CCTC UPDATED CORE MAIN EXAMS QUESTIONS
AND ANSWERS SURE A+
✔✔Thread States - ✔✔Deferred Ready, Ready, Terminated, Waiting, Initialized,
Standby, Transition, Running
✔✔Process - ✔✔Primary container (memory structure) for a program being executed
✔✔Thread - ✔✔Represents sequential machine-code instructions that a processor
executes
✔✔Handle - ✔✔Pointer to OS objects referenced withing a process
✔✔User Mode - ✔✔Runs in private virtual address space.
Isolated applications
✔✔Kernel Mode - ✔✔All run in a single virtual address space.
Not isolated
✔✔Process Validity - ✔✔PIDs sequence: look for out of order PIDs
Name: Unfamiliar process names, Duplicate processes, spelled incorrectly
Process Age: typical startup processes but launched more recently (smss.exe)
Priority Levels: processes with a higher or lower priority level than required/expected
, Handles: libraries or files the process has open
✔✔Virus - ✔✔Requires user interaction to replicate
✔✔Worm - ✔✔Does not require user interaction to replicate
✔✔Trojan - ✔✔Malware hidden a legit program.
Not usually replicating.
✔✔Malicious mobile code - ✔✔transmitted from remote host to local host.
Executed w/o user instruction
✔✔Blended attack - ✔✔multiple infection/ transmission methods used together
✔✔Backdoor - ✔✔Malicious program that allows illegitimate access to a machine
✔✔Remote Access Tool (RAT) - ✔✔Malicious program that provides remote command
and control
✔✔Rootkit - ✔✔Malicious program that is ONLY used to hide things. DOES NOT
provide access or command and control alone
✔✔Adware - ✔✔paid for ads to infected user
✔✔Zombie - ✔✔The individual infected computer
in a botnet.
✔✔Hypervisor - ✔✔Software that enables a single computer to run multiple operating
systems simultaneously.
✔✔Situational Awareness: What is running on the system? - ✔✔Processes
Services
Scheduled Tasks
Registry Keys
Security Products
✔✔Situational Awareness: Users - ✔✔Accounts
Groups
Domains
✔✔Situational Awareness: Networking - ✔✔System network settings
Local subnet
Active network connections
routing
AND ANSWERS SURE A+
✔✔Thread States - ✔✔Deferred Ready, Ready, Terminated, Waiting, Initialized,
Standby, Transition, Running
✔✔Process - ✔✔Primary container (memory structure) for a program being executed
✔✔Thread - ✔✔Represents sequential machine-code instructions that a processor
executes
✔✔Handle - ✔✔Pointer to OS objects referenced withing a process
✔✔User Mode - ✔✔Runs in private virtual address space.
Isolated applications
✔✔Kernel Mode - ✔✔All run in a single virtual address space.
Not isolated
✔✔Process Validity - ✔✔PIDs sequence: look for out of order PIDs
Name: Unfamiliar process names, Duplicate processes, spelled incorrectly
Process Age: typical startup processes but launched more recently (smss.exe)
Priority Levels: processes with a higher or lower priority level than required/expected
, Handles: libraries or files the process has open
✔✔Virus - ✔✔Requires user interaction to replicate
✔✔Worm - ✔✔Does not require user interaction to replicate
✔✔Trojan - ✔✔Malware hidden a legit program.
Not usually replicating.
✔✔Malicious mobile code - ✔✔transmitted from remote host to local host.
Executed w/o user instruction
✔✔Blended attack - ✔✔multiple infection/ transmission methods used together
✔✔Backdoor - ✔✔Malicious program that allows illegitimate access to a machine
✔✔Remote Access Tool (RAT) - ✔✔Malicious program that provides remote command
and control
✔✔Rootkit - ✔✔Malicious program that is ONLY used to hide things. DOES NOT
provide access or command and control alone
✔✔Adware - ✔✔paid for ads to infected user
✔✔Zombie - ✔✔The individual infected computer
in a botnet.
✔✔Hypervisor - ✔✔Software that enables a single computer to run multiple operating
systems simultaneously.
✔✔Situational Awareness: What is running on the system? - ✔✔Processes
Services
Scheduled Tasks
Registry Keys
Security Products
✔✔Situational Awareness: Users - ✔✔Accounts
Groups
Domains
✔✔Situational Awareness: Networking - ✔✔System network settings
Local subnet
Active network connections
routing
