MOD 7
Variables are preceded by a
$
For a script to execute, a __ has to precede the script location and name for the script to execute
.\
What is default log size
512 bytes
NSA Group Policy Object changed the defaults of the event viewer from _____ to ______
512 in size to over 4GB
What are the SAM sub keys
Acccount Passwords built-in
Windows uses an account identifiers known as ___________ to identify a user (Their SID), the users group memberships (group sids), and specific privileges assigned to the user/group
Access Token
A centralized database, knows as _________, maintains the domain information
Active Directory
refers to an alternate name for a PS cmdlet that has been abbreviated for ease of typing
Aliase
What are 3 types of logs
Application logs system logs security log
tracking of changes
Auditing
The registry is read during what times
Boot Process Application startup User Login
Subkey that contains logon information for the last ten people
Cache
User interface and API must provide extended legacy support and integration with other systems
Compatibility
Each of the Select, Controlset001, CurrentControlSet contain what subkeys
Control Enum Mounted Devices
User settings and defaults are stored in what subkey
Control Panel
Contains data that is stored in the system hive, making them a safe place for vital information like service and device configuration
Control sets
What are some important entries under the HKLM\Software\Microsoft\Windows subkey
Current version CurrentVersion\run CurrentVersion\RunOnce CurrentVersion\RunServices
What subkey is an alias of the booted control set, ControlSet001
CurrentControlSet
Domain controllers typically have what 3 logs
Directory Service Log DFS Replication Log DNS Server Log
each system Shares common configurations, resources, and security principles
Domain
AD requires a computer with a server OS, Once set up, the server becomes _______ containing all domain accounts and other domain resource information
Domain Controller
process for targeting system or network information gathering -involves active connections and directed queries of systems and networks in support of CNO initiatives
Enumeration
Code written for adaptability and change to meet ever-changing market demands
Extensible
what command gives a complete list of aliased commands and their associated PS cmdlet
Get-Alias
What command can you use to see a list of available modules
Get-Module -listavailable
Adding ________ to a Microsoft Management Console (MMC) provides a GUI interface for viewing and modifying local policies
Group Policy Object editor
What key is used to establish the current hardware configuration profile
HKCC
What key associates file types with the programs used to open them
HKCR
What key is derived from two keys and is used to associate file types with programs that are used to open them
HKCR
What are the 3 derived keys
HKCR HKCU HKCC
What key contains user profile environment settings of the interactively logged on user
HKCU
What key contains specific information about he hardware, software, and preferences for all users who log into the sytem
HKLM
What key contains the Hardware, SAM, Security, Software, and System subkeys
HKLM
What key contains the most critical part of the registry
HKLM
What key contains a SID sub key for all loaded user profiles
HKU
Two master keys are
HKU HKLM
The windows registry uses what 5 root key hives
HKU HKLM HKCR HKCU HKCC
Subkey that contains information about currently installed hardware and contains three sub keys with information that is generated during boot up
Hardware Sub-key
The kernel runs in the most privileged ring of the CPU (Ring 0) knows as
Kernel mode
Used to identify and pass configuration information for the system and user environment
Key paths
Contain values consisting of name, data type, and corresponding data
Keys
combination of setting used by Windows systems to control security on a computers -commonly used to edit account and password policies
Local Security Policies
Way for the OS and its services and applications to record important actions, post status messages, and track security events
Logging
Domain systems running server OSs are
Member servers
Packages of PS commands, consisting of cmdlets, functions, variables, and aliases
Modules
When specifying a parameter in conjunction with cmdlet, two techniques are used.....
Named and positional
Views current setting, updates the user accounts database, and modifies password and logon requirements for all accounts
Net accounts
provides a common scripting environment for mixed networks -functionality centers on the use of cmdlets with parameters and arguments
PS Core
universal environment that allows remote execution of any command that can run locally in PS -enables a user to gather data and change setting on one or more remote computers
PS remoting
enables a user to string PS cmdlets together into a single file to accomplish multiple tasks
PS scripting
Fast and responsive while meeting the constraints of the other design goals
Performance
process of passing the results of one cmdlet as input into a second cmdlet -makes it possible to create compound cmdlet sequences that perform multiple tasks in a single operation
Pipeline
Subkey that contains security settings for users, groups, and other components
Policy
Support multiple hardware architectures and must be adaptable for innovation and new technologes
Portability
object oriented, interactive command environment with scripting language features
PowerShell (PS)
ability of an account to perform a particular system related operation
Privileges
What are the most common data types
REG_BINARY REG_DWORD REG_SZ REG_EXPAND_SZ REG_MULTI_SZ
What are some commands for reg.exe command
Reg add Reg query Reg delete Reg Copy Reg load
Protect itself from internal malfunctions and faulty applications
Reliability
Controls how the system audits object access attempts
SACL (System Access Control LIst)
Meet government and industry requirements for system security and protections against external tampering
Security
Every windows has a unique ________ that is generated during account creation
Security Identifier (SID)
The access token and the objects permissions form the primary ________ for the users actions on the object
Security context
establishes privileges and accounts rights for users
Security policy
Subkey that contains information about cached logons, policy , special accounts, and Registry transaction package
Security sub key
What are some keys of the System sub-key
Select ControlSet001 CurrentControlSet
Optimized to provide application services and shared resources
Server OS
HKCC contains what two subkeys
Software System
Subkey that contains a collection of subkeys for various installed components and applications
Software sub key
What subkey contains definitions, control sets, and information about removable media -contains system configuration including several control sets
System SubKey
Unprivileged processes can log events in the _______ and _______ logs
System and application logs
collection of information used by the system for determining accesses and privilege's
User account
heart and soul of the OS -vast hierarchical repository of OS, hardware, applications, and user settings
Windows Registry
considered standalone with regards to authentication and system security principles -no centralized account or security principles
Workgroup
Optimized for interactive desktop response time
Workstation OS
contain information that deals with logon abilities
account rights
account rights differ from privileges in that they .......
are not included as part of the access token
What is the command lineto enable auditing
auditpol
What command is used to see all of the parameters and arguments available for a particular cmdlet
get-help
What command queries a computer system for information about the manufacturer and model
get-wmiobject
A ________ evaluates and executes a script commands line by line
interpreter
MAC addresses are generates for virtual network adapters and are viewed using what command
ipconfig /all
What 2 commands show NIC information
ipconfig /all systeminfo
What are 3 commands that are used to check information such as MAC addresses, installed NICs, system manufacturer, system model, and running processes
ipconfig /all systeminfo tasklist
rid 18 indicates 19 20 500 501
local system local service network service Administrator Guest
for the HKU masterkey the profile environment settings are stored each users________
ntuser.dat file
What command line utility is used for querying and manipulating the Registry
reg.exe
The primary tool for viewing and editing the Registry is the Windows Registry Editer _______
regedit
All configuration information is maintained in
registry key
Scripts can execute _____ and ____ on a variety of systems
remote and locally
Priviledged processes can log events in the ______ log
security
Unique accounts that provide the account identifier information for services
service accounts
All things non administrative in nature, including displaying the desktop, use what token
standard user access token
If a user is in the administrators group, what two tokens are are on the account
standard user access token administrator access token
What are two uses of variables $
store information for later use store information that is a result funning a script
The _______ command line tool can query system configuration to include the system manufacturer and system model info
systeminfo
What command output shows a list of recognized NICs
systeminfo
what command can be used in multiple places within a cmdlet to show a progression of information as well
tee-object
what command sends data in two directions simultaneously, enabling an analyst to evaluate information immediately
tee-object
Workstations and OSs primarily differ in
the hardware they support and how they are optimized
