DOCSLIB.ORG

Presentation: Detecting the Adversary Post-Compromise with Threat

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text

Load more

Detecting the Adversary Post- Compromise with Threat Models and Behavioral Analytics Approved for Public Release; Distribution Unlimited. 16-3058 © 2016 The MITRE Corporation. All rights reserved. © 2016 The MITRE Corporation. All rights reserved. | 2 | Cyber Attack Lifecycle Recon Deliver Control Maintain Weaponize Exploit Execute Traditional CND 146 days - The median time an adversary is in a network before ATT&CK™ being detected -Mandiant, M-Trends 2016 Cyber Attack Lifecycle: The MITRE Corporation https://www.mitre.org/capabilities/cybersecurity/threat-based-defense © 2016 The MITRE Corporation. All rights reserved. | 3 | Threat Based Modeling ATT&CK • Cyber threat • Data sources analysis • Adversary model • Analytics • Research • Post- • Prioritization • Industry reports compromise techniques Adversary Enterprise Behavior Defense © 2016 The MITRE Corporation. All rights reserved. | 4 | ATT&CK: Deconstructing the Lifecycle Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Execution Collection Threat data informed adversary model Exfiltration Command and Control Higher fidelity on right-of-exploit, post-access phases Describes behavior sans adversary tools Working with world-class researchers to improve and expand © 2016 The MITRE Corporation. All rights reserved. | 5 | ATT&CK Matrix Tactics and Techniques (2014) Privilege Lateral Command and Persistence Credential Access Host Enumeration Defense Evasion Exfiltration Escalation Movement Control Exploitation of Credential Process Common protocol, Normal C&C New service Software packing RDP vulnerability dumping enumeration follows standard channel Service file Windows admin Modify existing Service Common protocol, Alternate data permissions User interaction Masquerading shares (C$, service enumeration non-standard channel weakness ADMIN$) Service registry Commonly used Exfiltration over Local network Windows shared DLL Proxying permissions Network sniffing DLL Injection protocol on non- other network config webroot weakness standard port medium Local network Remote Communications Exfiltration over Hypervisor Rookit DLL path hijacking Stored file DLL loading connections vulnerability encrypted physical medium Winlogon Helper Window Standard Communications Encrypted Path interception Logon scripts DLL enumeration protocols are obfuscated separately Application Modification of Account Obfuscated Distributed Compressed Path Interception deployment shortcuts enumeration payload communications separately software Registry run keys / Editing of default Group Taint shared Multiple protocols Startup folder Indicator removal Data staged handlers enumeration content combined addition Access to remote Automated or Modification of Owner/user Scheduled task Indicator blocking services with scripted data shortcuts enumeration valid credentials exfiltration Legitimate Operating system MBR / BIOS rootkit Pass the hash Size limits Credentials enumeration Editing of default Security software Scheduled handlers enumeration transfer File system Scheduled task enumeration © 2016 The MITRE Corporation. All rights reserved. | 6 | ATT&CK MatrixTactics and Techniques (2015) Privilege Defense Credential Host Lateral Persistence Execution C2 Exfiltration Escalation Evasion Access Enumeration Movement Legitimate Credentials Credential Account Application Command Commonly Automated Accessibility Features Binary Dumping enumeration deployment Line used port or scripted Padding software Comm exfiltration AddMonitor DLL Side- Credentials File system Exploitation File Access through Data DLL Search Order Hijack Loading in Files enumeration of PowerShell removable compressed Edit Default File Handlers Disabling Network Group Vulnerability Process media Data Security Logon Custom encrypted New Service Sniffing permission Hollowing Data size Tools enumeration scripts application Path Interception User Pass the Registry limits File System layer Scheduled Task Logical Interaction Local hash Rundll32 Data staged Pass the protocol Service File Permission Offsets Credential network Scheduled Custom Exfil over C2 Weakness ticket Process manipulation connection Peer Task encryption channel Shortcut Modification Hollowing enumeration connections Service cipher Exfil over Web shell Rootkit Local Remote Manipulation Data alternate Bypass UAC networking Desktop Third Party obfuscation channel to BIOS Fallback C2 network DLL Injection enumeration Protocol Software channels Exfil over Hypervisor Indicator Multiband Rootkit Exploitation Operating Windows management other blocking on comm of system instrumentation Multilayer network Logon Scripts Vulnerability host enumeration Indicator Windows remote encryption medium Peer Master Boot removal from