70-660 - TS: Windows Internals

Go back to Microsoft

Example Questions

You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you - provide technical support for the company. There is a colleague named Jason in the company. He has a computer which is named C01. Windows Server 2003 is run by C01. He has to find out the maximum size available for the paged pool on the computer. But he is not clear about which tool he should use. Since you are the technical support, he asks for your answer. So which of the following tools should be used? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is a computer named C02 in the company. Windows Server 2008 is run by this computer. You find that most of the CPU time is used by the LSASS process. On the computer, a complete memory dump file is generated by you. You have to view the kernel-mode and user-mode stacks of all threads in the LSASS process. Of the following WinDbg commands, which one should be used? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is a colleague named Jason in the company. He has a computer which is named C01. Windows Server 2003 is run by C01. He has to find out the maximum size available for the paged pool on the computer. But he is not clear about which tool he should use. Since you are the technical support, he asks for your answer. So which of the following tools should be used? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is a computer named C02 in the company. Windows Vista has been installed on C02. You start C02 and have a hardware device attached to the computer. Since you are the technical support, the company assigns a task to you. The company wants you to debug the creation of the functional device object (FDO) for the hardware device. Which routine should you debug? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. According to the company requirement, a custom application is developed by you. At the time that User Account Control (UAC) is enabled, the application fails to run under Windows Vist You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. At present, you are utilizing WinDbg to debug a Windows Server 2008 service. A thread named ThreadA is created by the service. The company CIO wants to see how much CPU time Thread1 uses. Since you are the technical support, the company assigns this task to you. Of the following WinDbg commands, which one should be used? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. According to the company requirement, an application is being designed by you. This application will write to a local transactional log. As required by the company, you must make sure that even if a system failure occurs, each write operation is committed to the physical disk in chronological order. Which I/O method should be used by your application? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. According to the company requirement, you are debugging a Windows device driver. An unexpectedly long delay occurs on the device driver. You locate the problem in the following synchronization mechanism. kd> dt var_sema Local var @ 0xf9dfbc48 Type _KSEMAPHORE +0x000 Header : _DISPATCHER_HEADER +0x010 Limit : 2 kd> dt nt!_DISPATCHER_HEADER f9dfbc48 +0x000 Type : 0x5 '' +0x001 Absolute : 0xe6 '' +0x002 Size : 0x5 '' +0x003 Inserted : 0xbb '' +0x004 SignalState : 0 +0x008 WaitListHead : _LIST_ENTRY [ 0x819ca438 - 0x819ca438 ] kd> dt nt!_KWAIT_BLOCK 0x819ca438 +0x000 WaitListEntry : _LIST_ENTRY [ 0xf9dfbc50 - 0xf9dfbc50 ] +0x008 Thread : 0x819ca3c8 _KTHREAD +0x00c Object : 0xf9dfbc48 +0x010 NextWaitBlock : 0x819ca480 _KWAIT_BLOCK +0x014 WaitKey : 0 +0x016 WaitType : 1 kd> dt nt!_KWAIT_BLOCK 0xf9dfbc50 +0x000 WaitListEntry : _LIST_ENTRY [ 0x819ca438 - 0x819ca438 ] +0x008 Thread : 0x00000002 _KTHREAD +0x00c Object : 0xfd050f80 +0x010 NextWaitBlock : 0xffffffff _KWAIT_BLOCK +0x014 WaitKey : 0 +0x016 WaitType : 0 You have to find out the number of threads that the semaphore currently has waiting. How many threads does the semaphore currently have waiting? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is a colleague named Jason in the company. He has a computer which runs Windows Vista. The computer has the kernel debugging option enabled. A partial checked build of the kernel (ntoskrnl.chk) and the HAL (halacpi.chk) need to be loaded from the debug target. But he is not clear about what to do. Since you are the technical support, he asks for your help. What action should you perform? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. According to the company requirement, an application is created by you. You must make sure that the application is able to use the CreateFile function to read from COM port 10. Of the following device name, which one should you open? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is a colleague named Jason in the company. He has a computer which is named C01. Windows Server 2003 is run by C01. A service named Service01 has been installed on C01. Service01 plays the role of a shared process and it is hosted by the\ generic host process svchost.exe. Now Service01 needs to be an isolated process. Since you are the technical support, he asks you to achieve this for him. So what action should you perform? You work a windows developer at Company.com. the Company.com network consists of a single active directory domain named Company.com. Company.com currently makes use of a computer named -ws01 which runs microsoft windows vist A . during the course of the day whilst performing routine maintenance you discover that a particular service process uses 100 percent of the cpu. Company.com recently instructed you to force a process dump of the service. what should you do? