A+1102 CompTIA A+ Core 2 Practice Test Flashcards

1
Q

Which of the following should generate an alert when the account is disabled or altered?

A

THE CORRECT ANSWER

Change default administrator account.

These default accounts have practical limitations and consequently are the ultimate target for threat actors. Any use of the default administrator account must be logged and accounted for.

Disabling guest accounts allow unauthorized access to the computer and may provide some sort of network access too. It is only enabled to facilitate password-less file sharing in a Windows workgroup.

Restrict user permission means some networks have complex requirements for assigning rights. However, the basic principle is that the number of accounts with administrator privileges should be as few as possible.

Restrict login times are typically used to prevent an account from logging in at an unusual time of the day or night or during the weekend.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A Windows administrator wants to learn how to use Linux by installing the Linux subsystem for Windows. What should their version of Windows have on the New Technology File System (NTFS) to support case-sensitive naming and hard links required by Linux?

A

THE CORRECT ANSWER

POSIX

To support UNIX/Linux compatibility, Microsoft engineered NTFS to support case-sensitive naming, hard links, and other key features UNIX/Linux applications require. This is known as POSIX compliance.

When data is written to an NTFS volume, it is re-read, verified, and logged via journaling. In the event of a problem, the sector concerned is marked as bad and the data relocated.

FAT32 is a variant of FAT that uses a 32-bit allocation table, nominally supporting volumes up to 2 TB. The maximum file size is 4 GB minus 1 byte.

The Indexing Service creates a catalog of file and folder locations and properties, speeding up searches.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

A security analyst notices an unauthorized disclosure of customers’ data at the company. What type of data is breached?

A

YOU WERE CORRECT

PII

Personally identifiable information (PII) is data that can be used to identify, contact, or locate an individual or impersonate that individual in the case of identity theft. PII is any representation of information that authorizes the identity of an individual.

The open-source license makes it free to use, modify, and share and makes the program code used to design it available.

Healthcare data refers to medical and insurance records plus associated hospital and laboratory test results.

The chain of custody form records where, when, and who collected the evidence, handled it subsequently, and stored it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

A vulnerability manager is brainstorming different ways to enhance security for their cell phone devices. The company only uses Apple, and so one of the ideas the manager comes up with is to look for anomalistic files that do not belong with Apple for signs of possible malware which did not profile the device and instead just blasted malware out, hoping the operating system would be right. Which of the following would be anomalistic?

A

THE CORRECT ANSWER

.apk

An .apk file is a format for Android. The vulnerability manager only has Apple in their environment. Unknown sources enable untrusted apps to be downloaded from a website and installed using the .APK file format.

DMG (disk image) format is used for simple installs where the package contents need to be copied to the Applications folder.

PKG format is used where app setup needs to perform additional actions, such as running a service or writing files to multiple folders.

The app is placed in a directory with a .APP extension in the Applications folder when it has been installed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A user logs into a computer and uses a camera that records a 3-D image with its infrared sensor to mitigate attempts to use a photo to spoof the authentication mechanism. What is this called?

A

YOU WERE CORRECT

Facial recognition

Facial recognition is the bio gesture that uses a webcam to scan the unique features of the user’s face.

A fingerprint is the type of bio gesture authentication that uses a sensor to scan the unique features of the user’s fingerprint.

Single sign-on (SSO) means that a user authenticates once to a device or network to access multiple applications or services. The advantage of SSO is that each user does not have to manage multiple digital identities and passwords.

Gpupdate is a policy applied at sign-in and refreshed periodically, which is normally every 90 minutes. The gpupdate command is used to immediately apply a new or changed policy to a computer and account profile.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which of the following avoids opening remote desktop ports on the network’s firewall?

A

THE CORRECT ANSWER

VPN

A virtual private network (VPN) establishes a tunneled link that joins a local computer to a remote network. Establish a VPN link and then use a remote desktop to connect to a host on the private network.

Secure shell (SSH) is also a remote access protocol, but it connects to a command interpreter rather than a desktop window manager.

Virtual network computing (VNC) is a freeware product with similar functionality to RDP. It works over TCP port 5900. Not all versions of VNC support connection security.

Remote Monitoring and Management (RMM) tools are principally designed for managed service providers (MSPs).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

A Windows client administrator plans to upgrade their OS in the current environment. What is one of the most important considerations for the upgrade?

A

THE CORRECT ANSWER

User training

Different desktop styles introduced by a new OS version or changing from one OS to another can generate issues as users struggle to navigate the new desktop and file system. An upgrade project must take account of this and prepare training programs.

While the scenario did not specify which OS the administrator was upgrading to, Windows 11 requires a CPU or motherboard supporting trusted platform module (TPM) version 2.

