OS Services MCQ practice test 2026. System calls quiz with answers. POSIX API MCQ. Win32 API quiz. IPC message passing shared memory MCQ. mmap sendfile zero-copy quiz. ptrace strace MCQ. ALPC Windows quiz. ETW Event Tracing MCQ. Loadable Kernel Modules quiz. io_uring AIO MCQ. chroot namespaces quiz. Signal handling SIGKILL SIGINT MCQ. GATE OS services questions.
OS Services MCQ 60 Practice Tests With Answers (2026)
PerfectNotesUpdated: March 2026~15 min practice 60 Questions Β· 3 Levels 60 Questions Β· 3 Levels
OS Services form the critical bridge between user applications and raw hardware β every file open, process fork, and network connection goes through this interface. These 60 carefully structured OS Services MCQs take you from core service categories and user interfaces through the API abstraction layers that applications actually use.
Questions are organised into three progressive levels: Basics (Q1β20: service categories, CLI/GUI/Batch UIs, and IPC fundamentals), Concepts (Q21β40: POSIX vs Win32 vs Java APIs, parameter passing, system call stubs, and protection domains), and Advanced (Q41β60: ptrace, mmap, sendfile, ALPC, ETW, io_uring, LKMs, and chroot namespaces). Each question includes an in-depth explanation that goes beyond the answer.
Use Study Mode to build conceptual understanding as you go, or use Exam Mode to simulate GATE, university, or technical interview conditions with timed testing and real-time scoring.
Contents
- 1.Basics (20 Questions)OS service categories Β· CLI/GUI/Batch UIs Β· system call definitions Β· IPC basics
- 2.Concepts (20 Questions)POSIX/Win32/Java APIs Β· parameter passing Β· stubs Β· ECC Β· protection domains
- 3.Advanced (20 Questions)ptrace Β· mmap Β· sendfile Β· ALPC Β· ETW Β· io_uring Β· LKMs Β· chroot
- 4.Conclusionsummary Β· next steps Β· study tips
- 5.Key Takeawaysquick-fire bullet recap of essential facts
- 6.Quick Review Summaryconcept Β· definition Β· key fact table
- 7.FAQcommon questions answered
OS Services β Basics
1Which operating system service is primarily responsible for hiding the complex hardware details of disk drives and providing a logical view of data?
CorrectC: The File-System Manipulation service
The File-System Manipulation service abstracts raw disk sectors into files and directories. It hides disk geometry, block addressing, and hardware-specific commands, presenting a uniform logical interface (open, read, write, mkdir) regardless of the underlying storage hardware.
IncorrectC: The File-System Manipulation service
The File-System Manipulation service abstracts raw disk sectors into files and directories. It hides disk geometry, block addressing, and hardware-specific commands, presenting a uniform logical interface (open, read, write, mkdir) regardless of the underlying storage hardware.
2What is the fundamental purpose of the OS "Program Execution" service?
CorrectB: To load a program into memory, run it, and handle its normal or abnormal termination
The Program Execution service loads the program's binary image into RAM, sets up its process control block, allocates initial stack and heap, and begins execution. It also handles termination β whether graceful (exit code 0) or abnormal (crash, signal) β and reclaims all resources.
IncorrectB: To load a program into memory, run it, and handle its normal or abnormal termination
The Program Execution service loads the program's binary image into RAM, sets up its process control block, allocates initial stack and heap, and begins execution. It also handles termination β whether graceful (exit code 0) or abnormal (crash, signal) β and reclaims all resources.
3In the context of OS services, how is "Protection" distinguished from "Security"?
CorrectA: Protection controls internal access to system resources by concurrent processes, while security defends the entire system from external threats and unauthorized users
Protection is an inward-facing OS mechanism: it ensures that concurrent processes cannot interfere with each other's resources (access control, permission bits, address space isolation). Security is outward-facing: it guards against external threats β unauthorized logins, malware, network attacks β using authentication, encryption, and auditing.
IncorrectA: Protection controls internal access to system resources by concurrent processes, while security defends the entire system from external threats and unauthorized users
Protection is an inward-facing OS mechanism: it ensures that concurrent processes cannot interfere with each other's resources (access control, permission bits, address space isolation). Security is outward-facing: it guards against external threats β unauthorized logins, malware, network attacks β using authentication, encryption, and auditing.
4What is the primary function of the "Accounting" service in an operating system?
CorrectD: To keep track of which users use how much and what kinds of computer resources for billing or performance tuning
The Accounting service logs resource usage per user and per process β CPU time, memory, I/O operations, and storage consumed. In commercial environments this data drives billing; in enterprise environments it supports capacity planning, quota enforcement, and performance bottleneck analysis.
IncorrectD: To keep track of which users use how much and what kinds of computer resources for billing or performance tuning
The Accounting service logs resource usage per user and per process β CPU time, memory, I/O operations, and storage consumed. In commercial environments this data drives billing; in enterprise environments it supports capacity planning, quota enforcement, and performance bottleneck analysis.
5Which operating system service ensures that data is successfully transferred between a user application and a physical peripheral device like a printer or keyboard?
CorrectA: The I/O Operations service
The I/O Operations service manages all data transfer between applications and peripheral devices. It abstracts device differences using device drivers, handles buffering, spooling, and interrupt-driven DMA transfers, and ensures applications can perform I/O without knowing the hardware specifics of each device.
IncorrectA: The I/O Operations service
The I/O Operations service manages all data transfer between applications and peripheral devices. It abstracts device differences using device drivers, handles buffering, spooling, and interrupt-driven DMA transfers, and ensures applications can perform I/O without knowing the hardware specifics of each device.
6How does a Command Line Interface (CLI) fundamentally differ from a Batch Interface?
CorrectC: A CLI allows users to fetch commands directly and interactively, whereas a Batch interface executes a pre-defined series of commands sequentially without user intervention
A CLI provides an interactive read-eval-print loop: the user types a command, the shell executes it, and results appear immediately. A Batch interface accepts a pre-written script of commands at job submission time and runs them non-interactively and sequentially to completion β ideal for payroll, ETL pipelines, and automated overnight jobs.
IncorrectC: A CLI allows users to fetch commands directly and interactively, whereas a Batch interface executes a pre-defined series of commands sequentially without user intervention
A CLI provides an interactive read-eval-print loop: the user types a command, the shell executes it, and results appear immediately. A Batch interface accepts a pre-written script of commands at job submission time and runs them non-interactively and sequentially to completion β ideal for payroll, ETL pipelines, and automated overnight jobs.
7What is the fundamental definition of a "System Call"?
CorrectB: The programmatic interface through which an active process requests a privileged service from the operating system kernel
A system call is the controlled gateway between user space and kernel space. When a process needs a privileged operation β file I/O, process creation, memory allocation β it issues a system call (via a software trap instruction). The CPU transitions to kernel mode, the OS executes the service, then returns control and results to the calling process in user mode.
IncorrectB: The programmatic interface through which an active process requests a privileged service from the operating system kernel
A system call is the controlled gateway between user space and kernel space. When a process needs a privileged operation β file I/O, process creation, memory allocation β it issues a system call (via a software trap instruction). The CPU transitions to kernel mode, the OS executes the service, then returns control and results to the calling process in user mode.
8Which of the following best describes the "Error Detection" service provided by the OS?
CorrectD: Constantly monitoring hardware and software to catch anomalies and take appropriate action to maintain consistent computing
The Error Detection service continuously monitors the system for anomalies at all levels: hardware failures (ECC memory errors, disk read failures), software faults (segmentation faults, divide-by-zero), and network errors (CRC mismatches). Upon detection, the OS takes corrective action β process termination, error logging, or system halt β to maintain stability.
