windows operating system itself. In addition to software configuration data, it contains a lot of valuable information about currently detected hardware and device drivers

HKEY_USERS (HKU)

Contains user-specific configuration information for all "currently active" users on the computer. Currently active users are users logged in at the moment and any other users who have also logged in but have since "switched users."

Accessible dark contrast installer menu

Converts installations screens to black and white

.VHD

Created by Microsoft Windows Hyper-V

.VDI

Created by Oracle VirtualBox

.VMDK

Created by VMware

Install with speech synthesis (kali)

Designed for the blind, this option reads the text from the installation-menu out loud

Display binary data (regedit)

Display data in binary format (where possible)

Partitioning

Divides the physical hard disk into logical sections called "partitions". Hard drives are normally partitioned according to the type of data that is stored on them and the use for which the computer is intended

HKEY_CURRENT_CONFIG (HKCC)

Does not store any information itself, but instead acts as a pointer to the Registry key that keeps information about the hardware profile currently being used. Specifically, it shortcuts to the HKEY_LOCAL_MACHINE hive. More specifically, to that hive's \SYSTEM\CurrentControlSet\Hardware Profiles\Current\ Registry key. It is there that the information is truly stored.

Windows Domain-based networks require the special servers called ______ __________

Domain Controllers

the 5 windows 10 hives

HKEY_CLASSES_ROOT (HKCR) HKEY_CURRENT_USER (HKCU) HKEY_LOCAL_MACHINE (HKLM) HKEY_USERS (HKU) HKEY_CURRENT_CONFIG (HKCC)

HKEY

Handle to Registry Key

Registry tree structure

Hive Key Subkey Value

Values that are present for selected adapters in the HKEY_LOCAL_MACHINE hive

IP Address Subnet Mask Default Gateway DNS Servers DHCP Server

Kali GNU/Linux

Immediately boots the user into Kali.

Sections under file in regedit menu

Import Export Load Hive Unload Hive Connect Network Registry Disconnect Network Registry Print Exit

hostnamectl | grep Kernel

In systemd based Linux distros like Kali, one can use the 'hotnamectl' command to display hostname and running Linux kernel version.

apt upgrade

Installs the newest versions of all packages currently installed on the system from the sources enumerated in "/etc/apt/sources.list". Packages currently installed with new versions available are retrieved and upgraded.

Containers (Kali)

Kali images for both the Docket and LXC/LXD platforms.

Files that can be used to create a VM

Live Image files (.ISO) Virtual Machine Image files (.VDI, VMDK, .VHD) Virtual appliance files (.OVA).

Storage on physical hard disk

Make sure that "Dynamically allocated" radio button is selected. This assures that the virtual machine's can grow and take space from the physical disk as files are added to the VM (applications, updates, etc)

Sections under edit in regedit menu

New Permissions Delete Rename Copy Key Name Find Find next

Virtual Machines (Kali)

One can download virtualized versions of Kali by selecting the option to the right of 'Bare Metal. If one selects this option, one is taken to a page that allows users to select from 64 and 32-bit versions of VMware and VirtualBox VMs.

Load Hive (regedit)

One may have to work with individual hive files. The most common reason for doing this is when one must modify a user's profile to correct an issue that prevents the user from accessing or using a system.

How to tell if guest additions is a required installation

One will not be able to increase the size of the VM's screen.

The ___ must be on and reachable for a workstation to join its Domain

PDC

Formatting

Prepares the selected partition to hold data by setting up a file system. The OS then uses the file system to locate data on the partition. In Linux, the default file system is ext4 (fourth extended file system)

Graphical install

Presents installation options via a GUI. The only difference between text-mode and graphical mode is in the visual appearance.

uname -r

Prints the kernel release.

the 5 main data types

REG_BINARY REG_DWORD REG_EXPAND-SZ REG_MULTI_SZ REG_SZ

The Windows Registry is accessed and configured using the ________ ______

Registry Editor

apt update

Resynchronizes the package index files from their sources. The indexes of available packages are fetched from the location(s) specified in "/etc/apt/sources.list"

Send the shutdown signal:

Same as pressing the power button on a real computer. This is the preferred shutdown option.

