220-1102 Practice Exam Questions I Flashcards
Which of the following should be used to uniquely identify every piece of hardware installed on the corporate network, including servers, desktops, laptops, printers, and monitors?
Asset ID
the key word is hardware
OBJ-4.1: The asset ID should be used to uniquely identify each piece of hardware tracked in an asset management database. An asset management database can be configured to store as much or as little information as is deemed necessary. Typical data would be type, model, serial number, asset ID, location, user(s), value, and service information. Tangible assets can be identified using an identification number, barcode label, or Radio Frequency ID (RFID) tag attached to the device. An RFID tag is a chip programmed with asset data. When in range of a scanner, the chip powers up and signals the scanner. The scanner alerts management software to update the device’s location. As well as asset tracking, this allows the management software to track the device’s location, making theft more difficult. An IP address is a logical identifier, but it is frequently changed when using a network with DHCP and cannot be used to reliably identify a piece of hardware. The location of a device is not a unique way of identifying an asset since many pieces of hardware may be located in the space location. Additionally, virtual machines cannot easily be tracked using their physical location. This MAC address is used to identify every device on the local area network uniquely if an Asset ID is not available, but would not be useful when trying to identify monitors since they do not use a MAC address.
A user is having an issue with a specific application on their Android device. The user works for DionTraining, and every employee has the exact same model of smartphone issued by the company. Whenever the user attempts to launch the application, the app fails and generates an error message. Which of the following should the technician attempt FIRST to solve this issue?
1. Rollback the application to the previous version
2. Clear the local application cache
3. Reinstall the malfunctioning app
4. Update the OS
- Clear the local application cache
OBJ-3.4: To solve an issue with a mobile application, you should normally attempt the following steps. First, clear the application cache since this locally stored information can become glitchy and cause an app to crash. If you have two of the same smartphones having the same issue, it is unlikely to be the application cache causing the issue. In this case, the technician would then attempt to update the OS of the smartphones. Updating the operating system can minimize compatibility issues and fix crashing applications. Third, you can try reinstalling the application if the other two options don’t work.
You are troubleshooting a user’s computer. As part of your efforts, you want to install a new login with administrative privileges. Which of the following utilities should you use?
1. System Configuration
2. System Information
3. Local Users and Groups
4. Group Policy
- Local Users and Groups
OBJ-3.1: Local users and groups (lusrmgr.msc) is a utility used to assign rights and roles to different users and groups on a local computer. Group policy editor (gpedit.msc) is a utility used to define and control how programs, network resources, and the operating system operate for users and computers in an organization. In an active directory environment, a group policy is applied to users or computers based on their membership in sites, domains, or organizational units. System configuration (msconfig.exe) is a system utility to troubleshoot the Microsoft Windows startup processes. MSConfig is used to disable or re-enable software, device drivers, and Windows services that run at startup, or to change boot parameters. System information (msinfo32.exe) is a utility that gathers information about your computer and displays a comprehensive list of hardware, system components, and the software environment that can be used to diagnose computer issues.
A macOS user is browsing the internet in Google Chrome when they see a notification that says, “Windows Enterprise Defender: Your computer is infected with a virus, please click here to remove it!” What type of threat is this user experiencing?
Rogue anti-virus
OBJ-3.2: Rogue anti-virus is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and to pay money for a fake malware removal tool (that actually introduces malware to the computer). It is a form of scareware that manipulates users through fear and a form of ransomware. Since the alert is being displayed on a macOS system but appears to be meant for a Windows system, it is obviously a scam or fake alert and most likely a rogue anti-virus attempting to infect the system. Phishing is an email-based social engineering attack in which the attacker sends an email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim. Phishing attacks target an indiscriminate large group of random people. A worm is a standalone malware computer program that replicates itself to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. A worm can spread on its own, whereas a virus needs a host program or user interaction to propagate itself. Pharming is a type of social engineering attack that redirects a request for a website, typically an e-commerce site, to a similar-looking, but fake, website. The attacker uses DNS spoofing to redirect the user to the fake site.
A computer was recently infected with a piece of malware. Without any user intervention, the malware is now spreading throughout the corporate network and infecting other computers that it finds. Which type of malware MOST likely infected these computers?
Worm
OBJ-2.3: A worm is a standalone malware computer program that replicates itself to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. A worm can spread on its own, whereas a virus needs a host program or user interaction to propagate itself. A virus is malicious software designed to infect computer files or disks when it is activated. A virus may be programmed to carry out other malicious actions, such as deleting files or changing system settings. A trojan is a type of malware that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general, inflict some other harmful action on your data or network. The most common form of a trojan is a Remote Access Trojan (RAT), which allows an attacker to control a workstation or steal information remotely. To operate, a trojan will create numerous processes that run in the background of the system. Ransomware is a type of malware designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Once infected, a system or its files are encrypted, and then the decryption key is withheld from the victim unless payment is received.