IncorrectD: Constantly monitoring hardware and software to catch anomalies and take appropriate action to maintain consistent computing
The Error Detection service continuously monitors the system for anomalies at all levels: hardware failures (ECC memory errors, disk read failures), software faults (segmentation faults, divide-by-zero), and network errors (CRC mismatches). Upon detection, the OS takes corrective action β process termination, error logging, or system halt β to maintain stability.
9When an operating system provides "Communications" services, what exactly is being communicated?
CorrectC: The exchange of information between two distinct processes executing on the same computer or across a network
The Communications service enables processes to exchange data β either between processes on the same machine (shared memory, pipes, sockets, message queues) or between processes on different machines over a network (TCP/IP sockets, RPC). The OS provides and manages the IPC mechanisms for both models.
IncorrectC: The exchange of information between two distinct processes executing on the same computer or across a network
The Communications service enables processes to exchange data β either between processes on the same machine (shared memory, pipes, sockets, message queues) or between processes on different machines over a network (TCP/IP sockets, RPC). The OS provides and manages the IPC mechanisms for both models.
10What is an Application Programming Interface (API) in the context of OS services?
CorrectA: A set of standardized functions, parameters, and return values available to an application programmer to interact with system services implicitly
An OS API is a defined collection of functions (with specified parameters, return values, and error codes) that application developers call to access system services. APIs such as POSIX, Win32, or Java SE standardize how applications interact with the OS, abstracting away architecture-specific system call mechanics.
IncorrectA: A set of standardized functions, parameters, and return values available to an application programmer to interact with system services implicitly
An OS API is a defined collection of functions (with specified parameters, return values, and error codes) that application developers call to access system services. APIs such as POSIX, Win32, or Java SE standardize how applications interact with the OS, abstracting away architecture-specific system call mechanics.
11Why do software developers overwhelmingly prefer to use APIs (like POSIX or Win32) rather than invoking raw system calls directly?
CorrectB: Because APIs provide greater portability across different systems and are much easier to implement than handling architecture-specific interrupts
Raw system calls require inserting specific integers into CPU registers and triggering architecture-specific trap instructions β a process that varies between x86, ARM, and MIPS. APIs (like POSIX libc wrappers) provide a stable, portable C-language interface. Code written to POSIX compiles and runs on Linux, macOS, and any POSIX-compliant OS without modification.
IncorrectB: Because APIs provide greater portability across different systems and are much easier to implement than handling architecture-specific interrupts
Raw system calls require inserting specific integers into CPU registers and triggering architecture-specific trap instructions β a process that varies between x86, ARM, and MIPS. APIs (like POSIX libc wrappers) provide a stable, portable C-language interface. Code written to POSIX compiles and runs on Linux, macOS, and any POSIX-compliant OS without modification.
12Which of the following represents the "Message Passing" model of inter-process communication (IPC)?
CorrectD: Information is exchanged by reading and writing discrete packets of data through a common mailbox or queue managed by the operating system
In message passing IPC, processes use OS-provided primitives (send/receive) to exchange structured data packets through a kernel-managed channel β a pipe, message queue, socket, or mailbox. No shared memory is required; the OS copies data between process address spaces, ensuring isolation. This model scales cleanly to distributed systems across networks.
IncorrectD: Information is exchanged by reading and writing discrete packets of data through a common mailbox or queue managed by the operating system
In message passing IPC, processes use OS-provided primitives (send/receive) to exchange structured data packets through a kernel-managed channel β a pipe, message queue, socket, or mailbox. No shared memory is required; the OS copies data between process address spaces, ensuring isolation. This model scales cleanly to distributed systems across networks.
13Which of the following represents the "Shared Memory" model of inter-process communication (IPC)?
CorrectA: Two or more processes are granted permission by the OS to read and write to the same section of physical RAM, allowing high-speed data exchange
In shared memory IPC, the OS maps the same physical memory region into the virtual address spaces of cooperating processes. Both processes can then read and write this region using ordinary memory instructions at RAM speed β making it the fastest IPC mechanism. The trade-off is that developers must implement explicit synchronization (mutexes, semaphores) to prevent race conditions.
IncorrectA: Two or more processes are granted permission by the OS to read and write to the same section of physical RAM, allowing high-speed data exchange
In shared memory IPC, the OS maps the same physical memory region into the virtual address spaces of cooperating processes. Both processes can then read and write this region using ordinary memory instructions at RAM speed β making it the fastest IPC mechanism. The trade-off is that developers must implement explicit synchronization (mutexes, semaphores) to prevent race conditions.
14What is the primary role of the POSIX API?
CorrectC: To define a standard set of system call wrappers, ensuring source-code compatibility across various UNIX-like operating systems
POSIX (IEEE 1003) defines a portable interface for OS services β file operations, process management, signal handling, and threading (pthreads). Software written to the POSIX API compiles and runs on any POSIX-compliant OS: Linux, macOS, FreeBSD, Solaris. This eliminates vendor lock-in and enables the "write once, run everywhere" portability that underpins open-source ecosystem growth.
IncorrectC: To define a standard set of system call wrappers, ensuring source-code compatibility across various UNIX-like operating systems
POSIX (IEEE 1003) defines a portable interface for OS services β file operations, process management, signal handling, and threading (pthreads). Software written to the POSIX API compiles and runs on any POSIX-compliant OS: Linux, macOS, FreeBSD, Solaris. This eliminates vendor lock-in and enables the "write once, run everywhere" portability that underpins open-source ecosystem growth.
15Which OS service is responsible for determining how much CPU time, memory, and disk space should be granted to a specific user application?
CorrectB: The Resource Allocation service
The Resource Allocation service manages CPU scheduling, memory management, and I/O bandwidth distribution among competing processes and users. It employs scheduling algorithms (CFS, priority queues), memory allocation strategies, and disk I/O schedulers to ensure fair, efficient, and policy-compliant distribution of finite system resources.
IncorrectB: The Resource Allocation service
The Resource Allocation service manages CPU scheduling, memory management, and I/O bandwidth distribution among competing processes and users. It employs scheduling algorithms (CFS, priority queues), memory allocation strategies, and disk I/O schedulers to ensure fair, efficient, and policy-compliant distribution of finite system resources.
16What is the primary function of a "Daemon" or "Service" process?
CorrectD: A background process spawned by the OS at boot time to continuously provide a specific system service without direct user interaction
Daemons (Unix) or Services (Windows) are long-running background processes that start at boot and run silently. Examples: sshd (handles SSH logins), httpd (serves web pages), crond (executes scheduled tasks), and cupsd (manages print queues). They have no controlling terminal, detach from the user session, and provide continuous infrastructure services.
IncorrectD: A background process spawned by the OS at boot time to continuously provide a specific system service without direct user interaction
Daemons (Unix) or Services (Windows) are long-running background processes that start at boot and run silently. Examples: sshd (handles SSH logins), httpd (serves web pages), crond (executes scheduled tasks), and cupsd (manages print queues). They have no controlling terminal, detach from the user session, and provide continuous infrastructure services.
17If an application needs to read the current date and system time, which category of system call will it invoke?
CorrectC: Information Maintenance
Information Maintenance system calls retrieve or modify OS-maintained metadata: current time (gettimeofday), system hostname (gethostname), process attributes (getpid, getppid), and kernel version (uname). These calls read from kernel data structures that applications cannot access directly, maintaining a clean separation between user space and privileged system state.
IncorrectC: Information Maintenance
Information Maintenance system calls retrieve or modify OS-maintained metadata: current time (gettimeofday), system hostname (gethostname), process attributes (getpid, getppid), and kernel version (uname). These calls read from kernel data structures that applications cannot access directly, maintaining a clean separation between user space and privileged system state.
18Which OS service manages the logical mapping of directories and the creation, deletion, and organization of folders?
