Using Windows Command Line

Machines

You can connect to the exam machine via SSH (Secure Shell) using the following information. SSH Username: Administrator SSH Password: password123!

---

Connect to the exam machine

We’ll use SSH (Secure Shell) to open a remote session to the Windows server.

1. On your local computer, open Command Prompt or PowerShell.

2. Type this and press Enter:

   ssh Administrator@172.20.10.158

3. When it asks for a password, type:

   password123!

   ✅ If you connect successfully, you’ll see something like:

PS C:\Users\Administrator>

---

Question-by-Question Approach

🟩 Question 1 — What command corresponds to the alias 'HoldenManeuver'?

Aliases are short names for PowerShell commands. Run:

Get-Alias -Name HoldenManeuver

If it exists, you’ll see something like:

Answer: Get-Runspace

Try another method:

Run this:

Get-Alias | findstr Holden

---

🟩 Question 2 — How many books are found under Documents\Books?

Run this:

Get-ChildItem "C:\Users\Administrator\Documents\Books" -File -Recurse | Measure-Object

You’ll see:

Answer: 9

---

🟩 Question 3 — Which cmdlet is used to display a list of processes on the system?

Run:

Get-Process

➡️ This command lists all running programs. So the cmdlet is Get-Process.

Answer: Get-Process

---

🟩 Question 4 — How many services have 'MCRN' in their name?

Run:

Get-Service | Where-Object { $_.Name -like "*MCRN*" -or $_.DisplayName -like "*MCRN*" } | Measure-Object

You’ll get:

Answer: 5

You can see them with:

Get-Service | Where-Object { $_.Name -like "*MCRN*" -or $_.DisplayName -like "*MCRN*" }

---

🟩 Question 5 — How many active users are there in the Active Directory environment?

If the system is joined to Active Directory:

Import-Module ActiveDirectory
Get-ADUser -Filter {Enabled -eq $true} | Measure-Object

➡️ It returns something like Count : 8

If it gives an error “module not found”, it means AD tools aren’t installed — that’s okay, just note that the system might not be a domain controller.

---

🟩 Question 6 — Which local group mentions “certificates”

Run:

Get-LocalGroup | Where-Object { $_.Description -match "certificate" }

Example output:

Name                  Description
----                  -----------
Certificate Service DCOM Access   Members are allowed to access certification authority

➡️ Answer: Certificate Service DCOM Access

---

🟩 Question 7 — Which command downloads files

PowerShell can download using these:

Invoke-WebRequest -Uri "http://example.com/file.txt" -OutFile "C:\Temp\file.txt"

➡️ The cmdlet is Invoke-WebRequest

(Alternative: Start-BitsTransfer also works.)

---

🟩 Question 8 — Get the build number

Run:

(Get-ItemProperty "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion").BuildNumber

Output example:

19045

➡️ Answer: 19045

---

🟩 Question 9 — Find installed HotFixID

Run:

Get-HotFix

Example:

Source        Description      HotFixID    InstalledOn
------        -----------      --------    -----------
Server01      Update           KB5034441   10/12/2024

➡️ Answer: KB5034441

---

🟩 Question 10 — Is Windows Defender running?

Run:

Get-Service WinDefend

If it shows:

Status   Name               DisplayName
------   ----               -----------
Running  WinDefend          Microsoft Defender Antivirus Service

➡️ Answer = Yes

If it shows “Stopped” or “Disabled”, answer No.

---

🟩 Question 11 — Which user has read-only access to “Abaddon’s Gate”

Run:

Get-Acl "C:\Users\Administrator\Documents\Books\Abaddon's Gate" | Select-Object -ExpandProperty Access

You’ll see something like:

IdentityReference : User1
AccessControlType : Allow
FileSystemRights  : Read

➡️ Answer: User1

If there’s an extension (like .txt), include it:

Get-Acl "C:\Users\Administrator\Documents\Books\Abaddon's Gate.txt"

---