You are a member of a project team contracted to install twenty new wireless access points (WAPs) for a college campus. Your team has already determined the locations for the new WAPs and notated them in the physical and logical network diagrams. Your team is still finalizing the change request documents for the installation. The project cannot move forward with the installation until the change request is finalized and approved. Which of the following is the MOST important thing to add to the scope of work and change request before its approval?
1. Risk Analysis
2. Plan for change
3. Rollback plan
4. End-user acceptance
- Rollback plan
OBJ-4.2: This is a difficult question because all of these items should be included in a Request for Change (RFC), but the most important is a proper backout plan. A rollback plan is an IT governance integration approach that specifies the processes required to restore a system to its original or earlier state in the event of failed or aborted implementation. Every change should be accompanied by a rollback plan so that the change can be reversed if it has harmful or unforeseen consequences. Changes should also be scheduled sensitively if they are likely to cause system downtime or other negative impacts on the workflow of the business units that depend on the IT system being modified. Most organizations have a scheduled maintenance window period for authorized downtime. By following this guidance, the team can back out and restore service on the legacy/previous system if something goes wrong with the installation. End-user acceptance is the process of verifying a change was successfully implemented and turned over to the end-user for future operation. A plan for change is the documented method for installing or modifying the asset as documented in the change request. While this is important, the most important thing is still a backout plan since many changes are routine changes that do not require a detailed plan of change. A risk analysis determines the severity level of a change and is used to help the change approval board (CAB) make an informed approval decision.
Which of the following types of wireless encryption uses a 40-bit encryption key with an RC4 encryption cipher?
1. Open
2. WPA
3. WPA2
4. WEP
- WEP
OBJ-2.2: The Wired Equivalent Privacy (WEP) encryption system is based on the RC4 encryption cipher. WEP uses a 40-bit encryption key and a 24-bit initialization vector by default, creating a 64-bit key. Newer versions of WEP support a 128-bit key size. A larger encryption key creates stronger encryption and is more difficult to attack. WEP is considered weak by today’s standards and should be replaced by WPA2 or strong encryption schemes. Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications designed to replace WEP. WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption. An open network does not use an encryption key or preshared key to protect the network.
Windows file servers commonly hold sensitive files, databases, passwords, and more. What common vulnerability is usually used against a Windows file server to expose sensitive files, databases, and passwords?
Missing patches
OBJ-2.4: Missing patches are the most common vulnerability found on both Windows and Linux systems. When a security patch is released, attackers begin to reverse engineer the security patch to exploit the vulnerability. If your servers are not patched against the vulnerability, they can become victims of the exploit, and the server’s data can become compromised. Cross-Site Scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. Cross-site scripting focuses on exploiting a user’s workstation, not a server. CRLF injection is a software application coding vulnerability that occurs when an attacker injects a CRLF character sequence where it is not expected. SQL injection is the placement of malicious code in SQL statements via web page input. SQL is commonly used against databases, but they are not useful when attacking file servers.
Which version of Windows supports Virtual Desktops?
Windows 10
OBJ-1.1: Windows 10 added support for Virtual Desktops like those long seen on Linux and Mac OS X. These allow users without multi-monitor setups to create multiple virtual desktops that are handy for splitting usage between work and leisure work into projects, or whatever you require. Older versions of Windows, such as Windows 7, Windows 8, and Windows 8.1 do not support Virtual Desktops and are currently considered end-of-life operating systems.
Which of the following types of backups generates the recovered files from a complete copy of a file created at some point in time and one or more partial backups created at later times to merge them into the recovered data?
1. Synthetic
2. Incremental
3. Full
4. Differential
- Synthetic
OBJ-4.3: Synthetic backup is the process of generating a file from a complete copy of a file created at some past time and one or more incremental copies created at later times. The expression synthetic in this context refers to the fact that the assembled file is not a direct copy of any single current or previously created file. Instead, a synthetic file is merged or synthesized by a specialized application program from the original file and one or more modifications to it. A full backup creates a copy of all the selected data regardless of when it was previously backed up. It takes the most time to complete a backup but is the fastest when conducting a restoral of all the data on a hard drive. A differential backup only creates a copy of the selected data that has been modified since the last full backup. It is a good compromise in speed between a full backup (which takes the longest to backup and the least to restore) and an incremental backup (which takes the least to backup and the longest to restore). An incremental backup only creates a copy of new files and files modified since the last full, incremental, or differential backup. Therefore, it takes the least amount of time to complete a backup. Unfortunately, it also takes the most time to restore since you have to first restore the full backup, then any differential and incremental backups until all your data is restored.
Which of the following Windows 10 power options will turn off individual devices connected to a laptop to save energy?