CorrectA: The File-System Manipulation service
The File-System Manipulation service handles all directory and file lifecycle operations: mkdir, rmdir, create, delete, rename, and link. It maintains directory entries (mapping names to inodes), path resolution logic, and enforces permission checks on every operation, providing applications a hierarchical namespace over raw storage blocks.
IncorrectA: The File-System Manipulation service
The File-System Manipulation service handles all directory and file lifecycle operations: mkdir, rmdir, create, delete, rename, and link. It maintains directory entries (mapping names to inodes), path resolution logic, and enforces permission checks on every operation, providing applications a hierarchical namespace over raw storage blocks.
19When an application attempts to reserve a block of physical RAM for its variables, which broad category of system services is it utilizing?
CorrectB: Resource Allocation
Memory allocation β whether through brk/sbrk for heap expansion or mmap for anonymous pages β is handled by the Resource Allocation service. The OS's memory manager (virtual memory subsystem) decides which physical frames to grant, updates page tables, and enforces isolation between process address spaces so one process cannot access another's memory.
IncorrectB: Resource Allocation
Memory allocation β whether through brk/sbrk for heap expansion or mmap for anonymous pages β is handled by the Resource Allocation service. The OS's memory manager (virtual memory subsystem) decides which physical frames to grant, updates page tables, and enforces isolation between process address spaces so one process cannot access another's memory.
20What is the defining characteristic of a Graphical User Interface (GUI) provided by an OS?
CorrectD: It allows users to intuitively invoke system services using a desktop metaphor equipped with a mouse, menus, windows, and icons
A GUI (pioneered by Xerox PARC, popularized by Apple and Windows) uses the WIMP metaphor β Windows, Icons, Menus, Pointer β to make OS services accessible without memorizing commands. Every GUI action (double-clicking a file, clicking "Save") ultimately invokes system calls, but the visual abstraction layer makes the OS accessible to non-technical users.
IncorrectD: It allows users to intuitively invoke system services using a desktop metaphor equipped with a mouse, menus, windows, and icons
A GUI (pioneered by Xerox PARC, popularized by Apple and Windows) uses the WIMP metaphor β Windows, Icons, Menus, Pointer β to make OS services accessible without memorizing commands. Every GUI action (double-clicking a file, clicking "Save") ultimately invokes system calls, but the visual abstraction layer makes the OS accessible to non-technical users.
OS Services β Concepts
1When making a system call, what is the most common method an OS uses to pass parameters if there are more parameters than available CPU registers?
CorrectA: The parameters are stored in a block or table in main memory, and the physical address of that block is passed as a pointer in a single register
Three parameter-passing strategies exist: (1) registers (fastest, limited by register count), (2) block/table in memory with address in one register (used by Linux on x86 for >6 args), and (3) the stack. The block method is the most scalable: all parameters are written to a user-space memory block, and a single register holds the block's address β the kernel reads the parameters from there.
IncorrectA: The parameters are stored in a block or table in main memory, and the physical address of that block is passed as a pointer in a single register
Three parameter-passing strategies exist: (1) registers (fastest, limited by register count), (2) block/table in memory with address in one register (used by Linux on x86 for >6 args), and (3) the stack. The block method is the most scalable: all parameters are written to a user-space memory block, and a single register holds the block's address β the kernel reads the parameters from there.
2Which of the following is an example of a "Process Control" system call?
CorrectC: Creating a new child process (e.g., fork()) or replacing the core memory space with a new program (e.g., exec())
Process Control system calls manage process lifecycle: fork() clones the current process, exec() replaces the calling process's memory image with a new program, wait() suspends the parent until a child exits, exit() terminates a process, and kill() sends a signal. These are the fundamental building blocks of every Unix process creation and shell pipeline mechanism.
IncorrectC: Creating a new child process (e.g., fork()) or replacing the core memory space with a new program (e.g., exec())
Process Control system calls manage process lifecycle: fork() clones the current process, exec() replaces the calling process's memory image with a new program, wait() suspends the parent until a child exits, exit() terminates a process, and kill() sends a signal. These are the fundamental building blocks of every Unix process creation and shell pipeline mechanism.
3If a program utilizes the open(), read(), and write() functions in C, which category of system calls is being executed?
CorrectB: File Manipulation
open(), read(), write(), close(), seek(), and stat() are File Manipulation system calls. They operate on file descriptors β abstract handles the kernel returns upon successful open(). While file descriptors can also refer to pipes, sockets, and devices (Unix "everything is a file" philosophy), when used on regular files these are categorically File Manipulation calls.
IncorrectB: File Manipulation
open(), read(), write(), close(), seek(), and stat() are File Manipulation system calls. They operate on file descriptors β abstract handles the kernel returns upon successful open(). While file descriptors can also refer to pipes, sockets, and devices (Unix "everything is a file" philosophy), when used on regular files these are categorically File Manipulation calls.
4In the context of Device Management system calls, what is the primary function of the ioctl() (input/output control) call?
CorrectD: To perform highly specific, device-dependent hardware operations that cannot be handled by standard read/write functions
ioctl() is the "escape hatch" of the device API. Standard read/write semantics cannot express operations like "set baud rate on a serial port," "eject a CD-ROM tray," or "query a network interface's MTU." ioctl() accepts a device-specific command code and optional argument, passing it directly to the device driver which interprets it according to the hardware's capabilities.
IncorrectD: To perform highly specific, device-dependent hardware operations that cannot be handled by standard read/write functions
ioctl() is the "escape hatch" of the device API. Standard read/write semantics cannot express operations like "set baud rate on a serial port," "eject a CD-ROM tray," or "query a network interface's MTU." ioctl() accepts a device-specific command code and optional argument, passing it directly to the device driver which interprets it according to the hardware's capabilities.
5Which of the following functions represents a "Protection" system call?
CorrectA: Changing the file permission bits (e.g., chmod()) to dictate which users can execute a specific script
Protection system calls control access rights to resources: chmod() modifies Unix permission bits (rwx for owner/group/others), chown() changes file ownership, setuid()/setgid() alter process privilege, and umask() sets default permission masks. These calls directly implement the OS's discretionary access control (DAC) model, governing which subjects can perform which operations on which objects.
IncorrectA: Changing the file permission bits (e.g., chmod()) to dictate which users can execute a specific script
Protection system calls control access rights to resources: chmod() modifies Unix permission bits (rwx for owner/group/others), chown() changes file ownership, setuid()/setgid() alter process privilege, and umask() sets default permission masks. These calls directly implement the OS's discretionary access control (DAC) model, governing which subjects can perform which operations on which objects.
6How do System Call Interfaces (SCIs) link the API to the actual OS kernel?
CorrectC: The SCI intercepts the function call from the API, looks up the corresponding system call number, and triggers the necessary software trap
When an application calls, e.g., write(), the libc wrapper (SCI layer) loads the system call number (e.g., NR_write = 1 on Linux x86-64) into the designated register (rax), places arguments in other registers, then executes the syscall instruction. This triggers a software trap, switching the CPU to Ring 0. The kernel's system call dispatcher reads the number and routes to the correct kernel function.
IncorrectC: The SCI intercepts the function call from the API, looks up the corresponding system call number, and triggers the necessary software trap
When an application calls, e.g., write(), the libc wrapper (SCI layer) loads the system call number (e.g., NR_write = 1 on Linux x86-64) into the designated register (rax), places arguments in other registers, then executes the syscall instruction. This triggers a software trap, switching the CPU to Ring 0. The kernel's system call dispatcher reads the number and routes to the correct kernel function.
7In the Windows operating system environment, which API serves as the primary interface for applications to interact with system services?
