1.What is Windows patch management?

Windows patch management is the process of managing patches for Windows, from
scanning for and detecting missing patches to downloading and deploying them. Using
a patch management solution, the entire Windows patch management process can be
automated, so you don't need to go around to every computer and manually check
whether all missing patches were identified and applied.

2.Benefits of Windows patch management.

Patch Manager Plus' Windows patch management features help you:

Save time and money. With the APD feature, the whole patching process is
automated, from scanning for and deploying patches, to generating patch status
reports.
Significantly increase your network's security. Many cyberattacks leverage
known vulnerabilities to steal data and cause disruptions. Patch known
vulnerabilities to secure your network.
Deploy the most up-to-date patches. Keep your Windows machines running with the
latest Windows patches, so you have access to new features and bug fixes.

Some of the benefits of patch management are:

Security: Security is the most obvious benefit offered by patch management, as

software vendors most often release patches to fix security vulnerabilities which
are being exploited by malicious software or people intending to damage the IT
systems or network. Applying these security patches at the right time will greatly
reduce security breaches of various kinds.
Productivity: Another major benefit of patch management is increased
productivity. Often patches come with performance improvements for the products
they apply to or fix crashes. Helping employees (their systems to be more precise)
get rid of these issues will lead to a productivity boost. Which, in turn, means
reduced downtime.
In Possession of the Latest: The world of technology is moving at a fast pace.
And having an automated patch management software in place will help your
organization keep up with the latest advancements in the technology without you
having to do much about it. Because software patches usually contain new features
or functionality and extend support to additional platforms.

3.some tools
Solarwinds Patch Manager
ManageEngine Patch Manager Plus
GFI LanGuard
Pulseway WSUS
Kaseya
NinjaRMM
Cloud Management Suite
SysAid
Itarian
AutoMox

4.Security Patch – Publicly released update to fix a known bug/issue

Security patches are the primary method of fixing security vulnerabilities in
software.

Hotfix – update to fix a very specific issue, not always publicly released
A hotfix is a single, cumulative package that includes one or more files that are
used to address a problem in a software product (i.e. a software bug). Typically,
hotfixes are made to address a specific customer situation and may not be
distributed outside the customer organization.

Service Pack – Large Update that fixes many outstanding issues, normally includes
all Patches, Hotfixes, Maintenance releases that predate the service pack.
A service pack (in short SP) is a collection of updates, fixes and/or enhancements
to a software program delivered in the form of a single installable package.

Update rollup

Definition: A tested, cumulative set of hotfixes, security updates, critical

updates, and updates that are packaged together for easy deployment. A rollup
generally targets a specific area, such as security, or a component of a product,
such as Internet Information Services (IIS).

5.Patch Tuesday occurs on the second, and sometimes fourth, Tuesday of each month
in North America. As far as the integrated Windows Update (WU) function is
concerned, Patch Tuesday begins at 18:00 or 17:00 UTC (10:00 PST (UTC−8)
Actually, Windows Update checks for updates randomly, every 17 to 22 hours.

6.unistall update 1.wusa /uninstall /kb:2982791(exp)

2.Update & Security -> Windows update -> View Update History -> Uninstall updates.

7. recent virus attack -wannacry ransomware -an application that encrypts and
decrypts data - to prevent Security update MS17-010

8.What is port scanning?

Port scanning is process of sending messages in order to gather information about

network, system etc. by analysing the response received.

9. What is compliance?

Abiding by a set of standards set by a government/Independent party/organisation.

E.g. An industry which stores, processes or transmits Payment related information
needs to be complied with PCI DSS (Payment card Industry Data Security Standard).
Other compliance examples can be an organisation complying with its own policies.

Applied VMware technologies such as Capacity planner, VMware DRS, HA, Virtual
Centre and V-motion to help maintain an optimal performing virtual environment.

11.The most common causes for a PSOD are:

1. Hardware failures, mostly RAM or CPU related. They normally throw out a “MCE” or
“NMI” error.
2. Software bugs
3. Misbehaving drivers; bugs in drivers that try to access some incorrect index or
non-existing method

12.NTFS vs Share Permissions

1.Share permissions are easy to apply and manage, but NTFS permissions enable
more granular control of a shared folder and its contents.
2.When share and NTFS permissions are used simultaneously, the most restrictive
permission always wins. For example, when the shared folder permission is set to
“Everyone Read Allow” and the NTFS permission is set to “Everyone Modify Allow”,
the share permission applies because it is most restrictive; the user is not
allowed to change the files on the shared drive.
3.Share permissions can be used when sharing folders in FAT and FAT32 file
systems; NTFS permissions can’t.
4.TFS permissions apply to users who are logged on to the server locally; share
permissions don’t.
5.Unlike NTFS permissions, share permissions allow you to restrict the number
of concurrent connections to a shared folder.

13.Memory Dump
A memory dump is a process in which the contents of memory are displayed and stored
in case of an application or system crash. Memory dump helps software developers
and system administrators to diagnose, identify and resolve the problem that led to
application or system failure.

Small Memory Dump (256 KB)

This type of file contains the least information. It will show just the BSOD error
message, information about the drivers, processes that were active at the time of
crash, and will tell you which process or kernel thread crashed
It will contain information regarding the drivers and programs in the kernel mode.
Kernel Memory Dump
As Microsoft says, “This dump file will not include unallocated memory, or any
memory
Complete Memory Dump

This type of dump file is large and needs memory equal to that of the RAM on your
system in addition to the 1MB memory required by Windows for creating this file

14 .Troubleshooting BSODs
check in safe mode
Use System Restore
scan for malware
install updated driver
Check for Hardware Problems
reistall os