Basic knowledge of Level 4 Information Security Engineer

This time I passed the QVQ multiple choice. It was toxic. When I tried to pass the QVQ, there were obviously several questions with the same questions, but the answers were different. When I passed the QVQ exam, I happened to pass this question ==
and I still have questions that I can’t understand. . . I couldn't understand the analysis, and Blizzard wept. I haven’t learned the operating system before, so I spent about a month and a half studying the "Computer Operating System (Fourth Edition)" on my own, and then directly played hard core propositions. After almost three months, I passed the test. Although the score is very low, But somehow drifted by. . . So let’s post my notes.
PS. The exams of network engineers and security engineers are exactly the same! ! ! !

operating system

System and processor

1. Operating system structure is divided into integral structure, hierarchical structure, and microkernel structure
2. Operating system interface: command interface program interface graphic interface interface
3. I/O device allocation algorithm: first come first served and high priority service
4. The system is divided into three types of environments: batch processing environment, interactive environment, and real-time environment
5. The time-sharing operating system has the characteristics of diversification, interactivity (convenient to debug the program), exclusivity and timeliness
6. Batch processing operating system: batch processing of user jobs, high system resource utilization, high job throughput
7. The interactive system host interacts with multiple clients, requiring fast response time and balanced performance for each user experience
8. Multi-level feedback queue, time slice rotation, high priority, suitable for interactive operating system
9. The micro-kernel structure of the operating system has high reliability, high flexibility, and is suitable for distributed processing
10. In the preemptive scheduling system, the possible reasons for the process to transition from the running state to the ready state are: the process is created, the time slice is exhausted, and the processor is preempted by the scheduler.
11. A real-time operating system refers to an operating system in which a computer can respond to external event requests in a timely manner within a specified time, and at the same time complete the processing of the event, and can control all real-time equipment and real-time tasks to coordinate work.
    Features: In a strict time frame, real-time response to user requests, overload protection and high reliability.
12. The scheduling algorithms commonly used in batch processing systems are: first come first serve, shortest job first, shortest remaining time first, and the highest response ratio first
13. Commonly used scheduling algorithms in time-sharing systems include: time slice rotation, multi-level feedback queue algorithm
14. In I/P management equipment, the main data structure and distribution data of equipment allocation are system equipment table, equipment control table, and controller control table.
15. The entire I/O system can be seen as a four-level system structure: user I/O software layer, operating system software layer, device driver layer, and interrupt handler
16. Typical I/O technologies include buffer technology, device allocation technology, SPOOLing technology, DMA and channel technology
17. I/O interrupt is generated after data transmission, equipment error, keyboard input
18. The data transfer and control methods between the device and the CPU include direct program control, interrupt control, DMA, and channel control
19. There are three major components of SPOOLing system: input well. Output well; output buffer and input buffer, input process spi and output process SPo
20. The hardware structure of the computer I/O system mainly includes: adapters and interface components, device controllers, and device hardware
21. The registers visible to the user in the processor include data registers, address registers, and condition code registers
22. The registers visible to the user in the processor are usually available to the user program, including: data registers, address registers, and condition code registers. The invisible registers are mostly used for control processing operations, such as program counters, instruction registers, and program status words.
23. Semaphore four operations: 1. Initialize 2. Wait for signal (P operation) 3. Give signal (V operation) 4. Cleanup operation
24. The viewpoints of studying operating systems include:
    1. Software viewpoint
    2. Resource management viewpoint
    3. Process viewpoint
    4. Virtual machine viewpoint
    5. Service provider viewpoint