CorrectB: The Win32 API
The Win32 API (now part of the broader Windows API) is the definitive interface for Windows application development. Functions like CreateProcess(), ReadFile(), CreateMutex(), and VirtualAlloc() are Win32 calls that ultimately invoke Windows NT kernel services via the Windows Native API (ntdll.dll β NT system calls). All Windows GUI and system applications are built atop Win32.
IncorrectB: The Win32 API
The Win32 API (now part of the broader Windows API) is the definitive interface for Windows application development. Functions like CreateProcess(), ReadFile(), CreateMutex(), and VirtualAlloc() are Win32 calls that ultimately invoke Windows NT kernel services via the Windows Native API (ntdll.dll β NT system calls). All Windows GUI and system applications are built atop Win32.
8How does the Java API interact with underlying operating system services?
CorrectD: The Java API is executed by the JVM, which translates standardized requests into the specific, host-native APIs of the underlying OS
Java achieves platform independence through the JVM abstraction layer. A Java application calls java.io.FileOutputStream.write() β one consistent API regardless of OS. The JVM (e.g., HotSpot) translates this into the correct host OS call: write() on Linux, WriteFile() on Windows. The JVM itself is a native binary compiled for each platform, bridging Java's portable bytecode world to OS-specific system calls.
IncorrectD: The Java API is executed by the JVM, which translates standardized requests into the specific, host-native APIs of the underlying OS
Java achieves platform independence through the JVM abstraction layer. A Java application calls java.io.FileOutputStream.write() β one consistent API regardless of OS. The JVM (e.g., HotSpot) translates this into the correct host OS call: write() on Linux, WriteFile() on Windows. The JVM itself is a native binary compiled for each platform, bridging Java's portable bytecode world to OS-specific system calls.
9What is the purpose of tracing utilities like strace (Linux) or dtruss (macOS)?
CorrectA: To intercept, record, and display all the system calls invoked by a running process, allowing developers to debug API interactions
strace uses the ptrace() system call to attach to a target process and intercept each system call entry and exit, printing the call name, parameters, return value, and errno. This is invaluable for debugging applications that fail silently β revealing exactly which file they tried to open, which permissions they lacked, or which network connection they attempted. dtruss on macOS uses DTrace for the same purpose.
IncorrectA: To intercept, record, and display all the system calls invoked by a running process, allowing developers to debug API interactions
strace uses the ptrace() system call to attach to a target process and intercept each system call entry and exit, printing the call name, parameters, return value, and errno. This is invaluable for debugging applications that fail silently β revealing exactly which file they tried to open, which permissions they lacked, or which network connection they attempted. dtruss on macOS uses DTrace for the same purpose.
10At the hardware level, what provides the OS with the foundational ability to offer "Error Detection" services regarding physical memory?
CorrectC: Utilizing Parity bits and Error-Correcting Code (ECC) directly within the RAM modules to detect and correct single-bit flips
ECC RAM adds extra bits (typically using Hamming codes) to each memory word. On every read, the ECC circuit recalculates the check bits and compares them β single-bit errors are silently corrected, and double-bit errors are detected and reported to the OS. The OS can then log the correctable error event, alert administrators, or trigger kernel panic for uncorrectable errors. This is mandatory in servers and mission-critical systems.
IncorrectC: Utilizing Parity bits and Error-Correcting Code (ECC) directly within the RAM modules to detect and correct single-bit flips
ECC RAM adds extra bits (typically using Hamming codes) to each memory word. On every read, the ECC circuit recalculates the check bits and compares them β single-bit errors are silently corrected, and double-bit errors are detected and reported to the OS. The OS can then log the correctable error event, alert administrators, or trigger kernel panic for uncorrectable errors. This is mandatory in servers and mission-critical systems.
11When a user program crashes due to a segmentation fault (accessing illegal memory), how does the OS handle this "Error Detection" event?
CorrectB: The OS traps the fault, forcefully terminates the offending process, reclaims its allocated memory, and generates an error log or core dump
A segmentation fault triggers a hardware protection fault (SIGSEGV on Linux). The MMU detects the illegal access, generates a page-fault or protection exception, and the CPU vectors to the OS fault handler. The OS sends SIGSEGV to the offending process, which terminates it, reclaims all its memory and file descriptors, optionally writes a core dump for post-mortem analysis, and logs the event.
IncorrectB: The OS traps the fault, forcefully terminates the offending process, reclaims its allocated memory, and generates an error log or core dump
A segmentation fault triggers a hardware protection fault (SIGSEGV on Linux). The MMU detects the illegal access, generates a page-fault or protection exception, and the CPU vectors to the OS fault handler. The OS sends SIGSEGV to the offending process, which terminates it, reclaims all its memory and file descriptors, optionally writes a core dump for post-mortem analysis, and logs the event.
12What critical role does the standard C library (libc) play regarding system services in UNIX-like environments?
CorrectD: It provides the essential wrapper functions that load parameters into CPU registers and trigger the software interrupt required for the system call
libc (glibc on Linux) is the bridge between C application code and kernel system calls. When you call printf(), fopen(), or malloc(), libc functions handle buffering and then invoke the underlying system call (write(), open(), brk()/mmap()) by marshaling arguments into the correct registers and executing the syscall instruction. Without libc, developers would need to write raw assembly for every kernel interaction.
IncorrectD: It provides the essential wrapper functions that load parameters into CPU registers and trigger the software interrupt required for the system call
libc (glibc on Linux) is the bridge between C application code and kernel system calls. When you call printf(), fopen(), or malloc(), libc functions handle buffering and then invoke the underlying system call (write(), open(), brk()/mmap()) by marshaling arguments into the correct registers and executing the syscall instruction. Without libc, developers would need to write raw assembly for every kernel interaction.
13What are "Stubs" in the context of Remote Procedure Calls (RPC) facilitating distributed communications?
CorrectA: Proxy code generated on both client and server sides that handles the complex marshaling and unmarshaling of parameters for network functions
RPC stubs eliminate the complexity of distributed communication. A client stub looks like a local function but actually serializes (marshals) parameters into a network message and sends it to the remote server. The server stub receives the message, deserializes (unmarshals) parameters, calls the actual function, then marshals the return value back. IDL compilers (like gRPC protoc) generate stubs automatically.
IncorrectA: Proxy code generated on both client and server sides that handles the complex marshaling and unmarshaling of parameters for network functions
RPC stubs eliminate the complexity of distributed communication. A client stub looks like a local function but actually serializes (marshals) parameters into a network message and sends it to the remote server. The server stub receives the message, deserializes (unmarshals) parameters, calls the actual function, then marshals the return value back. IDL compilers (like gRPC protoc) generate stubs automatically.
14In enterprise environments, how is the OS "Accounting" service practically utilized beyond simple billing?
CorrectC: To generate statistical reports used for performance tuning, capacity planning, and establishing resource quotas
Enterprise OS accounting data (CPU time per process, memory high-water marks, I/O operation counts) feeds capacity planning tools, SLA monitoring dashboards, and chargeback systems. Administrators use it to identify resource hogs, set per-user quotas (ulimits, cgroups), predict when infrastructure upgrades are needed, and prove SLA compliance to customers.
IncorrectC: To generate statistical reports used for performance tuning, capacity planning, and establishing resource quotas
Enterprise OS accounting data (CPU time per process, memory high-water marks, I/O operation counts) feeds capacity planning tools, SLA monitoring dashboards, and chargeback systems. Administrators use it to identify resource hogs, set per-user quotas (ulimits, cgroups), predict when infrastructure upgrades are needed, and prove SLA compliance to customers.
15What is a "Protection Domain" in the context of OS services?