When data is written to an NTFS volume, it is re-read, verified, and logged via journaling. In the event of a problem, the sector concerned is marked as bad and the data relocated.

The Dynamic Disks feature allows multiple physical disks to be combined into volumes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A customer uses their computer at a café, and an attacker watches the customer typing their login information. What is this called?

A

YOU WERE CORRECT

Shoulder surfing

Shoulder surfing attacks are when the attacker learns a password, PIN, or any secure information by watching the user type it.

Tailgating is when entering a secure area without authorization by following closely behind the person allowed to open the door or checkpoint.

Phishing uses social engineering techniques to make spoofed electronic communications seem authentic to the victim. A phishing message might convince the user to perform actions, such as installing malware disguised as an antivirus program.

Vishing is an attack through a voice channel like a telephone. It can be much more difficult for someone to refuse a request made in a phone call than one made in an email.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A vulnerability and risk manager reviews older systems that can only receive critical patches. What are these systems classified as?

A

THE CORRECT ANSWER

Extended support

During the extended support phase, the product is no longer commercially available, but the vendor issues critical patches.

An end-of-life (EOL) system is one that its developer or vendor no longer supports. EOL systems no longer receive security updates and therefore represent a critical vulnerability.

A public beta phase might be used to gather user feedback. Microsoft operates a Windows Insider Program where users can sign up to use early release Windows versions and feature updates.

When the product is being actively marketed during the supported phase, the vendor releases regular patches to fix critical security and operational issues and feature upgrades to expand OS functionality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A malware infection can manifest in many ways, often making it difficult to diagnose. Malware may cause which of the following computer issues? (Select all that apply.)

A

Windows update fails

Redirection

One of the key indicators of malware infection is that security-related applications, such as antivirus, firewall, and Windows Update, stop working. Other applications or Windows tools, such as Task Manager, may also stop working or crash frequently.

Malware often targets the web browser. An example is a redirection, where the user tries to open one page but gets sent to another.

User Account Control (UAC) is a system to prevent unauthorized use of administrator privileges. Malware may try to disable UAC, but it would not enable it.

Roaming profiles copies the whole profile from a share at logon and copies the updated profile back at logoff.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An employee uses a cryptographic contactless technique that allows access to a building. What is this technique?

A

YOU WERE CORRECT

Badge reader

Badge readers are a type of electronic lock that works with a hardware token rather than a PIN.

A magnetometer is a type of metal detector often deployed at airports and in public buildings to identify concealed weapons or other items.

Alarm systems are designed to detect intrusion into a building or home. Alarms systems include motion sensors, video surveillance, and lighting.

A palmprint scanner is a contactless-type of camera-based scanner that uses visible and infrared light to record and validate the unique pattern of veins and other features in a person’s hand. Unlike facial recognition, the user must make an intentional gesture to authenticate.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

An IT specialist removes malware from a computer system and then re-enables System Restore. Then a new restore point is created, all security-critical services and settings are validated, and the DNS configuration is verified. However, when the specialist runs a final antivirus scan, it detects malware. Considering all the steps taken, which would explain why there was still malware on the system?

A

THE CORRECT ANSWER

C&C network connection was detected.

The IT specialist did not inspect the firewall configuration and therefore failed to find the changes that allowed a command and control (C&C) network to establish a connection.

Domain Name System (DNS) spoofing is when an attacker directs a victim away from a legitimate site and towards a fake site.

Port forwarding is the process in which a router takes requests from the internet for a particular application and sends them to a designated host on the LAN.

Cross-site scripting (XSS) is when a malicious script is hosted on the attacker’s site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser’s security model of trusted zones.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

If an individual is creating an account and unable to think of a strong key code word, the browser can suggest strong keycodes to use. What is this called?

A

YOU WERE CORRECT

Password manager

Password managers suggest a strong password at each new account sign-up or credential reset and autofill this value when the user needs to authenticate to the site.

Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices.

Secure connection validates the host’s identity running a site and encrypts communications to protect against snooping.

Ad blockers use more sophisticated techniques to prevent displaying anything that does not seem to be part of the site’s main content or functionality. Many sites detect ad blockers and do not display any content while enabling filtering.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

A manager for a large corporation is in charge of client machines and is currently undergoing a lifecycle hardware refresh. They want to optimize the machines to be powerful enough to run applications. The manager also wants to be sure that they are not underpowered either. What can the manager use to determine CPU optimization?

A

THE CORRECT ANSWER

Privileged time

If privileged time is much higher than user time, the central processing unit (CPU) is likely underpowered (it can barely run Windows core processes efficiently).

If overall processor time is very high (over 85% for sustained periods), it can be helpful to compare these. Privileged time represents system processes, whereas user time is software applications.