Process and thread

1. The concurrent execution of the program has a mutual restriction during the execution, the program and the calculation are no longer in one-to-one correspondence, and the results of the concurrent program execution are no longer observable
2. The instructions for the program counter and instruction register operations are all privileged instructions and can only be run in the kernel mode. For PSW program status word register operation instructions, some are privileged instructions, and some are non-privileged instructions. For example, setting the shift direction flag bit (DF bit) is a non-privileged instruction.
3. Process behavior can be summarized as computationally intensive and I/O intensive
4. The events that cause the process to be blocked are: 1. Request system service 2. Start some operation 3. New data has not arrived 4. No new work to do
5. The event that caused the creation process: 1. User login 2. System initialization 3. User system call 4. Initialize batch job
6. The possible reasons for the process to transition from the running state to the ready state are: process creation is completed, time slice is used up, and the processor is preempted by the scheduler
7. The process control block includes the process identifier, the current state of the process, the corresponding program and data address of the process, the program priority, the CPU field protection area, the process synchronization and communication mechanism, the link word of the queue PCB where the process is located, and other information related to the process ( Such as code segment pointer)
8. The content of the process control block (PCB) can be divided into two categories: scheduling information and field information. Scheduling information includes process name, process number, storage information, priority, current status, resource list, "family" relationship, message queue pointer, process Queue pointer and currently open file, etc.; on-site information includes: program status word, clock, boundary address register. PCB is resident in memory, no brother process information is recorded, and the process is created and placed at the end of the ready queue.
9. Program status word (PSW), it contains status flags: the result is zero flag (ZF), symbol flag (SF), virtual interrupt flag (VIF)
10. When using the process blocking primitive to block the process, first interrupt the CPU execution, save the current state of the CPU in the PCB site information, set the current state of the process to the waiting state, and insert it into the waiting queue for the event
11. Resolve the mutual exclusion of the process: the parties to the competition will negotiate on an equal footing and set up a process manager
12. Thread record table records: thread ID, instruction address register, processor register, hardware device register, stack field status and other small amount of thread private information.
13. There are three ways to implement the thread mechanism: user thread, kernel thread, and mixed thread
14. The entry area that enters the critical area performs P primitive operations on the semaphore, and the exit area that leaves the critical area performs V primitive operations on the semaphore
15. pthread_yield() releases the CPU to run another process
    pthread_join() waits for a specific thread to exit
    pthread_mutex_init() creates a mutex
    suspend() the process transitions from a blocked state to a suspended state

Storage, files, etc.

1. Belady phenomenon: In the paged virtual memory management, the replacement algorithm when a page fault occurs when the FIFO algorithm is used, if a process is not allocated all the pages it requires, sometimes the number of allocated pages increases but the page fault rate increases instead. Anomaly
2. Can improve the performance of the file system: block cache, disk drive scheduling, directory entry decomposition method
3. File control block (FCB) includes: 1. File logo and control information File size, file creation time, file owner, file access authority 2. File logical structure information 3. File physical structure information 4. File usage information 5. File management Information, generally including file name, file number, user name, file address, file length, file type, file attribute, share count, file creation date, file physical benefit
4. I/O interrupt is generated after data transmission, equipment error, keyboard input
5. The file control block (FCB) includes:. File logo and control information 2. File logical structure information 3. File physical structure information 4. File usage information 5. File management information
6. File storage space allocation management methods include: free block table, free block linked list, bitmap, group link method
7. The address translation in the page storage management scheme is done by hardware
8. In virtual page storage management, the data structures involved in address conversion are free area table, page table and bitmap
9. FAT is supported by Windows and uses a physical file allocation table with a link structure. FAT12, FAT16, and FAT32 are all Fat file systems, using 12-bit, 16-bit, and 32-bit to represent cluster numbers, respectively. The FAT16 directory entry only reserves 8 bytes of space for the file name.
10. Realization of DMA control mode requires DMA controller, address bus and data bus
11. In order to ensure the correct use of computer critical resources, before the process uses the critical resources, it must first call the entry area code, then execute the critical area code, and finally execute the exit area code
12. The main tasks of equipment management include buffer management, equipment allocation, and equipment processing
13. The tables used for equipment allocation are: System Equipment Table (SDT), Equipment Control Table (DCT), Controller Control Table (COCT), Channel Control Table (CHCT)
14. Storage process of external storage device: read status, data, address, and control
15. There are three ways to pass parameters in system calls: pass through registers, pass through the stack, and pass through instructions.
16. To create a file, you need to provide the file name, user name, file number, storage method, storage device type, record format, record length, etc. of the created file, and the file descriptor is returned after the creation is successful
17. According to the physical structure of the file, the file is divided into sequential files, link files, and index files
18. The logical structure of the file has a stream structure and a record structure
19. Channel functions:
    (1) Accept CPU instructions and communicate with specified peripheral devices according to instruction requirements;
    (2) Read instructions belonging to the channel from the memory, execute the channel program, and send various commands to the device controller and device
    ( 3) Organize data transfer between peripheral devices and memory, and provide data buffer space as needed, as well as the address where data is stored in memory and the amount of data transferred
    (4) Obtain device status information from peripheral devices, form and save the channel itself The status information is sent to the designated unit of the memory according to the requirements for the CPU to use
    (5) The interrupt request of the peripheral device and the interrupt request of the channel itself are reported to the CPU in order and timely