Owner/User management Exfil over Record enumeration Remote connections tools Standard app physical Indicator Services medium Mod. Exist’g Process Replication layer Service removal from enumeration through protocol From local host Standard Registry Run Masquerad- Security removable system non-app Keys ing software media From layer Serv. Reg. Perm. NTFS enumeration Shared network protocol Weakness Extended Service webroot resource Attributes Taint shared Standard Windows Mgmt Obfuscated enumeration content encryption From Instr. Event Window Windows removable Subsc. Payload cipher Rundll32 enumeration admin Uncommonly media Winlogon Helper shares DLL Scripting used port Scheduled Software transfer Packing Timestomp © 2016 The MITRE Corporation. All rights reserved. | 7 | ATT&CK MatrixTactics and Techniques (2016) Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Execution Collection Exfiltration Command and Control DLL Search Order Hijacking Brute Force Account Discovery Windows Remote Management Automated Collection Automated Exfiltration Commonly Used Port Legitimate Credentials Application Window Third-party Software Clipboard Data Data Compressed Communication Through Credential Dumping Accessibility Features Binary Padding Discovery Application Deployment Command-Line Data Staged Data Encrypted Removable Media AppInit DLLs Code Signing Software Execution through API Data from Local System Data Transfer Size Limits Custom Command and Credential Manipulation File and Directory Discovery Local Port Monitor Component Firmware Graphical User Interface Data from Network Shared Exfiltration Over Alternative Control Protocol Exploitation of Vulnerability New Service DLL Side-Loading Credentials in Files Local Network Configuration InstallUtil Drive Protocol Custom Cryptographic Path Interception Disabling Security Tools Input Capture Discovery Logon Scripts PowerShell Protocol Data from Removable Media Exfiltration Over Command Scheduled Task File Deletion Network Sniffing Pass the Hash Process Hollowing Data Obfuscation Local Network Connections and Control Channel Service File Permissions Weakness Discovery Pass the Ticket Regsvcs/Regasm Email Collection Fallback Channels File System Logical Offsets Two-Factor Authentication Service Registry Permissions Weakness Network Service Scanning Remote Desktop Protocol Regsvr32 Input Capture Multi-Stage Channels Interception Exfiltration Over Other Web Shell Indicator Blocking Remote File Copy Rundll32 Screen Capture Network Medium Peripheral Device Discovery Multiband Communication Exploitation of Vulnerability Remote Services Scheduled Task Exfiltration Over Physical Basic Input/Output System Bypass User Account Control Replication Through Scripting Medium Multilayer Encryption Permission Groups Discovery Bootkit DLL Injection Removable Media Service Execution Scheduled Transfer Peer Connections Change Default File Indicator Removal from Process Discovery Shared Webroot Windows Management Remote File Copy Association Tools Query Registry Taint Shared Content Instrumentation Standard Application Layer Component Firmware Remote System Discovery Windows Admin Shares Protocol Indicator Removal on Host Hypervisor Standard Cryptographic Security Software Discovery Logon Scripts InstallUtil Protocol Modify Existing Service Masquerading System Information Standard Non-Application Redundant Access Modify Registry Discovery Layer Protocol Registry Run Keys / Start NTFS Extended Attributes System Owner/User Uncommonly Used Port Folder Obfuscated Files or Discovery Web Service Security Support Provider Information System Service Discovery Shortcut Modification Process Hollowing Windows Management Redundant Access Instrumentation Event Regsvcs/Regasm Subscription Regsvr32 Winlogon Helper DLL Rootkit Rundll32 Scripting Software Packing Timestomp © 2016 The MITRE Corporation. All rights reserved. | 8 | The ATT&CK Model . Consists of: 1. Tactic phases derived from Cyber Attack Lifecycle 2. List of techniques available to adversaries for each phase 3. Possible methods of detection and mitigation 4. Documented adversary use of techniques and software 5. Disambiguation of adversary names . Publically available adversary information is a problem – Not granular enough Image source: US Army – Insufficient volume http://www.flickr.com/photos/35703177@N00/3102597630/ Mr. Potato Head is a registered trademark of Hasbro Inc. © 2016 The MITRE Corporation. All rights reserved. | 9 | Example of Technique Details – Persistence: New Service – Description: When operating systems boot up, they can start programs or applications called services that perform background system functions. … Adversaries may install a new service which will be executed at startup by directly modifying
Recommended publications
  • Transaction Insight Reference Manual Contents  I Admin - Filters - Partner Filter