If the disk queue length increases and disk time is high, then the manager has a disk problem.

Pages per second are the number of pages read from or written to disk to resolve hard page faults, which means memory moves processes to the page file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A security engineer researches how to make backup and antivirus apps available to their iOS mobile devices. Where should the apps be pushed?

A

THE CORRECT ANSWER

Business Manager

A supervised macOS can be restricted in terms of app installation and uninstallation policies. Corporate apps can be pushed to devices via the Business Manager portal.

By default, macOS will only allow apps to be installed if downloaded from the Mac App Store. To allow the installation of download apps, go to System Preferences > Security & Privacy.

The Finder is the macOS equivalent of File Explorer in Windows. It lets the user navigate all the files and folders on a Mac.

iCloud is Apple’s online storage solution for its users. It provides a central, shared location for mail, contacts, calendar, photos, notes, reminders, and more across macOS and iOS devices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

An administrator is backup chaining a database with the type of backup that utilizes a moderate time and storage requirement. What type of backup is this?

A

THE CORRECT ANSWER

Full with differential

Full with differential means that the chain starts with a full backup and then runs differential jobs that select new files and files modified since the original full job.

Full with incremental means that the chain starts with a full backup and then runs incremental jobs that select only new files and files modified since the previous job.

Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.

Retention is the period that any given backup job is kept for. Short-term retention is important for version control and for recovering from malware infection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

An IT manager, who is in charge of the client image, considers enabling a data at rest solution. Where can the manager go to enable the built-in Microsoft solution?

A

THE CORRECT ANSWER

System Settings

The System Settings page in the Settings app presents options for configuring input and output devices, power, remote desktop, notifications, and clipboard (data copying). BitLocker disk encryption is here.

The Devices and Printers applet in the Control Panel provides an interface for adding devices manually and shortcuts to the configuration pages for connected devices.

The Programs and Features Control Panel applet is the legacy software management interface. Users can use it to install and modify desktop applications and Windows Features.

Network and Sharing Center is a Control Panel applet that shows status information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

A user notices that their device has a leaking component and needs to take careful measures to minimize any risk and discard the approved component at the proper waste facility. Which of the following disposal is this?

A

THE CORRECT ANSWER

Battery

Batteries must be disposed of through an approved waste facility. Swollen or leaking batteries from devices must be handled carefully and stored within appropriate containers. Gloves and safety goggles may minimize the risk of burns from the corrosive material.

Recycling used toner cartridges is offered at most vendors. The products in toner powder are not classified as hazardous to health.

Device disposal can be donated, and if it can not be reused, it must be disposed of through the approved waste facility.

An electrical device has a fuse appropriate to its maximum current. If the current increases past the fuse capacity, the fuse will blow. However, if the fuse fitted is rated too low, the fuse will blow too easily.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

A security awareness trainer spends a good portion of the training class talking about phishing, given its popularity as an attack vector. Phishing campaigns are getting more sophisticated, so the trainer is helping the class learn how to identify a phishing email. Which of the following is an indicator of phishing? (Select all that apply.)

A

Inconsistent sender and reply to addresses

Urgency

Disguised links

Many phishing emails have a sense of urgency so that the recipient will act now or else it will be too late. In business, this could be an email that appears to be from the boss, who needs something right away.

The email sender’s address (the FROM address) should be consistent with the REPLY-TO address.

Links in phishing emails can be disguised. For example, a link that appears to be www.microsoft.com, reveals a very different URL, such as www.maliciouslink.com, when the cursor hovers over the link.

An email with no signature is not an indicator of phishing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

A server administrator was called in to help a VIP whose computer was accidentally infected with a virus. The administrator wants to revert the computer but still preserve user personalization settings. What should the administrator use?

A

YOU WERE CORRECT

Refresh

Windows supports refresh and reset options to try to repair the installation. Using refresh recopies the system files and reverts most system settings to the default but can preserve user personalization settings, data files, and more.

Using the full reset option deletes the existing OS plus apps, settings, and data ready for the OS to be reinstalled.

A factory recovery partition is a tool used by the original equipment manufacturers (OEMs) to restore the OS environment to its ship state. The recovery partition is created on the internal fixed drive.

The OS setup media might not contain drivers for certain hardware devices, but this could be part of an unattended file.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

A user implements a method that requires a one-time code within a given time frame to get access to their email account. What is this method?

A

YOU WERE CORRECT

Soft token

A soft token is a piece of a two-factor security token that generates a single-use login PIN to authorize computer services.

Hard tokens require the user to physically possess their authentication device to gain access to a specific network. The hard token is first registered with the service or network. When the user needs to authenticate, they connect the token and authorize it via a password, PIN, fingerprint reader, or voice recognition.