CorrectB: A set of explicit access rights defining precisely which operations a specific process or user is legally permitted to execute on specific objects
A Protection Domain (introduced by Lampson) is a set of (object, rights) pairs β for example, {file_A: read+write, file_B: read, printer: print}. Every process executes within a domain. The OS enforces the Access Matrix by checking the domain's rights before allowing any operation. Processes can switch domains (e.g., via setuid) subject to policy constraints.
IncorrectB: A set of explicit access rights defining precisely which operations a specific process or user is legally permitted to execute on specific objects
A Protection Domain (introduced by Lampson) is a set of (object, rights) pairs β for example, {file_A: read+write, file_B: read, printer: print}. Every process executes within a domain. The OS enforces the Access Matrix by checking the domain's rights before allowing any operation. Processes can switch domains (e.g., via setuid) subject to policy constraints.
16In the Shared Memory model of IPC, what is a significant operational drawback that developers must manually manage?
CorrectD: The developer must explicitly implement synchronization primitives (like mutexes) to prevent race conditions when multiple processes write simultaneously
Shared memory provides no built-in synchronization. If process A and process B both write to the shared region simultaneously without coordination, the result is a race condition β corrupted data with non-deterministic behavior. Developers must layer explicit synchronization: POSIX semaphores, mutexes (via pthread_mutexattr_setpshared), or spinlocks over the shared region to serialize access.
IncorrectD: The developer must explicitly implement synchronization primitives (like mutexes) to prevent race conditions when multiple processes write simultaneously
Shared memory provides no built-in synchronization. If process A and process B both write to the shared region simultaneously without coordination, the result is a race condition β corrupted data with non-deterministic behavior. Developers must layer explicit synchronization: POSIX semaphores, mutexes (via pthread_mutexattr_setpshared), or spinlocks over the shared region to serialize access.
17How does the OS typically identify exactly which system call an application is requesting?
CorrectA: The application passes a specific integer in a designated CPU register, which the kernel uses as an index into the system call vector table
On Linux x86-64, the system call number is loaded into the rax register before the syscall instruction. The kernel's system call dispatcher (in entry.S) uses this number as an index into sys_call_table[] β an array of function pointers to kernel implementations. On Linux, read=0, write=1, open=2, etc. This O(1) dispatch is both fast and secure.
IncorrectA: The application passes a specific integer in a designated CPU register, which the kernel uses as an index into the system call vector table
On Linux x86-64, the system call number is loaded into the rax register before the syscall instruction. The kernel's system call dispatcher (in entry.S) uses this number as an index into sys_call_table[] β an array of function pointers to kernel implementations. On Linux, read=0, write=1, open=2, etc. This O(1) dispatch is both fast and secure.
18Which type of system call allows an application to alter the speed of a serial port or configure a custom display monitor?
CorrectC: A Device Manipulation call
Device Manipulation (Device Management) system calls configure, control, and query physical devices: ioctl() for device-specific commands, read()/write() on device files, request_device()/release_device() equivalents. Setting serial port baud rate (tcsetattr() which wraps ioctl(TCSETS)), configuring monitor resolution (via DRM ioctl), or ejecting media are all Device Manipulation operations.
IncorrectC: A Device Manipulation call
Device Manipulation (Device Management) system calls configure, control, and query physical devices: ioctl() for device-specific commands, read()/write() on device files, request_device()/release_device() equivalents. Setting serial port baud rate (tcsetattr() which wraps ioctl(TCSETS)), configuring monitor resolution (via DRM ioctl), or ejecting media are all Device Manipulation operations.
19When an OS provides a "System Boot" service, what is the role of the Bootstrap Program?
CorrectB: A tiny piece of code stored in ROM that initializes system components and loads the OS kernel into RAM to begin execution
The Bootstrap Program (bootstrap loader) is a minimal program stored in ROM/flash (BIOS/UEFI). On power-on, the CPU executes it from a fixed address. It runs POST (Power-On Self-Test), initializes RAM and essential hardware, locates the boot device, loads the boot loader (GRUB/systemd-boot) into RAM, and transfers control. The boot loader then finds and loads the OS kernel image.
IncorrectB: A tiny piece of code stored in ROM that initializes system components and loads the OS kernel into RAM to begin execution
The Bootstrap Program (bootstrap loader) is a minimal program stored in ROM/flash (BIOS/UEFI). On power-on, the CPU executes it from a fixed address. It runs POST (Power-On Self-Test), initializes RAM and essential hardware, locates the boot device, loads the boot loader (GRUB/systemd-boot) into RAM, and transfers control. The boot loader then finds and loads the OS kernel image.
20Why is the pipe() system call classified as a Communications service rather than a File Manipulation service?
CorrectD: Because a pipe creates a unidirectional data channel specifically for streaming data output from one active process directly into the input of another
pipe() creates a unidirectional FIFO byte stream between processes β a kernel-managed in-memory buffer. Though pipes use file descriptors, their purpose is inter-process data flow (the shell's ls | grep pattern), not file storage. The OS is mediating communication between two running processes, which is definitionally an IPC/Communications service rather than persistent file manipulation.
IncorrectD: Because a pipe creates a unidirectional data channel specifically for streaming data output from one active process directly into the input of another
pipe() creates a unidirectional FIFO byte stream between processes β a kernel-managed in-memory buffer. Though pipes use file descriptors, their purpose is inter-process data flow (the shell's ls | grep pattern), not file storage. The OS is mediating communication between two running processes, which is definitionally an IPC/Communications service rather than persistent file manipulation.
OS Services β Advanced
1During the execution of a system call, what happens to the execution context of the calling User Mode process?
CorrectC: The CPU state (registers, program counter) is meticulously saved to the process's dedicated kernel stack, ensuring the exact state can be restored
On syscall entry, the CPU hardware automatically saves the user-mode instruction pointer (RIP), stack pointer (RSP), CPU flags, and segment registers onto the process's kernel stack. The kernel then saves general-purpose registers (pt_regs struct on Linux). On syscall return, these are restored, and execution resumes in user mode at exactly the instruction following the syscall β as if nothing happened.
IncorrectC: The CPU state (registers, program counter) is meticulously saved to the process's dedicated kernel stack, ensuring the exact state can be restored
On syscall entry, the CPU hardware automatically saves the user-mode instruction pointer (RIP), stack pointer (RSP), CPU flags, and segment registers onto the process's kernel stack. The kernel then saves general-purpose registers (pt_regs struct on Linux). On syscall return, these are restored, and execution resumes in user mode at exactly the instruction following the syscall β as if nothing happened.
2How does a pure Microkernel architecture fundamentally alter the delivery of standard OS services (like file systems)?
CorrectA: It moves traditional kernel services into user-space as isolated server processes; applications use message passing (IPC) to request services
A microkernel (L4, seL4, QNX) keeps only IPC, basic scheduling, and memory mapping in the kernel. File servers, device drivers, and network stacks run as ordinary user-space processes. An application sends an IPC message to the file server process to perform file operations. A bug in the file server crashes only that server β not the kernel β dramatically improving fault isolation, though at the cost of IPC overhead on every service call.
IncorrectA: It moves traditional kernel services into user-space as isolated server processes; applications use message passing (IPC) to request services
A microkernel (L4, seL4, QNX) keeps only IPC, basic scheduling, and memory mapping in the kernel. File servers, device drivers, and network stacks run as ordinary user-space processes. An application sends an IPC message to the file server process to perform file operations. A bug in the file server crashes only that server β not the kernel β dramatically improving fault isolation, though at the cost of IPC overhead on every service call.
3What powerful capability does the ptrace() system call provide in UNIX-like operating systems?