    Transaction Insight Reference Manual Contents  I Admin - Filters - Partner Filter

    TIBCO Foresight® Transaction Insight® Reference Manual Software Release 5.2 September 2017 Two-second advantage® Important Information SOME TIBCO SOFTWARE EMBEDS OR BUNDLES OTHER TIBCO SOFTWARE. USE OF SUCH EMBEDDED OR BUNDLED TIBCO SOFTWARE IS SOLELY TO ENABLE THE FUNCTIONALITY (OR PROVIDE LIMITED ADD-ON FUNCTIONALITY) OF THE LICENSED TIBCO SOFTWARE. THE EMBEDDED OR BUNDLED SOFTWARE IS NOT LICENSED TO BE USED OR ACCESSED BY ANY OTHER TIBCO SOFTWARE OR FOR ANY OTHER PURPOSE. USE OF TIBCO SOFTWARE AND THIS DOCUMENT IS SUBJECT TO THE TERMS AND CONDITIONS OF A LICENSE AGREEMENT FOUND IN EITHER A SEPARATELY EXECUTED SOFTWARE LICENSE AGREEMENT, OR, IF THERE IS NO SUCH SEPARATE AGREEMENT, THE CLICKWRAP END USER LICENSE AGREEMENT WHICH IS DISPLAYED DURING DOWNLOAD OR INSTALLATION OF THE SOFTWARE (AND WHICH IS DUPLICATED IN LICENSE.PDF) OR IF THERE IS NO SUCH SOFTWARE LICENSE AGREEMENT OR CLICKWRAP END USER LICENSE AGREEMENT, THE LICENSE(S) LOCATED IN THE “LICENSE” FILE(S) OF THE SOFTWARE. USE OF THIS DOCUMENT IS SUBJECT TO THOSE TERMS AND CONDITIONS, AND YOUR USE HEREOF SHALL CONSTITUTE ACCEPTANCE OF AND AN AGREEMENT TO BE BOUND BY THE SAME. This document contains confidential information that is subject to U.S. and international copyright laws and treaties. No part of this document may be reproduced in any form without the written authorization of TIBCO Software Inc. TIBCO and Two-Second Advantage, TIBCO Foresight EDISIM, TIBCO Foresight Instream, TIBCO Foresight Studio, and TIBCO Foresight Transaction Insight are either registered trademarks or trademarks of TIBCO Software Inc. in the United States and/or other countries.
  • This Document Explains How to Copy Ondemand5 Data to Your Hard Drive

    This Document Explains How to Copy Ondemand5 Data to Your Hard Drive

    Copying Your Repair DVD Data To Your Hard Drive Introduction This document explains how to copy OnDemand5 Repair data to your hard drive, and how to configure your OnDemand software appropriately. The document is intended for your network professional as a practical guide for implementing Mitchell1’s quarterly updates. The document provides two methods; one using the Xcopy command in a DOS window, and the other using standard Windows Copy and Paste functionality. Preparing your System You will need 8 Gigabytes of free space per DVD to be copied onto a hard drive. Be sure you have the necessary space before beginning this procedure. Turn off screen savers, power down options or any other program that may interfere with this process. IMPORTANT NOTICE – USE AT YOUR OWN RISK: This information is provided as a courtesy to assist those who desire to copy their DVD disks to their hard drive. Minimal technical assistance is available for this procedure. It is not recommended due to the high probability of failure due to DVD drive/disk read problems, over heating, hard drive write errors and memory overrun issues. This procedure is very detailed and should only be performed by users who are very familiar with Windows and/or DOS commands. Novice computers users should not attempt this procedure. Copying Repair data from a DVD is a time-consuming process. Depending on the speed of your processor and/or network, could easily require two or more hours per disk. For this reason, we recommend that you perform the actual copying of data during non-business evening or weekend hours.
  • 1. Xcopy 2. No, You Cannot Use the Xcopy Command in Your Assignment

