CISCO CyberOps lab – Windows Task Manager; cybersecurity training

Objectives

In this lab, you will explore Task Manager and manage processes from within Task Manager.

Part 1: Working in the Processes tab

Part 2: Working in the Services tab

Part 3: Working in the Performance tab

Background / Scenario

The Task Manager is a system monitor program that provides information about the processes and programs running on a computer. It also allows the termination of processes and programs and modification of process priority.

Required Resources

  • A Windows PC with internet access

Instructions

Part 1: Working in the Processes tab

  1. Open a command prompt and a web browser.

Microsoft Edge is used in this lab; however, any web browser will work. Just substitute your browser name whenever you see Microsoft Edge.

  1. Right-click the Task bar to open Task Manager. Another way to open the Task Manager is to press Ctrl-Alt-Delete to access the Windows Security screen and select Task Manager.
  2. Click More details to see all the processes that are listed in the Processes tab.
  3. Expand the Windows Command Processor heading.

Question:

What is listed under this heading?

 

Command Prompt

  1. There are three categories of processes listed in the Processes tab: Apps, Background processes, and Windows processes.
  • The Apps are the applications that you have opened, such as Microsoft Edge, Task Manager, and Windows Command Processor, as shown in the figure above. Other applications that are opened by the users, such as web browsers and email clients, will also be listed here.
  • The Background processes are executed in the background by applications that are currently open.
  • The Windows processes are not shown in the figure. Scroll down to view them on your Windows PC. Windows processes are Microsoft Windows services that run in the background.

Some of the background processes or Windows processes may be associated with foreground processes. For example, if you open a command prompt window, the Console Window Host process will be started in the Windows process section, as shown below.

  1. Right-click Console Window Host and select Properties.

Question:

What is the location of this filename and location of this process?

 

The associated filename is conhost.exe and it is located in the C:\Windows\System32 folder.

  1. Close the command prompt window.

Question:

What happens to Windows Command Processor and Console Window Host when the command prompt window is closed?

 

The associated processes have ended and are no longer listed in the Task Manager.

  1. Click the Memory heading. Click the Memory heading a second time.

Question:

What effect does this have on the columns?

 

Clicking the Memory heading causes the processes to be sorted by the amount of memory each process is using. Each time you click the Memory heading, it reverses the order (largest to smallest, then smallest to largest).

  1. Right-click on the Memory heading, and then select Resource values > Memory > Percents.

Questions:

What affect does this have on the Memory column?

 

The column now displays memory usage in percentage values.

How could this be useful?

 

Displaying processes in this way can assist an administrator in determining what services may be causing memory issues by showing how much available memory is being used by each service.

  1. In the Task Manager, click the Name heading
  2. Double-click the Microsoft Edge.

Question:

What happens?

 

A new web browser window becomes activated and the Task Manager is minimized.

  1. Return to the Task Manager and right-click Microsoft Edge. Select End task.

Question:

What happens to the web browser windows?

 

All Microsoft Edge windows are closed.

Part 2: Working in the Services tab

In the Task Manager window, click the Services tab. Use the scroll bar on the right side of the Services window to view all the services listed.

Question:

What statuses are listed?

 

Stopped and Running.

Part 3: Working in the Performance tab

  1. In the Task Manager window, click the Performance

Questions:

How many threads are running?

 

Answers may vary. The example displays 1271.

How many processes are running?

 

Answers may vary. The example displays 104.

  1. Click the Memory in the left panel of the Performance

Question:

What is the total physical memory (MB)?

 

Answers may vary. The example shows 4GB (above memory chart on right).

What is the available physical memory (MB)?

 

Answers may vary. The example displays 2.5 GB.

How much physical memory (MB) is being used by the computer?

 

Answers may vary. The example displays 1.4 GB.

  1. Click the Ethernet Chart in the left panel of the Performance

Questions:

What is the link speed?

 

Answers may vary. The example shows that it is a Ethernet Connection.

What is the IPv4 address of the PC?

 

Answers may vary. The example shows 192.168.1.15.

  1. Click Open Resource Monitor to open the Resource Monitor utility from the Performance tab in Task Manager.

Reflection Question

Why is it important for an administrator to understand how to work within the Task Manager?

 

Answers may vary. The Task Manager can be a valuable tool for an administrator when troubleshooting problems with a Windows PC. It provides information about CPU, memory, disk, and network usage. It also provides a way to end tasks or cancel processes.



This website uses cookies and asks your personal data to enhance your browsing experience. We are committed to protecting your privacy and ensuring your data is handled in compliance with the General Data Protection Regulation (GDPR).