Short message service (SMS) is a text messaging service between mobile phones. The short messaging service allows up to 160 characters between phones.

A phone call can be used as a second factor authentication, but typically is insecure.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Which of the following backup procedures state that users should have three copies of their data across two media types, with one copy held off-line and off-site?

A

YOU WERE CORRECT

3-2-1 backup rule

3-2-1 backup rule is a best-practice maxim that users can apply to their backup procedures to verify that they are implementing a solution to mitigate the widest possible range of disaster scenarios.

Grandfather-father-son (GFS) is a backup rotation scheme that uses son tapes to store the most recent data and have the shortest retention period. Grandfather tapes are the oldest and have the longest retention period.

Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.

The synthetic full backup is not generated directly from the original data but instead assembled from other backup jobs.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

A user just installed a new application on their workstation, but the application has issues even starting up. The user has been working on the machine regularly up to this point without any prior issues. Which of the following is most likely the issue?

A

THE CORRECT ANSWER

Firewall

In this scenario, one place to troubleshoot is the host-based firewall. Select “Allow an app through the firewall” to allow or block programs (configure exceptions) from the Windows Firewall status page.

While proxy settings could be an issue, if the user is working fine beforehand, proxy settings are not likely to be an issue.

If the user has been using the machine without any previous problems it is unlikely that the domain name system (DNS) is the issue.

The Personalization settings allow the users to select and customize themes, which set the appearance of the desktop environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

A client uses this software that allows access to a given computer. What is this software?

A

THE CORRECT ANSWER

Screen-sharing

Screen-sharing is software that is designed to work over HTTPS across the internet. This is secure because the connection is encrypted but also easier to implement as it does not require special firewall rules.

Some web-conferencing and videoconferencing software, like Microsoft Teams and Zoom, provides a screen-sharing client that participants may control.

With file transfer, users can choose a file-sharing protocol that can be used across all connected hosts. It allows configuring permissions on the share and provisioning user accounts that are recognized by both the server and client.

Desktop management suites are designed for deployment by a single organization and focus primarily on access control and authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

A marketing professional normally sends large files to other team members. The IT department recommended using a shared drive and assisted them in setting it up. The project was a very high priority, so the professional collaborated with several members but started receiving reports that some users could not access it sometimes and others could. They eventually figured out that only 20 people at a time seemed to be able to access it. What is causing the issue?

A

THE CORRECT ANSWER

The share was created on a Windows desktop.

The Share tab in the folder’s Properties dialog can customize permissions, change the share name, and limit the number of simultaneous connections. Windows desktop versions are limited to 20 inbound connections.

If more than 20 users access the share, the data should be stored on file servers rather than local client computers.

The proxy settings will not affect users’ ability to access the file share in this scenario. It could cause issues accessing the internet, however.

If the domain name system (DNS) were causing an issue, the users would not be limited to 20 people. It is possible that load-balanced DNS servers could cause issues if one is incorrect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

A Linux server administrator notices a service they do not recognize, although the environment is quite big. They look at the help file for the ksh process, but the documentation seems poor. It does seem to indicate that it provides interactivity, however. What type of program is this?

A

THE CORRECT ANSWER

Terminal

The shell provides a command environment by which a user can operate the OS and applications. Many shell programs are available with Linux, notably Bash, zsh, and ksh (Korn shell).

Products such as Clam AntiVirus (ClamAV) and the Snort Intrusion Prevention System (IPS) can be used to block varied malware threats and attempts to counteract security systems.

apt-get is a command interface for the Advanced Packaging Tool (APT). APT is used by Debian distributions and works with .deb format packages.

Linux does not have an “official” backup tool. There are plenty of commercial and open-source backup products for Linux, however. Some examples include Amanda, Bacula, Fwbackups, and Rsync.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

A security analyst notices a critical incident that has a widespread effect on customers that can eventually involve a potential data breach. The analyst creates a ticket with the vendor and sets the importance in order to trigger a faster response time. What describes what attribute of the ticket the analyst set?

A

THE CORRECT ANSWER

Severity levels

The severity level is a way of classifying tickets into priority order. Severity levels are not over-complex. There are three severity levels based on impact: critical incidents, major incidents, and minor incidents.

Categories and subcategories group related tickets together, useful for assigning tickets to the relevant support section or technician and for reporting and analysis.

Escalation levels occur when an agent cannot resolve the ticket. The support team can be organized into tiers to clarify escalation levels.

Problem resolution sets out the plan of action and documents the successful implementation and testing of the plan and full system functionality.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

A threat actor uses a technique that instills statements through an unfiltered user response. What is this technique?

A

YOU WERE CORRECT

SQL injection

SQL injection attack is when the attacker modifies one or more of the basic functions by adding code to some input accepted by the app, causing it to execute the attacker’s own set of SQL queries or parameters.