    1. Xcopy 2. No, You Cannot Use the Xcopy Command in Your Assignment

    Intro to Operating Systems CNET 173 Assignment #4 Windows / LINUX Command Line Commands You are to list twenty-five command line commands of each operating system (WINDOWS and LINUX). That’s twenty- five WINDOWS commands and twenty-five LINUX commands. For each command you are to give: 1. The command a. Description/Attribute of the command b. Syntax of the command and c. A maximum of five Parameters used with the command and a description of the parameter. (If there are less than five parameters, list all parameters associated with the command.) Each command should be numbered and grouped (all WINDOWS commands with WINDOWS commands). Command information should be listed in the 1, a, b, c order listed above (i.e. command, description, syntax and parameters). This assignment must be typed and submitted through CANVAS. It should include a title page consisting of your name, course name, number, day and time, assignment name, instructor’s name, and due date and the assignment instructions. Example listed below. Windows Command Line Commands 1. xcopy a) Description - Copies files and directories, including subdirectories. b) Syntax xcopy Source [Destination] [/w] [/p] [/c] [/v] [/q] [/f] [/l] [/g] [/d[:mm-dd-yyyy]] [/u] [/i] [/s [/e]] [/t] [/k] [/r] [/h] [{/a|/m}] [/n] [/o] [/x] [/exclude:file1[+[file2]][+[file3]] [{/y|/-y}] [/z] c) Parameters /w : Displays the following message and waits for your response before starting to copy files: Press any key to begin copying file(s) /p : Prompts you to confirm whether you want to create each destination file. /c : Ignores errors. /v : Verifies each file as it is written to the destination file to make sure that the destination files are identical to the source files.
  • View the Slides (Smith)

    View the Slides (Smith)

    Network Shells Michael Smith Image: https://commons.wikimedia.org/wiki/File:Network-connections.png What does a Shell give us? ● A REPL ● Repeatability ● Direct access to system operations ● User-focused design ● Hierarchical context & sense of place Image: https://upload.wikimedia.org/wikipedia/commons/8/84/Bash_demo.png What does a Shell give us? ● A REPL ● Repeatability ● Direct access to system operations ● User-focused design ● Hierarchical context & sense of place Image: https://upload.wikimedia.org/wikipedia/commons/8/84/Bash_demo.png Management at a distance (netsh) Netsh: Configure DHCP servers with netsh -r RemoteMachine -u domain\username [RemoteMachine] netsh>interface [RemoteMachine] netsh interface>ipv6 [RemoteMachine] netsh interface ipv6>show interfaces Reference: https://docs.microsoft.com/en-us/windows-server/networking/technologies/netsh/netsh-contexts Management at a distance (netsh) Netsh: Configure DHCP servers with netsh Location-r RemoteMachine -u domain\username Hierarchical [RemoteMachine] netsh>interfacecontext Simpler [RemoteMachine] netsh interface>ipv6 commands [RemoteMachine] netsh interface ipv6>show interfaces Reference: https://docs.microsoft.com/en-us/windows-server/networking/technologies/netsh/netsh-contexts Management at a distance (WSMan) WSMan (in Powershell): Manage Windows remotely with Set-Location -Path WSMan:\SERVER01 Get-ChildItem -Path . Set-Item Client\TrustedHosts *.domain2.com -Concatenate Reference: https://docs.microsoft.com/en-us/powershell/module/microsoft.wsman.management/about/about_wsman_provider
  • Netsh Commands William John Holden 2014­04­11 (Version 2) Interface Configuration Configure an Ipv4 Address with Subnet Mask and Default Gateway

    Netsh Commands William John Holden 2014­04­11 (Version 2) Interface Configuration Configure an Ipv4 Address with Subnet Mask and Default Gateway

