nerdexam
GIAC

GCFA · Question #169

GCFA Question #169: Real Exam Question with Answer & Explanation

The correct answer is D. Kernel32.dll. Kernel32.dll is a foundational Windows DLL that exposes core system APIs for memory management, I/O, and process control to user-mode applications.

Question

which of the following Windows XP system files handles memory management, I/O operations, and interrupts?

Options

  • ANtoskrnl.exe
  • BWin32k.sys
  • CAdvapi32.dll
  • DKernel32.dll

Explanation

Kernel32.dll is a foundational Windows DLL that exposes core system APIs for memory management, I/O, and process control to user-mode applications.

Common mistakes.

  • A. Ntoskrnl.exe is the Windows NT kernel executable that operates in kernel mode and performs actual hardware-level operations, but it is not the user-accessible system file described in the context of this question.
  • B. Win32k.sys is a kernel-mode driver responsible for the Windows graphical subsystem including window management and GDI rendering, not memory management or interrupt handling.
  • C. Advapi32.dll is the Advanced API library handling security functions, registry access, and cryptographic services - not memory management or I/O operations.

Concept tested. Windows XP core system file responsibilities

Reference. https://learn.microsoft.com/en-us/windows/win32/apiindex/windows-apisets

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GCFA Practice