Calculation

1. In the page-based storage management scheme, if the address length is represented by a bytes and the address part of the page occupies b binary bits, how many pages are allowed in the maximum process?
   Number of pages = 2^(a*8-b)
2. In the page storage management system, the page size is a KB, the physical memory is b MB, and the process address space is c GB. Only the first-level page table is considered. What is the page table length?
   Page table length = 2^|log2c-log2a|
3. A certain file system changed the UNIX three-level index structure to a four-level index structure. Assuming that the size of the physical block is a KB, a physical block is represented by 8 bytes. The main index table contains 16 physical block address pointers, 12 of which point directly to the disk block number, the 13th points to the primary index table, the 14th points to the secondary index table, the 15th points to the tertiary index table, and the 16th Point to the four-level index table. How many physical blocks does the largest section of a file have?
   12+a 1024/8 + a 1024/8^2 +...
4. In UNIX system, if the permission of File3 is xyz, it means "
   main" (a = 1 can be read; b = 1 can be written; c = 1 can be executed) x = a times 4 + b times 2 + c times 1 in the
   same group User y = a times 4 + b times 2 + c times 1
   Other users z = a times 4 + b times 2 + c times 1
5. Adopt "directory item decomposition method" to speed up file directory retrieval speed. Assuming that the catalog file is stored on a disk, each disk block is a byte. The file control block has b bytes, of which the file name occupies 8 bytes. After the file control block is decomposed, the first part occupies 10 bytes, and the second part occupies 26 bytes. Assuming that a directory file has c file control blocks in total, using the directory entry decomposition method, what is the average number of accesses to a certain file control block of the directory file?
   Average number of visits = (1+ c/a/b )/2
6. The bitmap manages the free disk fast time. When the file returns the disk block with block number a, which position should be zeroed? (Column b)
   A/b row a% b column
7. A page-based storage management system uses a first-level page table. If the memory access time is a second and the block table hit rate is b%, what is the effective access time?
   (1-b)*a+a
8. Suppose a file consists of 100 logical records, and each logical length is a character. The disk space is divided into several blocks, the block size is b characters. What is the disk space utilization when the group operation is not used?
   Disk space utilization: a/b
9. Suppose a file is composed of 100 logical records, and each logical length is a character. The disk space is divided into several blocks, the block size is b characters. If a group operation is used, and the block factor is c, what is the disk space utilization?
   Disk space utilization: a*c/b

network engineering

Various networks and systems

1. The core technology of Ethernet is the random contention media access control method, that is, the carrier sense multiple access (CSMA/CD) method with collision detection. Its core technology originated from the ALOHA network (wireless packet switching network).
2. The main characteristics of the bus-type local area network: (1) All nodes are connected to the bus of the common medium through the network card
   . (2) The bus usually uses twisted pair or coaxial cable as the transmission medium. (3) All nodes can send or receive data, but only one node is allowed to send data through the bus in a period of time. When a node sends data in a "broadcast" way through the bus, other nodes can only receive the data in a "listening" way. (4) Since the bus is shared by multiple nodes as a common transmission medium, conflicts will occur. The point-to-point channel is used to transmit data between the ring topology nodes through the network card.
3. Ad hoc network is a "peer-to-peer structure" mobile communication mode that does not require base stations. Its characteristic is "multi-hop, centerless, self-organizing wireless network", also known as multi-hop network, no infrastructure network or self-organizing network
4. Infrared wireless LAN data transmission technology: directional beam infrared transmission, omnidirectional infrared transmission, diffuse reflection infrared transmission
5. Both ADSL and HFC data transmission require a modem
6. The Ethernet frame format includes: preamble (7 bytes), frame delimiter (1 byte), destination MAC byte (6 bytes), source MAC address (6 bytes), type, length (2 words) Section), data (46~1500 bytes), frame check sequence (4 bytes)
7. P2P uses distributed structured topologies including Pastry, Tapestry, chord, CAN, Napster
8. Hybrid P2P network includes node types including: user node, search node, index node
9. VLAN (Virtual LAN, virtual local area network) can be divided into: (1) Defined by switch port
   (2) Defined by MAC address
   (3) Defined by network layer address
   (4) Virtual LAN based on broadcast group
10. WLAN wireless local area network
    WSN wireless sensor network
    PAN personal local area network
    WAN wireless ad hoc network, using a "peer-to-peer structure" mobile communication network that does not require a base station. At present, this technology is widely used in the military field.
    A special form of WMN mobile Ad Hoc network
11. BitTorrent is an open source system authorized by MIT. The more people download, the faster the download speed, and the data exchange is entirely done by users through P2P.
12. Unix operating system products: AIX, Solaris, HP-UX
13. Windows operating system products: Vista
14. System Maze BitTorrent pp Little Treasure Box
    Topological structure mixed P2P pure P2P mixed P2P mixed P2P
    directory browse for presence or absence
    Search engine is strong or weak Weak
    point point mechanism whether or not
    Seed mechanism with or without
    multiple download