Guided - Use entire disk and set up LVM

Sets up LVM logical volumes instead of partitions.

How to change boot order in virtual box

Settings > System > Boot Order > select 'Hard Disk' and deselect the other selected options, which are usually 'Optical' and 'Floppy'.

cat /proc/version

Shows Linux kernel version with help of a special file.

Users in Active Directory Users and Computers

Shows someone all the users and groups in a domain

VM shutdown options

Shut down the OS from within the OS - via the GUI or CLI Select 'File' > 'Close' from VirtualBox Manager 'X' out from VirtualBox Manager

sddm

Simple Desktop Display Manager is the recommended display manager for KDE Plasma.

Hard disk file type

Since one will use this VM only in VirtualBox, select VDI (VirtualBox Disk Image) and click on Next. If one was creating the virtual machine for use with a hypervisor other than VirtualBox one would select one of the other listed options.

Separate /home partition

Splits the file hierarchy in two -- one partition contains the Linux system (/) and the second contains the user home directories under '/home'.

Power off the machine

Stops the VM without saving its state - equivalent to pulling the power plug on a real computer. Because it does not shut the VM down properly, it should be avoided as it may harm the guest.

Value (registry key)

The actual data within a folder. Each value has a name and data type, followed by a representation of the value's data.

File location

The default folder displayed shows the path where the VM will be stored and the name of the virtual machine file (in this case, 'Kali (ISO) .vdi'). One can change the default location in File > Preferences > General.

All files in one partition

The entire Linux system tree is stored in a single file system, corresponding to the root (/) directory. This simple and robust partitioning fits perfectly for personal or single-user systems. In actuality, two partitions will be created: the first will house the complete system, the second the virtual memory (swap)

Hive (registry tree)

The root folder

Guided - Use entire disk and set up encrypted LVM

The same as Guided - Use entire disk and set up LVM, but data is stored in an encrypted form using the Linux Unified Key Setup (LUKS) specification.

Account is disabled

This allows one to create the account but not immediately allow login. This option is also selected when one wants to disable the account of an existing user (i.e., before termination).

Hard disk

This is a very important step. The option selected here depends on type of source file. Since in this example the source is a .ISO file, one would select 'Create a virtual hard disk now'

Memory Size

This is the amount of memory that the VM will have available to it. The default memory size is usually insufficient so it is recommended that one at least double it

Machine Folder

This line displays where the folder for this VM will be created. Normally, there is no need to change this location unless one is using a different storage location.

User must change password at next logon

This option allows for the creation of a generic login for the user's first login attempt but the user will immediately be presented with a screen to select one's own password.

Delete all files

This option deletes the VM in VirtualBox's right panel including its folder in the file system. With this option, the VM is completely gone

User cannot change password

This option is usually set for generic accounts (i.e. receptionist) where one does not want the user to change the password.

Remove only

This option removes the VM from the left panel of VirtualBox but keeps its folder in the file system. As a result, one can re-add the VM to VirtualBox Manager.

file size

This setting can normally be left at its default, however, some Linux installations (i.e., Kali) will eventually generate a message that theirs is not enough disk space if one does so. If one sees this error, one must restart the installation and increase the default 'file size'.

Address Bar (regedit)

To add or remove the address bar.

Split (regedit)

To adjust the left and right sides of the screen.

Font (regedit)

To change the font, font style and/or size of the text that appears in the Registry.

Copy Key Name (regedit)

To copy the entire path of a key so that it can then be pasted into another document.

New (regedit)

To create a new Key, String Value, Binary Value, DWORD (32-bit) Value QWORD (64-bit) Value, Multi-String Value, or Expandable String Value.

Add to Favorites (regedit favorites tab)

To create shortcuts to frequently accessed areas of the Registry.

Remove Favorite (regedit favorites tab)

To delete any favorites.

Delete (regedit)

To delete keys and subkeys.

Disconnect Network Registry (regedit)

To disconnect from another computer's Windows Registry.

Mobile (Kali)

To download Kali NetHunter, an open-source penetration testing platform for Android devices. NetHunter allows for access to the Kali toolset from various supported Android devices.