    Netsh Commands William John Holden 2014­04­11 (version 2) Interface Configuration Configure an IPv4 address with subnet mask and default gateway. Omitted netmask implies classful addressing. netsh int ipv4 set address "Local Area Connection" static 192.168.1.3 255.255.255.0 192.168.1.1 Remove an IPv4 address and default gateway from an interface. netsh int ipv4 del address "Local Area Connection" 192.168.1.3 192.168.1.1 You can add more than one IP address to an interface. Additional addresses don't show up in ipconfig without /all. netsh int ipv4 add address "Local Area Connection" 192.168.1.4 Add a global unicast IP with prefix. Prefix is optional and defaults to /64. netsh int ipv6 set address "Local Area Connection" 2001:beef::1/64 Add a link­local IP to an interface. See the similarity to above? netsh int ipv6 add address "Local Area Connection" fe80::6 Delete the IP. Remove a link­local IP the same way. netsh int ipv6 del address "Local Area Connection" 2001:beef::1 Set an IPv6 default route. netsh int ipv6 add route ::/0 "Local Area Connection" fe80::3 Delete the default route. netsh int ipv6 delete route ::/0 "Local Area Connection" fe80::3 Reset Configuration Reset interface configuration completely (requires restart): netsh int ipv6 reset all netsh int ipv4 reset all shutdown ­r ­t 0 Verification (“show commands”) netsh has several commands that are very similar to ipconfig, route print (netstat ­r), netstat ­a, and getmac. Poke around netsh int ipv4 show ? and you’ll find lots of interesting stuff.
  • How to Cheat at Windows System Administration Using Command Line Scripts

    How to Cheat at Windows System Administration Using Command Line Scripts

    www.dbebooks.com - Free Books & magazines 405_Script_FM.qxd 9/5/06 11:37 AM Page i How to Cheat at Windows System Administration Using Command Line Scripts Pawan K. Bhardwaj 405_Script_FM.qxd 9/5/06 11:37 AM Page ii Syngress Publishing, Inc., the author(s), and any person or firm involved in the writing, editing, or produc- tion (collectively “Makers”) of this book (“the Work”) do not guarantee or warrant the results to be obtained from the Work. There is no guarantee of any kind, expressed or implied, regarding the Work or its contents.The Work is sold AS IS and WITHOUT WARRANTY.You may have other legal rights, which vary from state to state. In no event will Makers be liable to you for damages, including any loss of profits, lost savings, or other incidental or consequential damages arising out from the Work or its contents. Because some states do not allow the exclusion or limitation of liability for consequential or incidental damages, the above limitation may not apply to you. You should always use reasonable care, including backup and other appropriate precautions, when working with computers, networks, data, and files. Syngress Media®, Syngress®,“Career Advancement Through Skill Enhancement®,”“Ask the Author UPDATE®,” and “Hack Proofing®,” are registered trademarks of Syngress Publishing, Inc.“Syngress:The Definition of a Serious Security Library”™,“Mission Critical™,” and “The Only Way to Stop a Hacker is to Think Like One™” are trademarks of Syngress Publishing, Inc. Brands and product names mentioned in this book are trademarks or service marks of their respective companies.
  • How Will You Troubleshoot the Issue? What Are the Steps to Followed? A

    How Will You Troubleshoot the Issue? What Are the Steps to Followed? A

    1. A user in a corporate network contacts service desk saying he/she has lost network connectivity: How will you troubleshoot the issue? What are the steps to followed? A. First I will check the network cable is plugged in or not. Then check the network connections and the ip address is assigned or not. Then check connecting to website or not. IP conflict. 2. A User calls in and complains that her computer and network is running very slow. How would go about troubleshooting it? A. 3. How would you create an email account for a user already in AD? A. Open Microsoft Outlook if you are using office 2000, and click on "Tools" tab. Go to "Email Accounts". There you can find two option like Email and Directory. Click on "Add a new Account" and click next. If you are using Exchange Server then click over there, this depends on that particular Organization. According to the their setup you have to choose. And if you are using POP3 server then next popup will come along with your name, email address POP3 and SMTP IP address, Password etc. and after that click on Next and finish it..... 4. A PC did not receive an update from SMS. What steps would we take to resolve this? A. If SMS not updated in client system. 1. Need to check system getting IPaddress or not. 2. Need to check system in domain or not 3.Ensure that windows firewall should be off. 5. How do you set the IP address by using the command prompt A.
  • Threat Advisory: Eternalrocks