CorrectB: It allows a parent process to observe and intimately control the execution of another process, inspecting its memory and intercepting its system calls
ptrace() is the foundation of all Unix debuggers and strace. A tracer process can attach to any process it owns (or any process if root), causing the tracee to stop on every system call entry/exit. The tracer can then inspect and modify the tracee's registers, memory, and signal delivery. GDB uses ptrace() for breakpoints and single-stepping; seccomp-bpf uses it for syscall sandboxing in Chrome and Docker.
IncorrectB: It allows a parent process to observe and intimately control the execution of another process, inspecting its memory and intercepting its system calls
ptrace() is the foundation of all Unix debuggers and strace. A tracer process can attach to any process it owns (or any process if root), causing the tracee to stop on every system call entry/exit. The tracer can then inspect and modify the tracee's registers, memory, and signal delivery. GDB uses ptrace() for breakpoints and single-stepping; seccomp-bpf uses it for syscall sandboxing in Chrome and Docker.
4What is the architectural difference between a Software Trap (Exception) and a Hardware Interrupt in the context of OS services?
CorrectD: A trap is generated synchronously by the currently executing instruction, whereas an interrupt is generated asynchronously by external hardware devices
A trap (software exception) is synchronous: it is caused by the currently executing instruction β a divide-by-zero, illegal opcode, page fault, or deliberate int/syscall instruction for system calls. A hardware interrupt is asynchronous: it arrives from external hardware (timer, NIC, keyboard) at any point in the instruction stream. Both transfer control to the OS, but traps are precisely tied to a specific instruction while interrupts are not.
IncorrectD: A trap is generated synchronously by the currently executing instruction, whereas an interrupt is generated asynchronously by external hardware devices
A trap (software exception) is synchronous: it is caused by the currently executing instruction β a divide-by-zero, illegal opcode, page fault, or deliberate int/syscall instruction for system calls. A hardware interrupt is asynchronous: it arrives from external hardware (timer, NIC, keyboard) at any point in the instruction stream. Both transfer control to the OS, but traps are precisely tied to a specific instruction while interrupts are not.
5What does the mmap() system call achieve regarding File System and Memory Management services?
CorrectA: It maps the contents of a file directly into the virtual address space of a process, allowing read/write operations using standard memory pointers
mmap() creates a mapping between a file (or anonymous memory) and a region of the process's virtual address space. File-backed mmap() means the kernel page cache backs the mapping β reads cause page faults that load file data into RAM, writes modify the page cache (and eventually the file). This enables zero-copy file I/O, memory-mapped databases (SQLite, LMDB), and the exec() loader which mmap()s ELF segments directly.
IncorrectA: It maps the contents of a file directly into the virtual address space of a process, allowing read/write operations using standard memory pointers
mmap() creates a mapping between a file (or anonymous memory) and a region of the process's virtual address space. File-backed mmap() means the kernel page cache backs the mapping β reads cause page faults that load file data into RAM, writes modify the page cache (and eventually the file). This enables zero-copy file I/O, memory-mapped databases (SQLite, LMDB), and the exec() loader which mmap()s ELF segments directly.
6In the context of Communications services, how do Sockets fundamentally operate?
CorrectC: Sockets act as communication endpoints characterized by an IP address concatenated with a port number, allowing discrete message passing over networks
A socket (Berkeley Sockets API) is an OS abstraction for a bidirectional network communication endpoint. It is identified by a (protocol, IP address, port) triple. socket() creates it, bind() assigns an address, connect()/accept() establishes the connection, and send()/recv() exchange data. The OS manages the TCP/IP stack below the socket API, handling segmentation, retransmission, and flow control transparently.
IncorrectC: Sockets act as communication endpoints characterized by an IP address concatenated with a port number, allowing discrete message passing over networks
A socket (Berkeley Sockets API) is an OS abstraction for a bidirectional network communication endpoint. It is identified by a (protocol, IP address, port) triple. socket() creates it, bind() assigns an address, connect()/accept() establishes the connection, and send()/recv() exchange data. The OS manages the TCP/IP stack below the socket API, handling segmentation, retransmission, and flow control transparently.
7In the Windows operating system architecture, what is the role of Advanced Local Procedure Call (ALPC)?
CorrectB: A highly optimized, high-speed message-passing IPC mechanism used extensively internally by Windows subsystems and services to communicate securely
ALPC (Advanced Local Procedure Call) is the internal IPC backbone of Windows NT, replacing the older LPC. It enables communication between kernel-mode components (like the Win32k.sys subsystem), user-mode subsystem servers (csrss.exe), and services (lsass.exe). ALPC is used by every Win32 API call that crosses subsystem boundaries. It supports both synchronous and asynchronous message passing with very low latency via a shared-memory "section object" optimization for large messages.
IncorrectB: A highly optimized, high-speed message-passing IPC mechanism used extensively internally by Windows subsystems and services to communicate securely
ALPC (Advanced Local Procedure Call) is the internal IPC backbone of Windows NT, replacing the older LPC. It enables communication between kernel-mode components (like the Win32k.sys subsystem), user-mode subsystem servers (csrss.exe), and services (lsass.exe). ALPC is used by every Win32 API call that crosses subsystem boundaries. It supports both synchronous and asynchronous message passing with very low latency via a shared-memory "section object" optimization for large messages.
8How does an OS implement Protection services using an "Access Matrix" model?
CorrectD: By creating a logical grid where rows represent domains, columns represent objects, and the intersecting cells define the exact privileges granted
The Access Matrix (Lampson, 1971) is a conceptual model: rows = protection domains (users/processes), columns = objects (files, devices, processes), cells = allowed rights (read, write, execute, append). In practice it is stored sparsely: as Access Control Lists (ACLs) per object (Unix permission bits, Windows DACL) or Capability Lists per domain. The OS consults the matrix on every access attempt.
IncorrectD: By creating a logical grid where rows represent domains, columns represent objects, and the intersecting cells define the exact privileges granted
The Access Matrix (Lampson, 1971) is a conceptual model: rows = protection domains (users/processes), columns = objects (files, devices, processes), cells = allowed rights (read, write, execute, append). In practice it is stored sparsely: as Access Control Lists (ACLs) per object (Unix permission bits, Windows DACL) or Capability Lists per domain. The OS consults the matrix on every access attempt.
9What is the fundamental difference between System Profiling and System Tracing?
CorrectA: Profiling periodically samples the system to build a statistical summary, while tracing records a highly detailed, chronological log of specific events
Profiling uses statistical sampling β the OS interrupts execution at fixed intervals (e.g., every 1 ms via the timer interrupt) and records the current program counter, building a histogram of where time is spent. Tracing records every occurrence of specific events (system calls, function entries, network packets) with timestamps, providing a complete chronological audit trail. Profiling has minimal overhead; tracing is more detailed but heavier.
IncorrectA: Profiling periodically samples the system to build a statistical summary, while tracing records a highly detailed, chronological log of specific events
Profiling uses statistical sampling β the OS interrupts execution at fixed intervals (e.g., every 1 ms via the timer interrupt) and records the current program counter, building a histogram of where time is spent. Tracing records every occurrence of specific events (system calls, function entries, network packets) with timestamps, providing a complete chronological audit trail. Profiling has minimal overhead; tracing is more detailed but heavier.
10Why might a software developer choose to use ioctl() instead of standard system calls when interacting with a custom hardware device?
CorrectC: Because ioctl() allows the developer to send arbitrary, device-specific command codes that fall outside the standardized semantics of read() or write()
The POSIX read()/write() model assumes a byte-stream or block-oriented device. Custom hardware (FPGAs, video capture cards, proprietary sensors) requires vendor-specific commands not expressible as simple read/write: "arm trigger," "set gain to 42 dB," "flush DMA ring buffer." ioctl() passes an arbitrary command code and an optional data pointer directly to the driver's ioctl handler, which interprets it per the device's datasheet.