Find Next (regedit)

To find the next instance of the keyword being searched for via 'Find'.

print (regedit)

To print portions of the registry to either paper or PDF.

refresh (regedit)

To redraw the screen.

Connect Network Registry (regedit)

To remotely connect to another computer's Windows Registry. One will have to provide the destination computer's name.

Rename (regedit)

To rename selected keys and subkeys.

Find (regedit)

To search for keywords in the Keys, Values and Data areas of the Registry.

unload hive (regedit)

To unload any loaded hives.

Permissions (regedit)

To view and/or change the permissions or any Registry entry

About Registry Editor (regedit help tab)

To view the version of Windows (not Registry Editor) one is operating.

Import (regedit)

Used to import .REG (Registration Files) files into the Windows Registry.

Export (Regedit)

Used to make a backup copy of the registry before editing settings. The file saved will have the .REG extension.

Live Boot (Kali)

Used when booting Kali as a live image/ISO

Installer (Kali)

Used when installing Kali onto a hard disk (physical or virtual). This is the option one will be selecting for this lab

NetInstaller (Kali)

Used when installing Kali over a network.

Advanced options for Kali GNU/Linux

Useful when troubleshooting, allows one to boot into previous versions of the Linux kernel in 'recovery mode'. If the kernel was never updated, on would see only one version of the kernel

WSL (Kali)

Version of Kali that can be run in Windows Subsystem for Linux (WSL) which allows one to run Linux on Windows, in an optimized container.

Cloud (Kali)

Version of Kali that can be run on one's AWS

Windows Registry

a collection of databases that contain the configuration settings for software programs, hardware devices, user preferences, and operating system configurations for a Windows operating system.

lightdm

a lightweight cross-desktop display manager (does not require a lot of memory).

hive

a logical group of keys, subkeys, and values in the registry that have a set of supporting files loaded into memory when the operating system is started or a user logs in.

Server Manager

a management console in Windows Server that helps sys admins provision and manage both local and remote Windows-based servers from the desktop, without requiring either physical access to servers, or the need to enable Remote Desktop protocol (RDP) for each server.

OVA file

a virtual appliance used by virtualization applications. It contains files used to describe a virtual machine and includes an .OVF descriptor file, optional manifest (.MF) and certificate files, and other related files.

How to launch registry editor

a. Entering the command 'regedit' at the Command Prompt b. Entering 'regedit' in the 'Search' box c. Entering 'regedit' in the 'Run' box from the Start menu

simple rules for dealing with the Registry

a. If one does not know what it is, do not mess with it! b. Always export one's settings (or the entire Registry database) before making Registry changes. c. Test configuration changes before they go live.

Methods to correct the error asking the user to boot off the CD:

a. System > Boot Order b. Storage > delete .ISO

Type 2 hypervisors (ex. virtualbox)

allow for the creation of guest operating systems that run on top of a computer's actual (host) operating system.

LVM

allows one to create "virtual" partitions that span over several disks. The benefits are twofold: - The size of the partitions are no longer limited by individual disks but by their cumulative volume - One can resize existing partitions at any time, possibly after adding an additional disk when needed.

Virtual memory, swap

allows the Linux kernel to store parts of the contents of RAM on the hard drive when there is insufficient RAM to hold all data. The items moved to swap are those that have been inactive for some time. While Linux can use either a swap file or swap partition (preferred) to accomplish this task, Windows operating systems use a swap file called "pagefile.sys", which is normally located at the root of the computer's C:\ partition. Data in swap is removed from the drive when the computer is rebooted

Registry Editor

an editing utility that is included with every version of Windows.

ISO file

an image of data that is used for distributing large file sets.

Weekly (Kali)

an untested image with the latest updates.

The integrity of the Registry is so important that any corruption can _____ the entire system.

brick

.REG files

contain keys and values that one wants to add to the system's Registry.