Agreements and standards

1. 1000 BASE-CX supports standard unshielded twisted pair, twisted length of up to 25m
   1000 BASE-T standard Category 5 unshielded twisted pair, twisted length of up to 100m
   1000 BASE-SX standard 850nm wavelength multimode Optical fiber, optical fiber length up to 300-500m
   1000BASE-LX corresponds to the 802.3z standard. The optical fibers used in the 1000 BASE-LX standard mainly include: 62.5nm multimode optical fiber, 50nm multimode optical fiber, and 9nm single mode optical fiber. Among them, the maximum transmission distance of multimode fiber is 550m, and the single-mode fiber with a wavelength of 1300nm is used, and the fiber length can reach 3000m. Adopt 8B/10B encoding method.
2. The Ethernet physical address is expressed in hexadecimal and has a total of six bytes (48 bits). Among them, the three bytes are the codes (higher 24 bits) assigned to different manufacturers by the IEEE's registration management agency RA, also called "the unique identifier of the organization", and the last three bytes (lower 24 bits) are composed of The adapter interface assigned by each manufacturer to the production is called an extended identifier (unique bit). One address block can generate 2 different addresses.
   The Ethernet frame preamble and pre-frame delimiter are 8 bytes, the frame check field uses a 32-bit CRC check, and the maximum length of the data field is 1500B. The minimum frame length is 64B, and the maximum length is 1518B
   . The preamble in the IEEE 802.3 frame structure is composed of 7 bytes, and it and the pre-frame delimiter are not included in the frame header length. The destination address and source address respectively represent the hardware address of the receiving node and the sending node of the frame. The longest length of the data field is 1500B, the minimum length is 4B, and the frame check bit adopts a 32-bit CRC check.
   In the IEEE 802.11 standard, the layer that implements the Virtual Carrier Sense is the MAC layer, and the frame control field is 2B. Wireless Local Area Network (WLAN) Media Access Control Protocol and Physical Layer Technical Specification
   IEEE 802.12: Demand Priority Media Access Control Protocol
   IEEE 802.15: Wireless Personal Network Technical Specification Using Bluetooth Technology
   IEEE 802.16: Broadband Wireless Connection Working Group, developed 2~66GHz The wireless access system air interface
   IEEE 802.11a uses a frequency band of 5GHZ,
   IEEE 802.11b uses a frequency band of 2.4GHZ, a maximum transmission rate of 11Mbps
   IEEE 802.11g uses a frequency band of 2.4GHZ, and a maximum transmission rate of 54Mbps
   IEEE 802.11n uses a frequency band of 5GHZ, the maximum transport rate is 100Mbps, and the media dedicated interface MII is adopted
   IEEE 802.3ae is the 10 Gigabit Ethernet standard
   IEEE 802.3ba is the 40/100 Gigabit Ethernet standard
   IEEE 802.3u Maximum transport rate is 100Mbps, is the Fast Ethernet standard
   IEEE 802.3z is the Gigabit Ethernet standard, Gigabit Ethernet
3. NETBIOS is developed by IDM Company and is mainly used in small local area networks with dozens of computers. In the Microsoft Windows series, operating systems before Window 2000 use the NetBIOS protocol by default. The protocol name can have up to 15 characters, up to 255 communication channels can be established, and 4 types of SMB can be used. The system can use various modes such as WINS service, broadcast and Lmhost file to resolve NetBIOS name into corresponding IP address through port 139, so as to realize information communication.
4. MIME (Multipurpose Internet Mail Extension Type) is an extension of RFC822.
   SIMPLE is an extension of SIP. It is specified by the SIMPLE working group of IETE and works at the application layer.
   SIP is an application layer signaling control protocol. It is used to create, modify and release one or more participants' sessions. It supports functions such as proxy, redirection and registration and positioning of users, and supports user movement. SIP protocol can be transmitted on TCP and UDP protocol.
   SMTP specifies the command between the sending program and the receiving program. It adopts the client/server mode. The response message starts with a 3-digit decimal number. The
   XMPP protocol is specified by IETF. It is based on the Jabber protocol framework and has a unified addressing scheme. The protocol cluster is based on XML. , Composed of four RFC documents, XMPP protocol extension ability is better than SIMPLE protocol
   NFS (Network File System) adopts client/server structure, no need to talk about copied files to local hard disk
   X.509 designated by CCITT
   Kerberos developed by MIT
   Microsoft MSN adopts MSNP protocol
   AOL adopts OSCAR protocol
   IM system standard proposed by IMPP group, approved by IETE as a formal RFC document
   Jive Messenger adopts XMPP protocol cluster
5. The Common Management Information Protocol (CMIP) is mainly designed for the transmission environment of the OSI model. In the network management work, CMIP works through incident reports. Operation and event reports are implemented through the Remote Operation Protocol (ROP) protocol. The establishment, release, and cancellation of management connections are achieved through the Association Control Protocol (ACP)
6. ARPA created and funded ARPANET
7. NetBIOS is developed by Microsoft. It works between the network layer driver interface and the transport layer driver interface. It supports 254 concurrent communication channels. The name service can use the UDP protocol.