IncorrectC: Because ioctl() allows the developer to send arbitrary, device-specific command codes that fall outside the standardized semantics of read() or write()
The POSIX read()/write() model assumes a byte-stream or block-oriented device. Custom hardware (FPGAs, video capture cards, proprietary sensors) requires vendor-specific commands not expressible as simple read/write: "arm trigger," "set gain to 42 dB," "flush DMA ring buffer." ioctl() passes an arbitrary command code and an optional data pointer directly to the driver's ioctl handler, which interprets it per the device's datasheet.
11How do pseudo-file systems like sysfs or procfs in Linux deliver Information Maintenance services?
CorrectB: They dynamically expose internal kernel data structures, process statuses, and hardware device trees as standard text files for user-space reading
procfs (/proc) exposes kernel data as a virtual file system β /proc/self/maps shows the current process's memory mappings, /proc/cpuinfo shows CPU details, /proc/PID/fd shows open file descriptors. sysfs (/sys) exposes the kernel's device and driver model. These are not files on disk; reads trigger kernel functions that generate the content dynamically. This gives userspace tools (ps, top, lsmod) read-only visibility into live kernel state.
IncorrectB: They dynamically expose internal kernel data structures, process statuses, and hardware device trees as standard text files for user-space reading
procfs (/proc) exposes kernel data as a virtual file system β /proc/self/maps shows the current process's memory mappings, /proc/cpuinfo shows CPU details, /proc/PID/fd shows open file descriptors. sysfs (/sys) exposes the kernel's device and driver model. These are not files on disk; reads trigger kernel functions that generate the content dynamically. This gives userspace tools (ps, top, lsmod) read-only visibility into live kernel state.
12What is the primary advantage of utilizing Asynchronous I/O (AIO) system calls over traditional Synchronous I/O?
CorrectD: AIO allows the calling process to initiate an I/O request and immediately continue executing other code without blocking
Synchronous I/O (read(), write()) blocks the calling thread until the kernel completes the operation β wasting CPU cycles waiting for disk or network. AIO (POSIX aio_read, Linux io_uring) lets the process submit an I/O request and continue executing. When the I/O completes, the OS notifies via a signal, callback, or completion queue. io_uring (Linux 5.1+) achieves near-zero-syscall overhead through shared ring buffers between user and kernel space.
IncorrectD: AIO allows the calling process to initiate an I/O request and immediately continue executing other code without blocking
Synchronous I/O (read(), write()) blocks the calling thread until the kernel completes the operation β wasting CPU cycles waiting for disk or network. AIO (POSIX aio_read, Linux io_uring) lets the process submit an I/O request and continue executing. When the I/O completes, the OS notifies via a signal, callback, or completion queue. io_uring (Linux 5.1+) achieves near-zero-syscall overhead through shared ring buffers between user and kernel space.
13How does the sendfile() system call provide "Zero-Copy" network I/O optimization?
CorrectA: It instructs the kernel to transfer data directly from the disk cache to the network socket buffer entirely within kernel space, eliminating user space copy overhead
Traditional file serving: read() copies disk data from kernel page cache β user buffer β write() copies user buffer β kernel socket buffer β NIC (2 copies, 4 context switches). sendfile() performs the transfer entirely in kernel space: page cache β socket buffer β NIC, with zero user-space copies and only 2 context switches. This is how Nginx and Apache serve static files at very high throughput with minimal CPU usage.
IncorrectA: It instructs the kernel to transfer data directly from the disk cache to the network socket buffer entirely within kernel space, eliminating user space copy overhead
Traditional file serving: read() copies disk data from kernel page cache β user buffer β write() copies user buffer β kernel socket buffer β NIC (2 copies, 4 context switches). sendfile() performs the transfer entirely in kernel space: page cache β socket buffer β NIC, with zero user-space copies and only 2 context switches. This is how Nginx and Apache serve static files at very high throughput with minimal CPU usage.
14In the context of Error Detection services, what occurs when the OS generates a "Core Dump"?
CorrectC: The OS captures a complete snapshot of the crashed process's working memory state and writes it to a file for post-mortem forensic debugging
When a process receives a fatal signal (SIGSEGV, SIGABRT, SIGFPE) and the core dump limit (ulimit -c) is nonzero, the kernel writes the process's entire address space, register state, open file descriptors, and thread stacks to a core file. Developers load this into GDB (gdb ./program core) to inspect the exact state at the moment of death β the call stack, variable values, and memory contents β enabling post-mortem root-cause analysis without needing to reproduce the crash.
IncorrectC: The OS captures a complete snapshot of the crashed process's working memory state and writes it to a file for post-mortem forensic debugging
When a process receives a fatal signal (SIGSEGV, SIGABRT, SIGFPE) and the core dump limit (ulimit -c) is nonzero, the kernel writes the process's entire address space, register state, open file descriptors, and thread stacks to a core file. Developers load this into GDB (gdb ./program core) to inspect the exact state at the moment of death β the call stack, variable values, and memory contents β enabling post-mortem root-cause analysis without needing to reproduce the crash.
15What is Event Tracing for Windows (ETW)?
CorrectB: A high-performance, low-overhead kernel-level tracing facility provided by the Windows OS that logs hardware and software events for diagnostics
ETW is a high-speed, buffered, kernel-level tracing infrastructure built into Windows NT. Providers (kernel, drivers, user apps) emit structured events to in-memory ring buffers. A controller enables providers and sessions; consumers read the buffered events. Tools like Windows Performance Recorder (WPR), perfview, and Process Monitor use ETW. Its overhead is extremely low (<1%) because providers check a bit before emitting β if no consumer is listening, emission is a near-zero cost operation.
IncorrectB: A high-performance, low-overhead kernel-level tracing facility provided by the Windows OS that logs hardware and software events for diagnostics
ETW is a high-speed, buffered, kernel-level tracing infrastructure built into Windows NT. Providers (kernel, drivers, user apps) emit structured events to in-memory ring buffers. A controller enables providers and sessions; consumers read the buffered events. Tools like Windows Performance Recorder (WPR), perfview, and Process Monitor use ETW. Its overhead is extremely low (<1%) because providers check a bit before emitting β if no consumer is listening, emission is a near-zero cost operation.
16How does the OS kernel securely validate pointers passed as parameters during a system call?
CorrectD: The kernel must rigorously verify that the pointer directs to a valid address strictly within the calling process's legitimate user address space
If the kernel blindly dereferenced a user-supplied pointer, a malicious process could pass a kernel-space address, causing the kernel to read or write arbitrary kernel memory β a privilege escalation. The kernel validates every user pointer via copy_from_user() / copy_to_user() (Linux), which checks that the address falls within the process's valid user-space VMA and handles page faults atomically. An invalid pointer causes the system call to return -EFAULT.
IncorrectD: The kernel must rigorously verify that the pointer directs to a valid address strictly within the calling process's legitimate user address space
If the kernel blindly dereferenced a user-supplied pointer, a malicious process could pass a kernel-space address, causing the kernel to read or write arbitrary kernel memory β a privilege escalation. The kernel validates every user pointer via copy_from_user() / copy_to_user() (Linux), which checks that the address falls within the process's valid user-space VMA and handles page faults atomically. An invalid pointer causes the system call to return -EFAULT.
17What service does the chroot system call (or modern kernel namespaces) essentially provide?
CorrectA: It changes the apparent root directory for the current running process and its children, isolating or "jailing" the process from accessing external files
chroot() changes what the process perceives as "/" β creating a "chroot jail." Paths like /etc/passwd inside the jail resolve to /new_root/etc/passwd on the real filesystem; the process cannot access files outside its jail. Modern Linux namespaces (pivot_root, mount namespaces) fix chroot's escape vulnerabilities and are used by Docker containers to provide filesystem isolation without full virtualization.