Cross-site scripting (XSS) attack exploits the fact that the browser is likely to trust scripts that appear to come from a site the user has chosen to visit.

A dictionary attack is when the software matches the hash to those produced by ordinary words found in a dictionary.

A brute force attack is when the software tries to match the hash against one of every possible combination it could be.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

A company uses a method that restricts its employees from messing with their computer settings. What is this method called?

A

THE CORRECT ANSWER

BIOS

Basic input/output (BIOS) password is a piece of authentication information that may sometimes require logging into a computer’s basic input/output system (BIOS) before the machine can boot up.

Expiration requirement means that the user must change the password after a set period.

Secure personal identifiable information (PII) and passwords are when paper copies of personal and confidential data must not leave where they could be read or stolen. This type of information should not be entered into unprotected plain text files, word processing documents, or spreadsheets.

Disabling guest accounts allow unauthorized access to the computer and may provide some network access. It is only enabled to facilitate password-less file sharing in a Windows workgroup.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

A user wants to share their printer with other teams, but not all teams use the same operating system. What can the user do to configure functionality with the other teams?

A

THE CORRECT ANSWER

Additional drivers

Use the additional drivers’ button to make drivers available for different client operating systems. For example, if the print server is Windows 10 64-bit, it can make 32-bit Windows 7 drivers available.

Configuring the proxy settings will not help with printer functionality. The settings for proxy information can be found in internet options.

A mapped drive is a share that has been assigned to a drive letter on a client device. To map a share as a drive, right-click it and select Map Network Drive.

A file server would not help with printer functionality, although a printer server could assist with this endeavor.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

The operating system update on a user’s phone fails. The user verifies the phone’s connection to a wall outlet that leads to the office Wi-Fi. Which of the following could be responsible for the update failure?

A

THE CORRECT ANSWER

Metered network

Updates may be blocked if a device is connected to a metered network. Additionally, if the operating system update is incompatible with the device model, it may cause the update to fail.

Remote Authentication Dial-in User Service (RADIUS) is a protocol used to manage remote and wireless authentication infrastructures.

Near-field communication (NFC) is mostly used for contactless payment readers, security ID tags, and shop shelf-edge labels for stock control.

A wireless local area network (WLAN) uses radios and antennas for data transmission and reception. Most WLANs are based on the IEEE 802.11 series of standards, better known as Wi-Fi. Since the user verified that the phone was connected to Wi-Fi, WLAN would not be an issue.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

A server administrator wants to run the latest technologies. What technology should the administrator start using which will replace the New Technology File System (NTFS)?

A

THE CORRECT ANSWER

ReFS

Resilient File System (ReFS) is being developed to replace NTFS. ReFS is only available for Pro for Workstations and Enterprise editions and cannot currently be used for the boot volume.

Most Linux distributions use some version of the extended (ext) file system to format partitions on mass storage devices. ext3 is a 64-bit file system with journaling support.

Where Windows uses NTFS and Linux typically uses ext3 or ext4, Apple Mac workstations and laptops use the proprietary Apple File System (APFS).

exFAT is a 64-bit version of FAT designed for use with removable hard drives and flash media.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

Which of the following will block untrusted application sources from running?

A

THE CORRECT ANSWER

Anti-malware

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

A technician needs to set up a method that blocks URLs or search terms using keywords and phrases. What is this method?

A

THE CORRECT ANSWER

Content filtering

Content filtering means that the firewall downloads curated reputation databases that associate IP address ranges, Fully Qualified Domain Names (FQDNs), and URL web addresses with sites known to host various categories of content.

Changing channels can be accessed by using a Wi-Fi analyzer to identify which channel within the access point’s range is least congested.

Disable guest access when a user does not want a guest network. The guest network is usually isolated from the other local devices.

Guests can connect to this network and access the internet without a password. Encryption settings allow users to set the authentication mode.

35
Q

An employee uses an option to ask for help from a technician with an invitation file protected by a passcode. What is this option?

A

THE CORRECT ANSWER

MSRA

Microsoft Remote Assistance (MSRA) allows a user to ask for help from a technician or co-worker by an invitation file protected by a passcode. The helper opens the invitation file to connect to the remote system.

Remote Monitoring and Management (RMM) tools are principally designed for use by managed service providers (MSPs).

Remote Desktop Protocol (RDP) implements terminal server and client functionality. RDP authentication and session data are always encrypted.

A virtual private network (VPN) establishes a tunneled link that joins a local computer to a remote network. Establish a VPN link and then use a remote desktop to connect to a host on the private network.

36
Q

An administrator uses a method that uses simultaneous authentication of equals (SAE) instead of the 4-way handshake. What is this method?