other

1. The browser is mainly composed of control unit, client unit and interpretation unit
2. Features of IP service: unreliable, connectionless-oriented, delivery with best effort
3. The XMPP entity address is called JID (Jabber ID) and consists of three parts: domain identifier, node identifier, and resource identifier.
4. VoIP, commonly known as IP telephony, is an advanced communication method that uses IP networks to realize voice communication, and is based on the voice transmission technology of IP networks. The IP telephone system has 4 basic components: terminal equipment, gateway, multipoint control unit and gatekeeper terminal equipment is an H.233 device. As long as the gatekeeper is responsible for user registration and management, the function of the multipoint control unit MCU is to use the IP network to achieve multipoint communication.
5. The NFS server is configured in /etc/exports, which is also the access control list for shared resources
6. Double connection needs to be established between FTP client and server, namely control connection and data connection
7. There are generally two solutions for servers to respond to requests from multiple users: duplicate server solutions and concurrent server solutions
8. For domain name resolution, the client requesting domain name resolution can set the domain name server to the IP address of the root node of the domain name server tree, the IP address of the local domain name server, or the IP address of the parent node of the local domain name server
9. The text messages of mainstream IM software such as MSN Messenger, ICQ, AIM, YaHoo Messengerd, etc. mostly use the client/server model, while the file transfer and other large data services use the user/user model
10. Two methods of domain name resolution: recursive resolution (one-time completion), repeated resolution
11. RIP uses the vector-distance algorithm. In order to solve the problem of slow convergence, the RIP protocol uses strategies such as limiting the maximum "distance" of the path, dividing the horizontal line, poisoning reversal, and triggering refresh. OSPF uses the link-state algorithm.
12. POP3 mail delivery can be divided into three stages: authentication stage, transaction processing stage, update stage
13. Hop-by-hop option header: extended header processed by the intermediate router. There are currently two options: jumbo payload option and router warning option.
    Destination option header: used to specify datagram forwarding parameters for intermediate nodes or destination nodes.
    Routing header: It is used to point out that the datagram needs to pass through one or more intermediate routers in the process from the source node to the destination node.
    Authentication header: It is used to carry the parameters required for authentication between the communicating parties.
14. 1 kbps = 103 bps
    1 Mbps = 106 bps
    1Gbps = 109 bps
    1Tbps = 1012bps
15. The virtual circuit switching mode has the following characteristics:
    1. Before each packet is transmitted, a logical connection is established between the source node and the destination node.
    2. All packets in a communication are transmitted sequentially through virtual circuits, and the packets do not need to carry information such as destination address and source address.
    3. When the packet passes through each node on the virtual circuit, only error detection is required.
    4. Each node in the communication subnet can establish multiple virtual circuit connections with any node.
16. In the resource record of the domain name server,
    MX: yo general exchange
    A: host address
    CNAME: alias
    PTR: pointer
17. USER username Send user name
    to server PASS password Send password to server
    PASV Request to use passive mode to establish data connection
    passive Enter passive transmission mode
    LIST filelist Request server to return directories and files in the current remote directory
    PWD Display the current working directory of the remote host
    CDUP Enter remote The parent directory of the host directory
    SOA authorization start
    STAT query the total number and length
    of mail DELE mark the mail you want to delete
    LIST list the length
    of the message RSET abort the current mail processing
    NOOP no operation
    binary server uses binary file transfer mode
    ftp into the ftp session state
18. FHSS Frequency Hopping Spread Spectum
    DSSS Direct Sequence Spread Spectrum uses the 2.4GHz ISM frequency band, and the data transmission rate is 1Mbps or 2Mbps.
    PCF Point Coordition Function
    DCF Distributed Coordition Function
    VCS Virtual Carrier Sense

Calculation

If the data transmission rate is aMbps, what is the need to send bM bytes of data?
Transmission time: b 8/a
If the header length of an IP datagram is a, then the value of the packet length field is the
value; a/32
if the header length field of an IP datagram is a, then the data header Length is
value; a 32b/8