1. Hibernate
2. Fast startup
3. Sleep
4. USB selective suspend
- USB selective suspend
OBJ-1.4: The USB selective suspend feature allows the hub driver to suspend an individual port without affecting the operation of the other ports on the hub. Selective suspension of USB devices is helpful when using a laptop computer as it helps to conserve battery power by powering off USB ports that are not needed at the time. Hibernate mode is used to save the current session to disk before powering off the computer to save battery life when the system is not being used. The computer takes longer to start up again from hibernate mode than it does from the sleep or standby mode. Sleep or standby mode is used to save the current session to memory and put the computer into a minimal power state to save battery life when the system is not being used. The computer takes less time to start up again from the sleep or standby mode than it does from the hibernate mode. Fast startup is a mode in between a full shutdown and a hibernation mode. With a fast startup, the computer will log out of the computer close all of its open files when being shut down. Before the system powers off, though, a small hibernation file is created to help speed up the bootup process when the computer is powered on again.
A user contacts the service desk, stating their account is locked out, and they are unable to login to their local workstation. Which of the following log files should you review to determine the source of the lockout on the local workstation?
1. Security log
2. System log
3. Setup
4. Application log
- Security log
OBJ-3.1: The event viewer shows a log of application and system messages, including errors, information messages, and warnings. It’s a useful tool for troubleshooting all kinds of different Windows problems. The security log contains information regarding audit data and security on a system. For example, the security log contains a list of every successful and failed login attempt. The file (security.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The application log contains information regarding application errors. The file (application.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The setup log contains a record of the events generated during the Windows installation or upgrade process. The file (setup.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The system log contains information about service load failures, hardware conflicts, driver load failures, and more. The file (system.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer.
During the reconnaissance phase of a penetration test, you have determined that your client’s employees all use Android smartphones that connect back to the corporate network over a secure VPN connection. Which of the following methods would MOST likely be the best method for exploiting these?
1. Identify a jailbroken device for easy exploitation
2. Use a tool like ICSSPLOIT to target specific vulnerabilities
3. Use web-based exploits against the devices web interface
4. Use social engineering to trick a user into opening a malicious APK
- Use social engineering to trick a user into opening a malicious APK
OBJ-3.5: When targeting mobile devices, you must first determine if the company uses iPhones or Android-based devices. If they are using Android-based devices, you can use social engineering to trick a user into installing a malicious APK. As a penetration tester, you can create a malicious APK using msfvenom in the Metasploit framework. The user can install it directly from your website instead of the Google Play store.
Your company wants to ensure that users cannot access USB mass storage devices. You have conducted some research online and found that if you modify the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor key, it will prevent USB storage devices from being used. Which of the following tools should you use to modify this key?
1. RDS
2. MSConfig
3. MMC
4. RegEdit
- RegEdit
OBJ-1.3: The registry editor (RegEdit) allows you to view and make changes to system files and programs that you wouldn’t be able to access otherwise. The registry is a database made up of hives and keys that control various settings on a Windows system. Incorrectly editing the Registry can permanently damage your computer, so it is important to be very careful when modifying the registry using RegEdit. MSConfig is a system utility to troubleshoot the Microsoft Windows startup processes MSConfig is used to disable or re-enable software, device drivers, and Windows services that run at startup, or to change boot parameters. Remote desktop services (RDS) is used to connect to a remote desktop session host servers or other remote computers, edit an existing remote desktop connection (.rdp) configuration file, and migrate legacy connection files that were created with the client connection manager to the newer .rdp connection file type. The Microsoft management console (MMC) is a utility that uses snap-ins for various Windows tools such as disk management, computer management, performance monitor, print management, and others to perform operations on a local or networked computer.
Which of the following backup rotation schemes uses a three-tiered approach to ensure at least one monthly full backup is conducted?
1. Gradnfather-father-son
2. FIFO backup
3. Tower of Hanoi
4. 3-2-1 backup
- Grandfather-father-son
OBJ-4.3: The grandfather-father-son (GFS) backup rotation scheme is widely used to combine full and incremental backups to reduce backup time and enhance storage security. The grandfather is a full backup that is stored off-site once per month. The father is a weekly full backup that is conducted. The son is an incremental or differential backup conducted each day. For example, each Monday a full backup can be conducted which becomes the father. Then, each day of the week a son is created by performing an incremental or differential backup. Once per month, a full backup is conducted to become the grandfather. The 3-2-1 backup rule states that an organization should create (3) one primary backup and two copies of the data, (2) save the backups to two different types of media, and (1) keep at least one backup copy off-site. The Tower of Hanoi is a backup rotation scheme that rotates backup media sets throughout the backup process to minimize wear and failure of tape backup media. For example, when using this method with four backup tapes labeled A, B, C, and D, a total of 16 days of backups can be maintained with just 4 tapes. Tape A is used every odd-numbered day for 16 days. Tape B is used on days 2, 6, 10, and 14. Tape C is used on days 4 and 12. Tape D is used on days 8 and 16. This allows Tape A to be overwritten every other day, while Tapes B is overwritten every four days and Tapes C and D are overwritten every 8 days. The First In First Out (FIFO) backup scheme uses a set number of tapes and overwrites the oldest tape with the newest information. For example, if there are 7 tapes in use, every evening a new backup is conducted over the previous week’s daily backup. To have a longer amount of days of backups, a technician simply needs to increase the number of tapes from 7 to 14 or 21.