IncorrectA: It changes the apparent root directory for the current running process and its children, isolating or "jailing" the process from accessing external files
chroot() changes what the process perceives as "/" β creating a "chroot jail." Paths like /etc/passwd inside the jail resolve to /new_root/etc/passwd on the real filesystem; the process cannot access files outside its jail. Modern Linux namespaces (pivot_root, mount namespaces) fix chroot's escape vulnerabilities and are used by Docker containers to provide filesystem isolation without full virtualization.
18How do High-Resolution Timers operate differently than standard Information Maintenance time services?
CorrectC: They utilize specific, high-precision hardware counters (like the HPET) to provide sub-millisecond scheduling and profiling accuracy
Standard OS time services (time(), gettimeofday()) return wall-clock time with millisecond or microsecond precision. High-Resolution Timers (hrtimers on Linux, HPET, TSC) use dedicated hardware counters β the HPET offers nanosecond resolution, the CPU's TSC (Time Stamp Counter) offers per-cycle precision. Audio/video synchronization, real-time scheduling, and performance profiling require this level of accuracy, which standard timer interrupts (1β250 Hz) cannot provide.
IncorrectC: They utilize specific, high-precision hardware counters (like the HPET) to provide sub-millisecond scheduling and profiling accuracy
Standard OS time services (time(), gettimeofday()) return wall-clock time with millisecond or microsecond precision. High-Resolution Timers (hrtimers on Linux, HPET, TSC) use dedicated hardware counters β the HPET offers nanosecond resolution, the CPU's TSC (Time Stamp Counter) offers per-cycle precision. Audio/video synchronization, real-time scheduling, and performance profiling require this level of accuracy, which standard timer interrupts (1β250 Hz) cannot provide.
19What is the fundamental mechanism behind OS Signal Handling (e.g., SIGKILL, SIGINT)?
CorrectB: An asynchronous notification delivered by the OS to a process indicating an event has occurred, interrupting normal flow to execute a registered handler
Signals are the OS's software interrupt mechanism for processes. The kernel delivers a signal by setting a pending-signal bit in the process's task_struct and interrupting it at the next safe point. The process can register a signal handler (sigaction()), ignore the signal, or accept the default action (terminate, core dump, stop). SIGKILL and SIGSTOP cannot be caught or ignored β they are unconditional kernel-enforced actions.
IncorrectB: An asynchronous notification delivered by the OS to a process indicating an event has occurred, interrupting normal flow to execute a registered handler
Signals are the OS's software interrupt mechanism for processes. The kernel delivers a signal by setting a pending-signal bit in the process's task_struct and interrupting it at the next safe point. The process can register a signal handler (sigaction()), ignore the signal, or accept the default action (terminate, core dump, stop). SIGKILL and SIGSTOP cannot be caught or ignored β they are unconditional kernel-enforced actions.
20How do Loadable Kernel Modules (LKMs) extend the OS's native service capabilities?
CorrectD: They are pieces of object code containing functions and data that can be dynamically loaded into and unloaded from the core kernel at runtime without rebooting
LKMs (insmod/modprobe on Linux) allow device drivers, file systems, and networking protocols to be added or removed from a running kernel without reboot. A module is a relocatable ELF object; the kernel's module loader resolves its symbols against the running kernel, allocates kernel memory, and calls the module's init function. This keeps the base kernel small while allowing unlimited extensibility β virtually all Linux drivers ship as LKMs.
IncorrectD: They are pieces of object code containing functions and data that can be dynamically loaded into and unloaded from the core kernel at runtime without rebooting
LKMs (insmod/modprobe on Linux) allow device drivers, file systems, and networking protocols to be added or removed from a running kernel without reboot. A module is a relocatable ELF object; the kernel's module loader resolves its symbols against the running kernel, allocates kernel memory, and calls the module's init function. This keeps the base kernel small while allowing unlimited extensibility β virtually all Linux drivers ship as LKMs.
Conclusion: Mastering OS Services
These 60 MCQs cover the complete OS Services taxonomy β from the eight foundational service categories through API abstraction layers and IPC models, all the way to kernel-level mechanisms like ptrace(), mmap(), sendfile(), ETW, and Loadable Kernel Modules.
The key to mastering these questions is understanding the layered model: Hardware β Kernel Services β System Call Interface β API Library β Application. Each layer adds abstraction β once you see how POSIX libc wraps raw syscalls and how IPC models trade speed for safety, every scenario question becomes logical.
After completing this set, deepen your knowledge with the full OS Services Theory Notes and practice with System Calls MCQs to drill the syscall interface in even greater depth.
β‘ Key Takeaways β OS Services
- System calls are the only secure gateway from user space to kernel β triggered by a software trap, dispatched via sys_call_table[] indexed by call number in rax.
- APIs (POSIX, Win32, Java) are portability wrappers β they handle parameter marshaling and provide architecture-independent interfaces over raw system calls.
- Shared Memory IPC is the fastest model (no kernel copying) but requires explicit developer synchronization; Message Passing is safer and scales to distributed networks.
- mmap() bridges File System and Memory Management β enabling zero-copy file I/O, memory-mapped databases (SQLite, LMDB), and efficient ELF program loading.
- sendfile() enables zero-copy network serving β page cache β socket buffer entirely in kernel space, eliminating the two user-space copies of read()+write().
- ptrace() is the kernel primitive behind GDB, strace, and seccomp-bpf sandbox syscall filtering in Chrome and Docker.
- Protection Domains + Access Matrix give the theoretical foundation β implemented as Unix ACLs (permission bits) or Windows DACLs in practice.
- LKMs (Loadable Kernel Modules) provide unlimited kernel extensibility at runtime β virtually all Linux device drivers ship as dynamically insertable modules.
Quick Review & Summary
Use this table to consolidate OS Services concepts before or after attempting the questions above.
| Concept | Definition / Mechanism | Key Example(s) |
|---|---|---|
| System Call | Software trap transferring control from userβkernel mode to request privileged service | read(), fork(), open(), mmap() |
| API Layer | Portable wrapper functions that marshal args and invoke the correct system call | POSIX libc, Win32, Java SDK / JVM |
| IPC β Message Passing | Data exchange via OS-managed kernel channels; no shared memory needed | pipe(), POSIX mqueue, sockets, ALPC |
| IPC β Shared Memory | Same physical RAM mapped into multiple address spaces; needs explicit sync | mmap(MAP_SHARED), POSIX shm_open() |
| Resource Allocation | OS distributes CPU, RAM, I/O bandwidth fairly among competing processes | CFS scheduler, cgroups, ulimits |
| Error Detection | Continuous monitoring of hardware & software faults; corrective action taken | ECC RAM, SIGSEGV β core dump, BSOD |
| Protection Domain | Set of (object, rights) pairs defining what a process/user may do | chmod(), chown(), Access Matrix / ACL |
| mmap() / sendfile() | mmap: fileβvirtual addr space; sendfile: disk cacheβsocket without user copy | SQLite, LMDB, Nginx static serving |
| ptrace() / strace | Kernel primitive to observe/control another process & intercept system calls | GDB, strace, seccomp-bpf sandboxing |
| Loadable Kernel Module | ELF object dynamically loaded/unloaded into running kernel without reboot | insmod, modprobe, device drivers |
Frequently Asked Questions
Q. How many OS Services MCQs are available on this page?
Q. What topics do these OS Services MCQs cover?
Q. Are these MCQs suitable for GATE OS exam preparation?
Q. What is the key difference between the Message Passing and Shared Memory IPC models?
Q. What is the difference between Study Mode and Exam Mode in the MCQ engine?
Q. Which system call categories are covered in these OS Services MCQs?
Struggling with some questions? Re-read the full Theory Guide: OS Services