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working\ correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. According to the company requirement, an application is created by you. You must make sure that the application is able to use the CreateFile function to read from COM port 10. Of the following device name, which one should you open? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is a complete kernel dump that was generated on an unresponsive computer. You debug the kernel dump by using WinDbg. You receive the following output from WinDbg. kd> kv ChildEBP RetAddr Args to Child f9bfeed8 f98857fa 000000e2 00000000 00000000 nt!KeBugCheckEx+0x1b (FPO: [Non-Fpo]) f9bfeef4 f9885032 00644d40 010000c6 00000000 i8042prt!I8xProcessCrashDump+0x237 (FPO: [Non-Fpo]) f9bfef3c 8054093d 815c84c8 81644c88 00010009 i8042prt!I8042KeyboardInterruptService+0x21c (FPO: [Non-Fpo]) f9bfef3c f9e9938a 815c84c8 81644c88 00010009 nt!KiInterruptDispatch+0x3d (FPO: [0,2] TrapFrame @ f9bfef60) WARNING: Stack unwind information not available. Following frames may be wrong. f9bfefd0 80540f7d f9e998a0 00000000 00000000 pldkrl+0x38a f9bfeff4 80540c4a f7627b50 00000000 00000000 nt!KiRetireDpcList+0x46 (FPO: [0,0,0]) f9bfeff8 f7627b50 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a (FPO: [Uses EBP] [0,0,1]) 80540c4a 00000000 00000009 bb835675 00000128 0xf7627b50 kd> .trap f9bfef60 ErrCode = 00000000 eax=ffdff980 ebx=ffdff000 ecx=f9e9938a edx=f9e998a0 esi=00000000 edi=806d02e2 eip=f9e9938a esp=f9bfefd4 ebp=ffdff980 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0000 es=e8ae fs=0000 gs=c20e efl=00000246 pldkrl+0x38a: f9e9938a ebfe jmp pldkrl+0x38a (f9e9938a) You have to find out what is causing the computer to become unresponsive. So what is causing the problem? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. According to the company requirement, an application is being designed by you. Because of an access violation, the application fails. A heap corruption causes the access violation. Now the company wants you to find out what causes the heap corruption. Of the following tools, which one should be used? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. You are in charge of an application named MyApp. This application fails sometimes and displays the following exception code: 0xC0000005 According to the indication of the call stack, MyApp fails in different locations including ntdll.dll and MyApp.exe. The functions main and doRealWork are always included in the stack trace always. You review the source code for MyApp.exe and find the following code snippet: #include <string.h> #include <stdio.h> extern void doRealWork(char *); char * myfunc(char *); void main(int argc,char *argv[]) { char * szLocalBuffer; szLocalBuffer = myfunc("Data Pay load"); if (!szLocalBuffer) { printf("a failure has occured\r\n"); } else { doRealWork(szLocalBuffer); } } char * myfunc(char *szData) { char *szBuffer; szBuffer=(char*)malloc(10); if(szBuffer) { sprintf(szBuffer,"The data passed to this function was %s",szData); return szBuffer; } else { return NULL; } } In the above code, you resolve the error. You find that MyApp.exe continues to fail with the same call stacks. You have to find out what is causing the application to fail. So what action should you perform? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. You have a colleague named Jason in the sales department. He has a computer which is named C01. Windows Server 2003 is run by C01. He finds that the total kernel-mode CPU time for all processes is 60 percent, and the total kernelmode CPU time for the processor is 80 percent. He wants to find out what is using the rest 20 percent of the kernel-mode CPU time. Since you are the technical support, he asks for your help. So of the\ following Perfmon counters, which should be used? (choose more than one) You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. You are in charge of an application service. Because of heap corruption, it crashes intermittently. When it occurs, you have to detect the heap corruption. Of the following tolls, which one should be used? You work a windows developer at Company.com. the Company.com network consists of a single active directory domain named Company.com. Company.com currently makes use of a computer named -sr01 which runs windows server 2008. during the course of the business day you receive instruction from Company.com to develop a device drive which will be used by microsoft windows server 2008. Company.com additionally requested that you identify all the driver routines which consume more than 50 percent of the cpu. What should you do? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. According to the company requirement, a new device driver is installed and run by you. But the following error message pops up. Event ID: 2020 Source: Srv Description: The server was unable to allocate from the system paged pool because the pool was empty. You notice that kernel memory pool leaks occur and this may be caused by a device driver. You discover a kernel memory allocation tag named TAG1 that belongs to the leaked memory. Therefore, you have to find out the device driver and the corresponding call stack that is causing the memory leak. So what action should you perform? You work a windows developer at the london office of Company.com. the Company.com network consists of a single active directory domain named Company.com. Company.com currently makes use of a computer named -sr01 which runs windows server 2008. during the course of the day you travel to the miami branch office to deploy a workstation named -ws02 which runs Microsoft windows vist A . Company.com recently requested that you create a hardware device driver whilst creating a report which displays a timeline of the device driver activity below: 1. the report should display a timeline showing the processor time spent in interrupt service routine (isr) and deferred procedure calls (dpcs) and corresponding call stack. What should you do? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. For a hardware device, a Windows device driver is developed by you. A simple direct memory access (DMA) controller is used by the hardware device which does not perform virtual address translation. A 64-KB buffer needs to be allocated in Windows. A DMA transfer of 64 KB from the hardware device is accepted by the buffer. Which routine should be used? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is a computer named C02 in the company. Windows Vista has been installed in C02. Sometimes the computer performs slowly. At the time that the computer has a slow performance, you notice that 90 percent of the CPU is used by the System process. You identify the high CPU usage is caused by the System process thread. The thread has the start address ntkrnlpa.exe|ExpWorkerThread. You have to find out which functions the thread calls and how much CPU time each function uses. Which tool should you choose to use? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is a colleague named Jason in the company. He has a file server that runs Windows Server 2003. The file server often stops responding after he receives the following error message in the event log. Error: 2019: The server was unable to allocate from the system nonpaged pool because the pool was empty. He has to find out which kernel driver is depleting all memory in the system nonpaged pool. But he has no idea about which tool he should use. Since you are the technical support, he asks for your answer. So which of the following tools should be used? You work a windows developer at Company.com. the Company.com network consists of a single active directory domain named Company.com. Company.com currently makes use of a computer named -sr01 which runs windows server 2008. during the course of the business day you receive instruction from Company.com to design an application which writes to a local transactional log. Company.com has additionally instructed you to ensure when a system failure occurs that each write operation would be committed to the physical disk in chronological order. what should you do? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. A new audio miniport driver is created by you. You have to use the Driver Verifier tool to test the driver. The tests must verify memory overruns, memory underruns and memory that is accessed after it is freed. In order to test the driver, which option of Driver Verifier should be used? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. You are in charge of a multithreaded application. Now is being tested by you. You have to use Perfmon to test the application for heap leaks. Of the following counters, which one should be monitored? You work a windows developer at Company.com. the Company.com network consists of a single active directory domain named Company.com. Company.com currently makes use of a computer named -sr01 which runs windows server 2008. during the course of the business day you receive instruction from Company.com to create a telecommunications application which requires having the application read the i/o synchronously. Company.com wants you to have the i/o operation - initiated. what should you do? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is a computer named C02 in the company. Windows Server 2008 is run by C02. The computer crashes every week and a complete memory dump is created. The !analyze command is run from WinDbg by you and get the following output: Bad_Pool_Header 0x0000000019 (0x0000000020, 0xa34583b8, 0xa34584f0, 0x0a270001) You need to identify the pool tag that is associated with the Bad_Pool_Header pool allocation. Of the following WinDbg commands, which one should be used? You work a windows developer at Company.com. the Company.com network consists of a single active directory domain named Company.com. Company.com currently makes use of a computer named -sr01 which runs windows server 2008. during the course of the business day you receive instruction from Company.com to write an i/o dispatch routine for a windows device driver. the i/o dispatch routine written for the driver supports buffered i/o and transfers1-kb from the i/o request packet (irp). Company.com wants you to have the kernel address of the 1-kb buffer of the i/o request packet (irp) retrieved. what should you do? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is a complete kernel dump that was generated on an unresponsive computer. You debug the kernel dump by using WinDbg. You receive the following output from WinDbg. - kd> kv ChildEBP RetAddr Args to Child f9bfeed8 f98857fa 000000e2 00000000 00000000 nt!KeBugCheckEx+0x1b (FPO: [Non- Fpo]) f9bfeef4 f9885032 00644d40 010000c6 00000000 i8042prt!I8xProcessCrashDump+0x237 (FPO: [Non-Fpo]) f9bfef3c 8054093d 815c84c8 81644c88 00010009 i8042prt!I8042KeyboardInterruptService+0x21c (FPO: [Non-Fpo]) f9bfef3c f9e9938a 815c84c8 81644c88 00010009 nt!KiInterruptDispatch+0x3d (FPO: [0,2] TrapFrame @ f9bfef60) WARNING: Stack unwind information not available. Following frames may be wrong. f9bfefd0 80540f7d f9e998a0 00000000 00000000 pldkrl+0x38a f9bfeff4 80540c4a f7627b50 00000000 00000000 nt!KiRetireDpcList+0x46 (FPO: [0,0,0]) f9bfeff8 f7627b50 00000000 00000000 00000000 nt!KiDispatchInterrupt+0x2a (FPO: [Uses EBP] [0,0,1]) 80540c4a 00000000 00000009 bb835675 00000128 0xf7627b50 kd> .trap f9bfef60 ErrCode = 00000000 eax=ffdff980 ebx=ffdff000 ecx=f9e9938a edx=f9e998a0 esi=00000000 edi=806d02e2 eip=f9e9938a esp=f9bfefd4 ebp=ffdff980 iopl=0 nv up ei pl zr na pe nc cs=0008 ss=0010 ds=0000 es=e8ae fs=0000 gs=c20e efl=00000246 pldkrl+0x38a: f9e9938a ebfe jmp pldkrl+0x38a (f9e9938a) You have to find out what is causing the computer to become unresponsive. So what is causing the problem? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. For a PCI device, a device driver is created by you. The PCI device runs on Windows Server 2003 computers. The device drivers interrupt processing is tested by you. The computer stops responding. You have to use WinDbg to locate the list of interrupt handling routines in the crash dump. Which command should be used? You work a windows developer at the london office of Company.com. the Company.com network consists of a single active directory domain named Company.com. Company.com currently makes use of a computer named -sr01 which runs windows server 2008. during the course of the day you travel to the philadelphia branch office and deploy an additional server named -sr03 which runs windows server 2008. you have later noticed that -sr03 frequently crashes and you decided to perform a complete memory dump. Company.com later requested that you run the windbg !analyze command and you receive the output shown below: bad_pool_header 0x0000000019 (0x0000000020, 0xa34583b8, 0xa34584f0, 0x0a270001) Company.com wants you to have the pool tag associated with the bad_pool_header pool allocation identified. what should you do? You are the IT professional who work in an International company named Wiikigo. You are - experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. For a hardware device, a Windows device driver is developed by you. A simple direct memory access (DMA) controller is used by the hardware device which does not perform virtual address translation. A 64-KB buffer needs to be allocated in Windows. A DMA transfer of 64 KB from the hardware device is accepted by the buffer. Which routine should be used? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. You develop a hardware device driver for Windows Vista. You need to view a report. The report displays a timeline of the following device driver activity: Processor time spent in interrupt service routine (ISR), deferred procedure calls (DPCs) and the corresponding call stack. Which of the following tools should be used? You work a windows developer at Company.com. the Company.com network consists of a single active directory domain named Company.com. Company.com currently makes use of a computer named -sr01 which runs windows server 2008. during the course of the day you deploy an additional server named -sr02 which runs microsoft windows server 2003. a network user named rory allen has recently reported that the total kernel-mode cpu time for all the processes are at sixty percent whilst the total cpu time for the processor is at eighty percent. Company.com wants you to determine which processes are consuming the remaining twenty percent of the cpu time. What should you do? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. According to the company requirement, an I/O dispatch routine is being written by you for a Windows device driver. buffered I/O is supported by the device driver. 1 KB of data to the user process is transferred by the dispatch routine. The kernel address of the 1-KB buffer needs to be retrieved from the I/O request packet (IRP). Which field of the IRP contains the kernel address? You work a windows developer at Company.com. the Company.com network consists of a single active directory domain named Company.com. Company.com currently makes use of a computer named -sr01 which runs windows server 2008. during the course of the day you receive instruction from Company.com to make use of winddbg for debugging a windows server service which creates a thread named kingthreaD. Company.com additionally instructs you to determine the amount of cpu time consumed by kingthread. What should you do? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is an application for you to troubleshoot. This application runs on Windows Vista computers. The application does not close all of the files it has open. You have to find out the files that the application has open currently. So which tool should be used? You work a windows developer at the london office of Company.com. the Company.com network consists of a single active directory domain named Company.com. Company.com currently makes use of a computer named -sr01 which runs windows server 2008. during the course of the day you travel to the miami branch office and create an audio miniport driver for a client computer. Company.com has additionally requested that you test the driver making use of the driver verifier to check for memory over or under runs and memory accessed after being freed. what should you do? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. According to the company requirement, you develop a device driver. This device driver is used on computers that run Windows Server 2008. You have to find out the drivers routines that use more than 50 percent of the computers CPU. Which of the following tools should be used? You work a windows developer at Company.com. the Company.com network consists of a single active directory domain named Company.com. Company.com currently makes use of a computer named -sr01 which runs windows server 2008. during the course of the business day you receive instruction from Company.com to create a new audio miniport driver. Company.com wants you to have the driver tested using the drive verifier tool to ensure the conditions below are checked: 1. the driver verifier tool should check for memory overruns 2. the driver verifier tool should check for memory underruns 3. the driver verifier tool should check for memory accessed after being freed. what should you do? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. For a hardware device, you are developing a Windows device driver. You will install the device driver and hardware device on computers that run Windows Server 2008. Now you have to find out the amount of time that the processor uses to receive and process interrupts. Which of the following tools should be used? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. For Windows XP, a device driver is created by you. This device driver runs on uniprocessor systems only. A system thread and a deferred procedure call (DPC) are created by the driver. The DPC is invoked by a repeating timer. Both the thread and the DPC must process entries from the same work queue. You must make sure that the system thread and the DPC are synchronized. Which IRQ Level (IRQL) should be used? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. For a hardware device, you are debugging a device driver. You run !pte 2652b8 from WinDbg and get the following output: VA 002652b8 PDE at 00000000C0600008 PTE at 00000000C0001328 contains 00000000006CB067 contains 800000000C20F067 pfn 6cb ---DA--UWEV pfn c20f ---DA--UW-V You need to find out physical address for the virtual address 002652b8. So what is the physical address? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. According to the company requirement, a user mode application is being developed by you. Two processes are contained in this application. The two processes need to be allowed to synchronize access to a shared data area. Which synchronization primitive should be used? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. You are in charge of an application. Two processes are contained in this application. Several custom dynamic link libraries (DLLs) need to be loaded by both of the processes. The DLL entry point is named DllMain. A third-party DLL is loaded by DllMain. You have to avoid loader deadlock and make sure that the application is able to use the third-party DLL at all times. What action should you perform in DllMain? You work a windows developer at the london office of Company.com. the Company.com network consists of a single active directory domain named Company.com. Company.com currently makes use of a computer named -sr01 which runs windows server 2008. during the course of the day you travel to the miami branch office and deploy a workstation named -ws21. whilst making use of -ws21 you discover that the lsass process makes use of the majority cpu timE. You have later received instruction from Company.com to generate a complete memory dump of - ws21. Company.com wants you to view the kernel-mode and user-mode stacks of all threads in the lsass process. What should you do? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. Now you receive an order from the company. The company plans to update a device driver on a Windows system. A copy of the device driver file is downloaded from the Internet by you, but you are not sure whether the device driver is legitimate. Therefore, you have to validate the device drivers digital signature. Of the following tools, which one should be used? You are the IT professional who work in an International company named Wiikigo. You are experienced in troubleshooting operating systems and applications that are not working correctly, identifying code defects and so on. You have enough knowledge on windows internals and you provide technical support for the company. There is a colleague named Jason in the company. He has a computer which is named C01. Windows Server 2003 is run by C01. A service named Service01 has been installed on C01. Service01 plays the role of a shared process and it is hosted by the generic host process svchost.exe. Now Service01 needs to be an isolated process. Since you are the technical support, he asks you to achieve this for him. So what action should you perform?