To be able to access the resources on a Windows Domain (shares, printers, etc), Windows computers must first be join the ______

domain

REG_BINARY

entries in which the data is raw binary data. This data type is used mostly for hardware-component information. Registry editors can display the data—and one can edit it—in either binary or hexadecimal format.

top 10 tools

i. aircrack-ng ii. hydra iii. nmap iv. wireshark v. burpsuite vi. john vii. responder viii. crackmapexec ix. metasploit-framework x. sqlmap

data type (value)

indicates what kind of data the value contains as well as how it is represented.

Guest additions are installed ______ a VM.

inside

The Windows 'set' command

is used to display, set, or remove cmd.exe environment variables.

Directory Services Restore Mode (DSRM).

is used with the DC suffers a critical failure and a repair or recovery procedure is required. This user and password are stored outside the directory database, allowing an Administrator to authenticate even if the directory database is not functional.

Time to download depends on _______ speed

network

Promoting a server to a Domain Controller (DC) will make the following changes to the server:

o Install a default Domain Database, populated with all of the default Domain objects. o Make the server a member of the new Domain. o Make the server the Primary Domain Controller (PDC) for the Domain and the Operations Master for the Domain and the Forest: § Domain Naming Master (Forest-wide) § Relative Identification (RID) Master (Domain-wide) § Infrastructure Master (Domain-wide) § Primary Domain Controller (PDC) and Time Master (Domain-wide) § Schema Master (Forest-wide) o Install the Global Catalog (GC) service. o Install Kerberos authentication services o Install a Domain Name System (DNS) server to support the use of SRV records used to locate AD DCs and services. o Install and configure Domain and Forest replication processes to synchronize AD objects with other DCs throughout the Domain and (potentially) DCs throughout the Forest. o Install the Lightweight Directory Access Protocol (LDAP) and related services. o Install and apply the Default Domain Group Policy and the Default Domain Controllers Group Policy. o Install a collection of AD administrative tools.

Open Virtualization Format (OVF)

open source standard for packaging and distributing VMs.

Preseeding

provides a way to set answers to questions asked during the installation process, without having to manually enter the answers while the installation is running.

One can view their Windows Domain from the command line by entering the command ___ ____

set user

Guest Additions

software packages that improve guest OS performance as well as add extra features.

Domain membership

state of trusting a third party, the domain controller, for identity and authentication information

commands to update Kali

sudo apt update sudo apt full-upgrade -y

Mount point

the directory tree that will house the contents of the file system on the selected partition.

gdm3

the recommended display manger for GNOME.

exit (regedit)

to exit regedit

. OVA files are normally saved in the Open Virtualization Format (OVF), a standard format that is used to package and distribute software that is run in virtual machines

true

.ISOs are single files that are images of an entire CD or DVD

true

.OVA files are supported by both VirtualBox and VMware, but one must convert the .OVA file into the .VHD format if it going to imported into Hyper-V

true

.REG files are text-based files that are typically used to make repairs to or save data from the Windows Registry. One can also use .REG files to add or change values in the Registry.

true

A component called the 'Domain Naming Master' verifies that the NETBIOS domain namespace chosen is unique within the currently accessible network environment and allows the option to adjust the NETBIOS domain namespace, as may be desired. Many Microsoft operating system components and applications use NETBIOS domain names (i.e., vargas) instead of fully qualified domain names (FQDNs) like 'vargas.com'.

true

Active Directory is the central database on a DC where the login credentials of all client computers, printers, and other shared resources in the network are stored.

true

All memory used by a VM is taken from a host

true

As long as one backs up the contents of the Registry, one can always revert back to the original if the changes do not work. One might also opt to create a 'restore point' in Windows before making any changes

true

At the first "Configure the network" screen, one is asked to enter a hostname for the system (the default is "kali").

true

At the second "Configure the network" screen, one is asked to enter the domain name for the system (which is optional).

true

Before proceeding with the installation of Active Directory, configure the server with a static IP address in the range used by VirtualBox's host-only mode

true

Both registry editors hide the terminating zero, so you don't need to think about it (unless you're writing a software application that manipulates the registry, in which case you must remember to pay attention to the terminating byte).

true

Loading and unloading hives affects only HKEY_LOCAL_MACHINE and HKEY_USERS, and you can perform these actions only when one of these root keys is selected

true

Confirm that one's Windows Server 2016 VM is configured for host only networking. It is important to note that this configuration will result in the generation of several errors during the installation process but it will be successful regardless.

