SECFND Section 8 : Understanding Windows Operating
System Basics questions with verified answers
8.2.1 When you are researching a Windows operating system vulnerability (such
as CVE-2016-7211), which organization can provide detailed information about
the specific vulnerability? Ans✓✓✓ National Institute of Standards and
Technology (NIST)
8.2.2 Which is not a valid Windows operating system version? Ans✓✓✓ Windows
9
8.3.1 Malicious Windows operating system codes that share a single virtual
address space, and can manage the system CPU and memory resources directly
are running in which mode? Ans✓✓✓ Kernel
8.3.2 Which type of Windows processes operate within the confines of their own
memory space? Ans✓✓✓ user
8.3.3 When investigating Windows-based security incidents, which can cause the
most damage to the integrity of the Windows operating system? Ans✓✓✓
malicious Windows drivers that run in kernel mode
8.4.1 Which Windows component is used by the applications to modify the
system resources? Ans✓✓✓ object handle
8.4.2 When investigating a malicious Windows application, which two Windows
components that are associated with the application will also need to be
investigated? (Choose two.) Ans✓✓✓ threads
, processes
8.5.1 Malware that can corrupt the virtual memory space of another process can
alter the content of which two resources? (Choose two.) Ans✓✓✓ another
process' content stored in the RAM
another process' content stored in the hard disk
8.5.2 What condition does the size of the total addressable virtual memory space
depend on? Ans✓✓✓ whether the Windows version is 32-bit or 64-bit
8.6.1 You encountered malware that automatically runs upon bootup in its own
Windows sessions, and without any user interface. Which Windows component
can be used to configure the malware from starting automatically? Ans✓✓✓
services control manager
8.6.2 (Service Control Manager Window) Ans✓✓✓ The Adobe Acrobat Update
Service will automatically start during the boot and logon process.
8.7.1 When performing disk forensics on a Windows machine, which file system
will most likely be involved? Ans✓✓✓ NTFS
8.7.2 Which part of the NTFS formatted disk drive can be damaged by corrupting
the first 16 sectors of the drive? Ans✓✓✓ partition boot sector
8.8.1 Which Windows directory stores the 64-bit applications? Ans✓✓✓ Program
Files
System Basics questions with verified answers
8.2.1 When you are researching a Windows operating system vulnerability (such
as CVE-2016-7211), which organization can provide detailed information about
the specific vulnerability? Ans✓✓✓ National Institute of Standards and
Technology (NIST)
8.2.2 Which is not a valid Windows operating system version? Ans✓✓✓ Windows
9
8.3.1 Malicious Windows operating system codes that share a single virtual
address space, and can manage the system CPU and memory resources directly
are running in which mode? Ans✓✓✓ Kernel
8.3.2 Which type of Windows processes operate within the confines of their own
memory space? Ans✓✓✓ user
8.3.3 When investigating Windows-based security incidents, which can cause the
most damage to the integrity of the Windows operating system? Ans✓✓✓
malicious Windows drivers that run in kernel mode
8.4.1 Which Windows component is used by the applications to modify the
system resources? Ans✓✓✓ object handle
8.4.2 When investigating a malicious Windows application, which two Windows
components that are associated with the application will also need to be
investigated? (Choose two.) Ans✓✓✓ threads
, processes
8.5.1 Malware that can corrupt the virtual memory space of another process can
alter the content of which two resources? (Choose two.) Ans✓✓✓ another
process' content stored in the RAM
another process' content stored in the hard disk
8.5.2 What condition does the size of the total addressable virtual memory space
depend on? Ans✓✓✓ whether the Windows version is 32-bit or 64-bit
8.6.1 You encountered malware that automatically runs upon bootup in its own
Windows sessions, and without any user interface. Which Windows component
can be used to configure the malware from starting automatically? Ans✓✓✓
services control manager
8.6.2 (Service Control Manager Window) Ans✓✓✓ The Adobe Acrobat Update
Service will automatically start during the boot and logon process.
8.7.1 When performing disk forensics on a Windows machine, which file system
will most likely be involved? Ans✓✓✓ NTFS
8.7.2 Which part of the NTFS formatted disk drive can be damaged by corrupting
the first 16 sectors of the drive? Ans✓✓✓ partition boot sector
8.8.1 Which Windows directory stores the 64-bit applications? Ans✓✓✓ Program
Files