A

THE CORRECT ANSWER

WPA3

Wireless protected access (WPA3) uses passphrase-based group authentication of stations in private mode; it changes the method by which this secret is used to agree with session keys. The simultaneous authentication of equals (SAE) protocol replaces the 4-way handshake.

Multifactor authentication (MFA) allows the machine to establish a trust relationship and create a secure tunnel to transmit the user credentials or perform smart card authentication without a user password.

Temporal key integrity protocol (TKIP) tries to mitigate the various attacks against WEP developed by producing a new 128-bit encryption key for every packet sent on the network.

Advanced encryption standard (AES) is the standard encryption used by WPA2 and the strongest encryption standard to use by Wi-Fi.

37
Q

A user wants to connect to multiple systems after a single login at only one of the devices. What is this called?

A

YOU WERE CORRECT

SSO

Single sign-on (SSO) means that a user authenticates once to a device or network to access multiple applications or services.

User account control (UAC) is a Windows security feature designed to protect the system against malicious scripts and attacks that could exploit the powerful privileges assigned to members of the Administrators group.

A personal identification number (PIN) can contain letters and symbols. It is a passcode used to process authentication of a user accessing a system.

A fingerprint is the type of bio gesture authentication that uses a sensor to scan the unique features of the user’s fingerprint.

38
Q

An attacker is trying multiple times to login into a user’s phone, but the phone ends up being disabled. What is this called?

A

YOU WERE CORRECT

Failed attempts lockout

Failed attempts lockout is when a maximum number of incorrect sign-in attempts occur within a certain period. Once the maximum number of incorrect attempts has been reached, the account will be disabled.

Concurrent logins limit the number of simultaneous sessions a user can open. Most users should only need to sign in to one computer at a time.

Use timeout/screen lock is when the desktop is locked if the system detects no user-input device activity. Users should not rely on this and lock the computer manually when leaving it unattended.

Disable AutoRun so that malware can not be installed automatically. Some versions of Windows require an optical disc inserted or USB drive to be attached so that the AutoRun command installs.

39
Q

Worried about a crash, a user creates a complete backup of the system configuration and data files on their computer. Identify what the user has created.

A

YOU WERE CORRECT

An image

A backup of everything on the computer, including the installation, settings, apps, and files, is also called an image.

Reimaging is not a backup. It removes system files and resets all PC settings to default, usually done when the hard disk or operating system is damaged or malware-infected.

An update fixes or improves the computer’s operating system, drivers, or software. Nothing else is changed, and nothing on the computer is backed up.

If an update to Windows or an application/program causes problems with the computer, it can be rolled back (uninstalled).

40
Q

What technique is used on hard drives that reset them to factory condition and the hard drives only contain the information necessary to interact with a file system?

A

THE CORRECT ANSWER

Low-level formatting

A low-level formatting tool resets a disk to its factory condition. Most of these tools will now incorporate some sanitize function. Secure erase (SE) and instant secure erase (ISE) are two functions under this tool.

Third-party vendors may use overwriting or crypto-erase and issue a certificate of recycling rather than destruction.

A certificate of destruction shows the make, model, and the serial number of each drive that was handled, plus the date of destruction and how it was destroyed.

Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a “clean” state, ready to be passed to the new owner.

41
Q

What is a type of employee device that must meet the profile that the company requires, and the employee will have to agree on the installation of corporate apps and to some level of oversight and auditing?

A

YOU WERE CORRECT

BYOD

Bring your own device (BYOD) is a mobile device owned by the employee. The mobile is usually the most popular with employees but poses the most difficulties for security and network managers.

A corporate-owned business only (COBO) device is the company’s property and may only be used for company business.

Corporate-owned, personally enabled (COPE) is when the company chooses and supplies the device and remains the company’s property. The employee may use it to access personal email, social media accounts, and personal web browsing.

Choose your own device (CYOD) is like COPE, but the employee can choose the device they want from a list.

42
Q

A curious user looks through their local logs and sees errors in region-coding copy-protection mechanisms. What type of device is generating these logs?

A

THE CORRECT ANSWER

Optical media

Consumer DVDs and Blu-rays feature digital rights management (DRM) and region-coding copy-protection mechanisms.

A flash drive is also called a USB drive, thumb drive, or pen drive. It is simply a flash memory board with a USB connector and protective cover.

A solid-state drive (SSD) uses flash memory technology to implement persistent mass storage. Flash memory performs much better than the mechanical components used in hard disk drives.

External storage devices are also used for backup and data transfer or provide a drive type not available as an internal unit.

43
Q

What are their options when a company wants to create and deliver a custom app for their employees without using a public store? (Select all that apply.)