true

Depending on the distribution, one may be able to shut down a Linux system from the CLI by running the command 'sudo shutdown -h now'

true

Directory services may include billions of different objects

true

From the members screen in a domain group, one can add additional accounts to the Domain Admin group by clicking on 'Add...' and repeating the above process.

true

HKEY_CURRENT_CONFIG exists for convenience. It is easier to access the data in the other Registry key - to view and modify it, by just going to HKEY_CURRENT_CONFIG. Since they contain the same information and are always connected to each other, one can make changes in either location to get the same results.

true

Hyper-v must be disabled to use virtual box

true

If one gets a "No bootable medium found error" when the VM boots, the boot order was not properly altered and the 'Optical' option remains as a boot option.

true

If one is installing Kali directly on hardware instead of in a VM (which is rarely done), one must make sure that the system is set to boot off of the physical CD/DVD or USB port - wherever the installation ISO will reside. As a result, one may have to alter the boot order in the system's BIOS/UEFI.

true

If one is using last-snapshot, one will not receive updates until they are released with the next version of Kali for that year.

true

If one selects 'Export configuration settings' to save the PowerShell script locally, a file named "DeploymentConfigTemplate" will be saved to the Desktop.

true

If one wants to change any of the options selected, one would click on 'Previous' and return to the appropriate dialog to make the change. Also note that one can view and save a copy of the PowerShell script that would complete this AD DS promotion. It would allow one to deploy DCs by script, and with a consistent set of options.

true

If the server is not connected to the network, an "error" message will appear and the installation will stop until this is resolved. Also, if the server does not have a static IP address, the prerequisites check will also show a "warning". One may also see a "warning" that the delegation for a DNS server cannot be created, if the DNS server installed is not fully configured. If one sees" warnings" one can continue to install AD and make a note to fix the problems associated with the warnings later. If one sees an "error", one cannot continue with the Active Directory Domain Services installation until the error is corrected

true

If the source file is a .VMDK, .VDI, .VHD file, select 'Use an existing virtual hard disk file'.

true

If the source file is an .ISO, select 'Create a virtual hard disk now'.

true

If the source file was an already created VM (.VDI, .VMDK, .VHD) one would select 'Use an existing virtual hard disk file'.

true

In enterprise networks, permissions are usually assigned to groups instead of individual users

true

In order to automate the process as much as possible, the installer attempts an automatic network configuration via DHCP (for IPv4) and by IPv6 network discovery. If this fails, it offers more choices: try again with a normal DHCP configuration, attempt DHCP configuration by declaring the name of the machine, or set up a static network configuration (this last option requires an IP address, a subnet mask, an IP address for a potential gateway, a machine name, and a domain name)

true

In previous versions of Kali, the first user was always root

true

In the 'Enter the object names to select (examples):' box enter the phrase 'Domain Admins' and click on 'Check Names'. After 'Check Names' is pressed, the Domain Admins that was just entered will be underlined. If so, click OK

true

In the 'Ethernet Properties', one should configure the client's DNS server to be the IP address of the PDC

true

In the 'Ethernet Properties', one should configure the client's DNS server to be the IP address of the PDC. In this scenario, one is getting DNS information from the DHCP server in VirtualBox.

true

In the HKEY_LOCAL_MACHINE hive, IP configuration information is stored.

true

In the field of digital forensics, Type 2 hypervisors are usually the ones found on suspect machines.

true

In the lab, we installed Active Directory Domain Services' with management tools in Active Directory

true

In this class, to save storage space, we will not be running windows updates on our server 2016 VM.

true

In this course, we are using the Windows Server 2016 Standard Evaluation (Desktop Experience) version

true

It is best practice to ensure that all tools work before starting a penetration testing engagement and during the engagement one should not update

true

It is inadvisable to rename a Domain Controller once it is the member of a Domain

true

Kali automatically creates a Swap partition

true

Kali can be installed directly onto a hard drive, run inside a type 2 hypervisor or run from a flash drive or from a network

true

Kali's partitioning software has a 'guided' mode, which recommends partitions for the user to make.

