CCTC UPDATED STUDY EXAMS GUIDE QUESTIONS
AND ANSWERS SURE A+
✔✔wmic nteventlog list brief - ✔✔list logs
✔✔wmic netevent /? - ✔✔query individual log entries
✔✔get-help [content] - ✔✔PS : search for help and commands
✔✔get-help [command] - ✔✔PS : get help on specific commands
✔✔external commands in powershell (cmd.exe or sysinternals) - ✔✔return a string
✔✔Powershell command in powershell - ✔✔returns an object
✔✔external commands - ✔✔spawn new process (attrib)`
✔✔internal commands - ✔✔run inside powershell process (ping, dir) cmd.exe is parent
of all internal command
✔✔classe - ✔✔general term for grouped objects
✔✔CIM - ✔✔common information model, meant to be cross platform
, ✔✔WMIC - ✔✔Windows Management Instrumentation (WMI) - windows specific
✔✔multithreading - ✔✔a technique that allows a single set of code to be used by
several processors at different stages of execution
✔✔Procmon - ✔✔view, monitor, filter processes
✔✔psinfo - ✔✔shows basic system infor, remote capabilities
✔✔pslist -t - ✔✔shows processe in tree format
✔✔handle [-p] - ✔✔shows handles of all processes. or a specific process
✔✔psexec - ✔✔telnet-replacement that lets you execute processes on other systems
✔✔logonsessions [-p] - ✔✔lists all currently logged in sessions. or lists processes
running in each logon session
✔✔psloggedon - ✔✔more functionality regarding remote users sessions
✔✔tcpview - ✔✔robust netstat viewer/monitor
✔✔autoruns - ✔✔checks autorun registry location
✔✔Pre-boot - ✔✔Power On Self Test (POST)
✔✔MBR - ✔✔Loads boot code
✔✔Bootcode - ✔✔Searches partition table for boot sector and loads NTLDR
✔✔NTLDR - ✔✔Reads in boot.ini for OS choices, runs NTDETECT.com to query
hardware.
Stored data from NTDETECT.com in HKLM\Hardware registry key
Starts NTOSKRNL.exe HAL.dll
✔✔NTOSKRNL.exe - ✔✔Starts SMSS.exe
✔✔SMSS.exe - ✔✔Launches Winlogon.exe and CSRSSS
✔✔Winlogon - ✔✔Starts LSASS, loads MSGINA, starts SCM, starts logonui.exe
✔✔MSGINA.dll - ✔✔Graphical identification and authorization (GINA)
AND ANSWERS SURE A+
✔✔wmic nteventlog list brief - ✔✔list logs
✔✔wmic netevent /? - ✔✔query individual log entries
✔✔get-help [content] - ✔✔PS : search for help and commands
✔✔get-help [command] - ✔✔PS : get help on specific commands
✔✔external commands in powershell (cmd.exe or sysinternals) - ✔✔return a string
✔✔Powershell command in powershell - ✔✔returns an object
✔✔external commands - ✔✔spawn new process (attrib)`
✔✔internal commands - ✔✔run inside powershell process (ping, dir) cmd.exe is parent
of all internal command
✔✔classe - ✔✔general term for grouped objects
✔✔CIM - ✔✔common information model, meant to be cross platform
, ✔✔WMIC - ✔✔Windows Management Instrumentation (WMI) - windows specific
✔✔multithreading - ✔✔a technique that allows a single set of code to be used by
several processors at different stages of execution
✔✔Procmon - ✔✔view, monitor, filter processes
✔✔psinfo - ✔✔shows basic system infor, remote capabilities
✔✔pslist -t - ✔✔shows processe in tree format
✔✔handle [-p] - ✔✔shows handles of all processes. or a specific process
✔✔psexec - ✔✔telnet-replacement that lets you execute processes on other systems
✔✔logonsessions [-p] - ✔✔lists all currently logged in sessions. or lists processes
running in each logon session
✔✔psloggedon - ✔✔more functionality regarding remote users sessions
✔✔tcpview - ✔✔robust netstat viewer/monitor
✔✔autoruns - ✔✔checks autorun registry location
✔✔Pre-boot - ✔✔Power On Self Test (POST)
✔✔MBR - ✔✔Loads boot code
✔✔Bootcode - ✔✔Searches partition table for boot sector and loads NTLDR
✔✔NTLDR - ✔✔Reads in boot.ini for OS choices, runs NTDETECT.com to query
hardware.
Stored data from NTDETECT.com in HKLM\Hardware registry key
Starts NTOSKRNL.exe HAL.dll
✔✔NTOSKRNL.exe - ✔✔Starts SMSS.exe
✔✔SMSS.exe - ✔✔Launches Winlogon.exe and CSRSSS
✔✔Winlogon - ✔✔Starts LSASS, loads MSGINA, starts SCM, starts logonui.exe
✔✔MSGINA.dll - ✔✔Graphical identification and authorization (GINA)