A

Apple Business Manager
Managed Google Play

Apple operates enterprise developer and distribution programs to allow private app distribution via Apple Business Manager.

Google’s Play Store has a private channel option for enterprise app distribution called Managed Google Play.

Developer mode is a mobile-device feature designed for testing apps during development. It has no connection to how an app is delivered, whether publicly or privately.

A bootleg app store is where users can find bootleg apps that closely mimic legitimate apps; this is a way of pirating apps without paying for them. It is not a private distribution channel.

44
Q

A user receives a Windows dialog box pop-up that states 163 viruses were detected by antivirus software. When the user clicks on the pop-up, it states that to get rid of the viruses the user needs to purchase the software’s full version. What type of antivirus does the user have in this scenario?

A

THE CORRECT ANSWER

Rogue

Rogue antivirus is when a website displays a pop-up disguised as a normal Windows dialog box with a fake security alert. The spoofed notification and browser ad is designed to alarm users and promote the installation of Trojan malware. Rogue antivirus is a popular way to disguise a Trojan.

Windows Defender Antivirus is a core component of all Windows editions. It will not generate pop-up messages to purchase the full version.

On-access is a scanning technique where the antivirus software scans the file before opening or prevents it from opening.

Execution control refers to logical security technologies designed to prevent malicious software from running on a host regardless of user account privileges.

45
Q

Many mobile apps collect location data. Rogue apps could use location data for criminal purposes, such as burglary. However, many legitimate apps also track a mobile user’s location. Why would a legitimate shopping app have an interest in a user’s location?

A

THE CORRECT ANSWER

Targeted advertising

Legitimate apps are interested in tracking a user’s location for targeted advertising. For example, Facebook tracks the location of its users for that very reason, although it is facing scrutiny over privacy issues.

Geotagging is adding geographic data and location to photos. An app would not track a user’s location to tag their pictures.

Redirection is a malware attack, where the malware corrupts the Domain Name System (DNS) and search provider to force users to spoofed sites.

The pursuit of clicks typically is the area of interest for adware since developers are paid when users click on the advertisements.

46
Q

A user implements a technique that requires an input of 4- or 6- digits to gain access to their device. What is this technique?

A

YOU WERE CORRECT

PIN

Personal identification numbers (PINs) are used on most devices to enable screen lock authentication and generate an encryption key. The PIN can act as a primary or backup authentication method.

Swipe is a gesture that means that access to the device is unauthenticated. Simply swiping across the screen will unlock the device.

Pattern requires the user to swipe a “join-the-dots” pattern. The pattern method has numerous weaknesses.

Facial recognition is a method that creates a template computer from a 3-D image of the user’s face. A facial bio gesture has the advantage of using the camera rather than a special sensor.

47
Q

A user calls the help desk with issues consistent with a malware infection, although the user received no alert. The technician confirms that there was no malware alert. Which of the following options would be an appropriate next step? (Select all that apply.)

A

Scan the system using different antivirus software.

Update the antivirus software.

Since the installed antivirus software did not pick up the malware infection, scanning the system with a different antivirus product is a good option since some products pick up what others do not.

The antivirus software may not have detected the malware infection because it was not updated. Updating antivirus software before running scans is a best practice.

Logging on to a malware-infected system as an administrator exposes their privileged account access credentials for the malware to exploit.

Removing the malware is a few steps ahead of the current scenario.

48
Q

Employees are expected to stay updated on skills and knowledge to cope with changing threat types. Which of the following covers this?

A

YOU WERE CORRECT

Security-awareness training

Security-awareness training is usually delivered to employees at all levels, including end-users, technical staff, and executives. The training includes anti-phishing, software firewalls, passwords, malware threats, and more.

Anti-malware is computer software used to avoid, identify, and eliminate malware. Anti-malware is like antivirus software but for more up-to-date malware.

Recovery mode is the step-by-step processing of manual removal to disable persistence mechanisms and reconfigure the system to its secure baseline.

OS reinstallation is when antivirus software is not able to recover data from infected files, and a user must complete a system restore.

49
Q

A computer administrator sets up a client workstation to join a centrally managed network. What options should the administrator configure to do this?

A

THE CORRECT ANSWER

Access work or school

Access work or school under the Account settings app joins the computer to a centrally managed domain network.

Configure sign-in options under Account settings using a fingerprint reader or PIN to access the computer rather than a password. The computer can also be set to lock automatically from here.

The Update & Security settings provide a single interface to manage a secure and reliable computing environment.

The Apps group is used to view and remove installed apps and Windows Features in the Settings app. Users can also configure which app should act as the default for opening, editing, and printing particular file types and manage which apps run at startup.

50
Q

A security administrator is in charge of multiple locations in various countries. The administrator wants to set Coordinated Universal Time (UTC) on a test box to ensure logging is standardized. In Windows, where can the administrator set this?