    Threat Advisory: Eternalrocks

    McAfee Labs Threat Advisory EternalRocks June 6, 2017 McAfee Labs periodically publishes Threat Advisories to provide customers with a detailed analysis of prevalent A malware. This Threat Advisory contains behavioral information, characteristics, and symptoms that may be used to n mitigate or discover this threat, and suggestions for mitigation in addition to the coverage provided by the DATs. d To receive a notification when a Threat Advisory is published by McAfee Labs, select to receive “Malware and Threat Reports” at the following URL: https://www.mcafee.com/enterprise/en-us/sns/preferences/sns-form.html. Summary EternalRocks is a network worm which uses the SMB exploits ETERNAL BLUE, ETERNALCHAMPION, ETERNALROMANCE, and ETERNALSYNERGY along with related programs DOUBLEPULSAR, ARCHITOUCH, and SMBTOUCH to spread. McAfee products detect this threat under the following detection names: • Trojan-EtrnlRock • Trojan.EternalRocks • Trojan-Bluedoom • HackTool-Shadowbrokers • RDN/Generic.grp • RDN/Generic.dx • RDN/Trojan-EtrnlRock • RDN/Generic Downloader.x Detailed information about the threat, its propagation, characteristics, and mitigation are in the following sections: • Infection and Propagation Vectors • Mitigation • Characteristics and Symptoms • Restart Mechanism • Remediation • McAfee Foundstone Services Infection and Propagation Vectors Even though this has not been confirmed, the malware’s initial vector is expected to be spam email. The malware spreads by exploiting shares and uses the EternalBlue (MS17-010 Echo Response - SMB vulnerability) vulnerability. The authors have used publicly available exploit code and embedded it as a part of their dropper. On execution, the malware connects to the IPC$ tree and attempts a transaction on FID 0, triggers the vulnerability, and then exploits it.
  • Command-Line IP Utilities This Document Lists Windows Command-Line Utilities That You Can Use to Obtain TCP/IP Configuration Information and Test IP Connectivity

    Command-Line IP Utilities This Document Lists Windows Command-Line Utilities That You Can Use to Obtain TCP/IP Configuration Information and Test IP Connectivity

    Guide to TCP/IP: IPv6 and IPv4, 5th Edition, ISBN 978-13059-4695-8 Command-Line IP Utilities This document lists Windows command-line utilities that you can use to obtain TCP/IP configuration information and test IP connectivity. Command parameters and uses are listed for the following utilities in Tables 1 through 9: ■ Arp ■ Ipconfig ■ Netsh ■ Netstat ■ Pathping ■ Ping ■ Route ■ Tracert ARP The Arp utility reads and manipulates local ARP tables (data link address-to-IP address tables). Syntax arp -s inet_addr eth_addr [if_addr] arp -d inet_addr [if_addr] arp -a [inet_address] [-N if_addr] [-v] Table 1 ARP command parameters and uses Parameter Description -a or -g Displays current entries in the ARP cache. If inet_addr is specified, the IP and data link address of the specified computer appear. If more than one network interface uses ARP, entries for each ARP table appear. inet_addr Specifies an Internet address. -N if_addr Displays the ARP entries for the network interface specified by if_addr. -v Displays the ARP entries in verbose mode. -d Deletes the host specified by inet_addr. -s Adds the host and associates the Internet address inet_addr with the data link address eth_addr. The physical address is given as six hexadecimal bytes separated by hyphens. The entry is permanent. eth_addr Specifies physical address. if_addr If present, this specifies the Internet address of the interface whose address translation table should be modified. If not present, the first applicable interface will be used. Pyles, Carrell, and Tittel 1 Guide to TCP/IP: IPv6 and IPv4, 5th Edition, ISBN 978-13059-4695-8 IPCONFIG The Ipconfig utility displays and modifies IP address configuration information.
  • Falcon DOS Portable Terminals Advanced User's Guide