true

The current version of Virtual Box is windows v6.1

true

Making changes to the values and keys using Registry Editor will change the configuration that a particular value controls

true

Not all modern Windows applications use the Windows Registry

true

OVA files can be created from existing VMs.

true

OVF allows for one to share VMs between different virtualization applications.

true

On disk, the Windows Registry is not one large file but many files organized into "hives"

true

On most systems, the installation of Guest Additions will be required

true

Once a VM is created, the boot order should be configured so the VM only boots off the virtual hard drive

true

One can double click on the user's name in the right pane if one wants to add a 'Description' for the user (ie job title) or other information

true

One of the main purposes of DCs is to authenticate network clients.

true

One of the most powerful groups in a Windows Domain is the "Domain Admin" group.

true

One will be notified that one must restart the computer to complete the process of joining the Windows Doman.

true

Only a network administrator, with the appropriate privileges, can add computers or shared resources to the domain

true

Rather than replacing the selected root key, the hive you are loading then becomes a subkey of that root key.

true

Registry editors display REG_DWORD entries in hex format, but one can switch to decimal or binary format (depending on the entry) when one needs to perform an edit

true

Server Manager opens each time the system is logged into.

true

Servers are not normally configured for DHCP but are instead statically configured.

true

Since no domains or forests currently exist, the Domain Controller (DC) that is about to be created will be the first DC in a new domain that will also create the first new forest.

true

Some Windows applications store their configurations in XML files instead of the Registry, and others are entirely portable and store their data in an executable file.

true

System state (log files, mail and printer spool directories, transient and temporary files) is under the '/var' directory which holds variable data, or data that changes often

true

The "Dhcp" that begins some names signifies that the information was received from the DHCP server as part of IP address assignment.

true

The 'MAC Address Policy' at the bottom of the screen allows one to specify how to retain network card MAC addresses.

true

The 'full-upgrade' option used in the command above removes packages, in addition to, installing and upgrading them.

true

The .OVF extension means that some files were written separately while an .OVA extension means that all the files were combined into one OVF archive.

true

The DSRM password is used to restore AD, if needed.

true

The Domain Name System (DNS) is hierarchical. If this domain namespace were a child domain namespace (i.e., support.vatg, consulting.vatg) one would connect the child namespace to its parent namespace (vargas) within the DNS. Since this is not the case, one cannot specify a DNS delegation.

true

The Forest and Domain Functional Levels dictate the AD DS feature set that will be available within the Forest and the Domain. They will also dictate the minimum version of the server OS used on any DC in the Forest and Domain.

true

The GC is like an index of all the objects within the Forest that allows one to quickly locate objects.

true

The HKEY_LOCAL_MACHINE (HKLM) is the most important hive because it contains hardware, software and security information

true

The IP address of the server will usually vary depending on how networking is configured but since we are using host-only, the first three octets will be '192.168.56.x".

true

The Live version of Kali provides a 'forensic mode' that allows one to boot off of a flash drive and run applications on a target hard drive without having to install the applications on the hard drive. One can also install Kali onto a hard drive from a Live version.

true

The SHA256sum that is displayed would be used to verify the integrity of the downloaded file.

true

The Windows Registry replaced autoexec.bat, config.sys, and nearly all of the .INI files that contained configuration information in MSDOS and in very early versions of Windows.

true

The automated install choice allows one to install Kali completely automatically by using preseeding, whose source can be entered after accessibility features get started.

true

The bootloader is a low-level program that is responsible for booting the Linux kernel just after the BIOS/UEFI passes off its control. To handle this task, it must be able to locate the Linux kernel to boot on the disk. On the i386 and amd64 architectures, the two most used programs to perform this task are LILO, the older of the two, and GRUB, its modern replacement. Isolinux and Syslinux are alternatives frequently used to boot from removable media.

true

The directory database, AD DS logging, and the SYSVOL directories can become busy. For security and performance reasons, in the real world, it may be desirable to place these on physical disks that are separate from the Windows OS

true

The entries in the "sources.list" file tell the system where to go to download programs for installation or upgrade. This file is used when adding or upgrading applications and updating one's system since it points to the system's software repositories

true

The notation SZ means String/Zero byte termination; the entries are terminated with a zero byte at the end (i.e., a zero is added to the end of the string).