    Falcon DOS Portable Terminals Advanced User's Guide

    ! " #$% & " ' ()**%++,,,&% & " !"# $ $ % &' $ % ( ( % )*+ (*,' (% $ )(+ $ - !!. !!/$ 0 1 2 + + 2 3'4 0 5 -../ .+ 0 % &6 (*, % $ & & &/,( % & & ( &/,( 0 &(*, % & ! "#$%#$&#'%#'&( !! ! )!* 0 $ $ 0 3&7 4 8 $ 9 8 % 2 $ : $ 1 0 ; < $ ; * $ , . % $ / ) = ) $ # 0 , $ # 0 ( ( " & > 0 & > ? ! % , < 9 $ ; 0 ++ . 0 + = 0 & 2
  • [D:]Path[...] Data Files

    [D:]Path[...] Data Files

    Command Syntax Comments APPEND APPEND ; Displays or sets the search path for APPEND [d:]path[;][d:]path[...] data files. DOS will search the specified APPEND [/X:on|off][/path:on|off] [/E] path(s) if the file is not found in the current path. ASSIGN ASSIGN x=y [...] /sta Redirects disk drive requests to a different drive. ATTRIB ATTRIB [d:][path]filename [/S] Sets or displays the read-only, archive, ATTRIB [+R|-R] [+A|-A] [+S|-S] [+H|-H] [d:][path]filename [/S] system, and hidden attributes of a file or directory. BACKUP BACKUP d:[path][filename] d:[/S][/M][/A][/F:(size)] [/P][/D:date] [/T:time] Makes a backup copy of one or more [/L:[path]filename] files. (In DOS Version 6, this program is stored on the DOS supplemental disk.) BREAK BREAK =on|off Used from the DOS prompt or in a batch file or in the CONFIG.SYS file to set (or display) whether or not DOS should check for a Ctrl + Break key combination. BUFFERS BUFFERS=(number),(read-ahead number) Used in the CONFIG.SYS file to set the number of disk buffers (number) that will be available for use during data input. Also used to set a value for the number of sectors to be read in advance (read-ahead) during data input operations. CALL CALL [d:][path]batchfilename [options] Calls another batch file and then returns to current batch file to continue. CHCP CHCP (codepage) Displays the current code page or changes the code page that DOS will use. CHDIR CHDIR (CD) [d:]path Displays working (current) directory CHDIR (CD)[..] and/or changes to a different directory.
  • INFORMATION TECHNOLOGY CONCEPTS-OPEN - REGIONAL 2019 Page 1 of 8

    INFORMATION TECHNOLOGY CONCEPTS-OPEN - REGIONAL 2019 Page 1 of 8

    INFORMATION TECHNOLOGY CONCEPTS-OPEN - REGIONAL 2019 Page 1 of 8 INFORMATION TECHNOLOGY CONCEPTS (391) —OPEN EVENT— REGIONAL – 2019 DO NOT WRITE ON TEST BOOKLET TOTAL POINTS _________ (100 points) Failure to adhere to any of the following rules will result in disqualification: 1. Contestant must hand in this test booklet and all printouts. Failure to do so will result in disqualification. 2. No equipment, supplies, or materials other than those specified for this event are allowed in the testing area. No previous BPA tests and/or sample tests or facsimile (handwritten, photocopied, or keyed) are allowed in the testing area. 3. Electronic devices will be monitored according to ACT standards. No more than sixty (60) minutes testing time Property of Business Professionals of America. May be reproduced only for use in the Business Professionals of America Workplace Skills Assessment Program competition. INFORMATION TECHNOLOGY CONCEPTS-OPEN - REGIONAL 2019 Page 2 of 8 MULTIPLE CHOICE Identify the choice that best completes the statement or answers the question. Mark A if the statement is true. Mark B if the statement is false. 1. Which of the following appears on the right side of any Windows 8 screen when you move your pointer to a right corner? A. Live tile B. Memory Manager C. Charms bar D. System tray 2. Which element of the Windows 7 GUI gives windows a glassy appearance, but also consumes more hardware resources? A. Control panel B. Aero user interface C. Charms interface D. Logic interface 3. The top of a top-down hierarchical structure of subdirectories is called which of the following? A.