true

The only way to verify that a download has not been trojanized is by verifying its digital signature.

true

There is no Linux equivalent of the Windows Registry. Instead, Linux configurations are kept in text files

true

To create the new domain user, right click on 'Users', select 'New' and then select 'User'

true

User configuration and state live in "dot files" (files and directories in the user's home directory that begin with a '.')

true

VirtualBox supports the use of pre-configured VMs. The source file's format depends on the hypervisor used to create the VM.

true

Virtualization must be enabled in BIOS/UEFI of a computer in order to create and run VMs

true

We installed Kali using the Bare Metal option

true

When applications do a lookup on any REG_MULTI_SZ entry, they receive the entire entry; applications can't ask for a specific string.

true

When at the select start-up disk screen, one should use the yellow folder icon on the bottom right to navigate to and select the .ISO source file and then press 'Start'

true

When one chooses the radio button of "domain", one will be prompted to enter credentials of a user that is authorized to join computers to the Windows Domain

true

When one is downloading the ISO image of Windows Server 2016, the file will be downloaded to the browser's default download location, but is highly recommended that one move it to a "VMs" folder on the Desktop

true

When one makes changes to nearly any setting, changes are also made to the appropriate areas in the Registry, though these changes are sometimes not realized until one reboots the computer.

true

When one selects a key, the top-right pane displays the key's values, which are the information associated with that key.

true

When retiring a system, one would first remove it from the Windows Domain. To do so, one would return to the 'Computer Name/Domain Changes' dialog, select the 'Workgroup' radio button, click 'OK', and follow the instructions.

true

When the mount point directory is named '/', it is known as the root of the file tree, and therefore the root of the partition that will actually host the operating system.

true

When you view or edit an entry of the REG_SZ type in regedit, the window that opens is titled String Editor. The regedit editing window displays the name of the value

true

Window's System Restore lets one restore a Windows system back to its last working state in cases where the system is experiencing problems. 'Restore points' are snapshots of the Windows system files, certain program files, Registry settings, and hardware drivers

true

Windows Domains will most likely have many DCs. Once logged into the client, one can see which DC the computer authenticated to by moving to the command line and entering the command 'echo %logonserver%'.

true

Windows Hyper-V does not support the use of .OVA files

true

Windows computers that are part of a Domain trust the domain controller for many tasks, including trusting the DC as the authoritative source of time.

true

With .OVA files, the login information is sometimes included in the description box of the VM.

true

With .VMDK/.VDI/.VHD files, since the VM was already created, one does not have to install the operating system. One will also inherit the configurations determined by the source file's creator (passwords, accounts, etc).

true

With virtual machines, disk partitioning is not required, and sometimes it is not possilble

true

a .OVA (Open Virtual Appliance) file is an OVF directory saved as an archive using the .tar archiving format. The file itself is a binary file.

true

each value has a name and (data) type and is followed by a representation of the value's data.

true

files that end in .7zip must be decompressed with the 7Zip compression utility.

true

if an attacker were to exploit a process running as root they will have complete control of the target system

true

m configurations are in text files under the '/etc' directory which holds system-wide configuration files and databases

true

once the VM has been created it is okay to delete the .ISO source file unless one expects to use it again

true

Password never expires

when this option is set the password for the user never expires and even overrides any policies in place for password expiration.

Install (kali)

will run the installation routine in text-mode. As a result, one must manually select all configuration answers.

Wireless downloads will take longer than ____ downloads

wired


Ensembles d'études connexes

Chapter 51: Care of Patients with Musculoskeletal Trauma

View Set

Chapter 25, The Child with Gastrointestinal Dysfunction peds

View Set

Lipscomb Psychology 2301 Chapter 9 Themes and Variations 9E Intelligence

View Set

nonpharmacologic methods of pain relief - sherpath

View Set

AP Chemistry | Unit 3 Progress Check: MCQ

View Set

Ch. 4 Labor and Financial Markets

View Set