A

YOU WERE CORRECT

Time and Language

The Time & Language settings page sets the correct date/time and time zone. Keeping the PC synchronized to an accurate time source is important for processes.

The Personalization settings allow users to select and customize themes, which set the appearance of the desktop environment.

Privacy settings govern what usage data Windows is permitted to collect, what device functions are enabled, and for which apps.

The Internet Options Control Panel applet exposes the configuration settings for Microsoft’s Internet Explorer (IE) browser. The Security tab restricts what types of potentially risky active content are allowed to run.

51
Q

A server administrator looks at which Linux supports file systems to show all available options. Which of the following are supported by Linux? (Select all that apply.)

A

ext4
FAT32

Most Linux distributions use some version of the extended (ext) file system. ext4 delivers better performance than ext3 and would usually represent the best choice for new systems.

Linux can also support FAT/FAT32 (designated as VFAT). Additional protocols such as the Network File System (NFS) can mount remote storage devices into the local file system.

Where Windows uses NTFS and Linux typically uses ext3 or ext4, Apple Mac workstations and laptops use the proprietary Apple File System (APFS).

The New Technology File System (NTFS) is a proprietary file system developed by Microsoft for use with Windows.

52
Q

A server administrator locks down security on their golden client image but is concerned about potentially breaking things in the environment. They decided to set up a test image for test users in various departments before full implementation. What should the administrator use to make individual configuration changes to the image?

A

THE CORRECT ANSWER

regedit.exe

The Windows registry provides a remotely accessible database for storing operating system, device, and software application configuration information. The administrator can use the Registry Editor (regedit.exe) to view or edit the registry.

The Group Policy Editor (gpedit.msc) provides a more robust means of configuring many Windows settings than editing the registry directly.

The Services console (services.msc) starts, stops, and pauses processes running in the background. In order to make configuration changes, regedit.exe in this group of options would be used.

The Startup tab lets administrators disable programs added to the Startup folder (type shell: startup at the Run dialog to access this).

53
Q

An administrator uses a backup rotations scheme that labels the backup tapes in generations. What is this called?

A

YOU WERE CORRECT

GFS

Grandfather-father-son (GFS) is a backup rotation scheme that uses son tapes to store the most recent data and have the shortest retention period. Grandfather tapes are the oldest and have the longest retention period.

3-2-1 backup rule is a best-practice maxim that users can apply to their backup procedures to verify that they are implementing a solution to mitigate the widest possible range of disaster scenarios.

The synthetic full backup is not generated directly from the original data but instead assembled from other backup jobs.

Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.

54
Q

A user needs to install a desktop application and use an application store that is reputable. What type of vendor is this store?

A

YOU WERE CORRECT

Trusted source

As the browser is a security-critical type of software, it is particularly important to use a trusted source, such as an app store. Likewise, if installed as a desktop application, the user should ensure using a reputable vendor.

An untrusted source is when an installer cannot be verified through a digital signature or has been a security risk and is likely to expose the user to unwanted adverts.

A secure connection validates the host’s identity running a site and encrypts communications to protect against snooping.

Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices.

55
Q

A company needs to set up perimeter security to control and monitor who can approach the building. Which of the following should the company use? (Select all that apply.)

A

Fencing
Access control vestibule
Guard

Fencing is generally effective and needs to be transparent, so guards can see any attempt to penetrate it.

Access control vestibule is where one gateway leads to an enclosed space protected by another barrier that restricts access to one person at a time. Bollards are barricades that prevent vehicles from crashing into the building or exploding a bomb near it.

Guards can be placed in front of and around a location to protect it. They can monitor critical checkpoints and verify identification, allow, or disallow access, and log physical entry occurrences.

Folder redirection changes the target of a personal folder, such as the Documents folder, Pictures folder, or Start Menu folder, to a file share.

56
Q

An administrator in charge of user endpoint images wants to slipstream and use image deployment. Which boot method would best support this?

A

YOU WERE CORRECT

Network

Network boot setup means connecting to a shared folder containing the installation files, which could be slipstreamed or use image deployment.

A computer that supports network boot could also be configured to boot to set up over the internet. To set that up the local network’s DHCP server must be configured to supply the DNS name of the installation server.

Historically, most attended installations and upgrades were run by booting from optical media (CD-ROM or DVD).

Once the OS has been installed, the administrator will usually want to set the internal hard drive as the default (highest priority) boot device and disable any other boot devices.

57
Q

A user has owned the same personal computer for a while and thinks it might be time for an upgrade. Which of the following are upgrade considerations? (Select all that apply.)

A

Hardware compatibility
Application support
Backup files

Hardware compatibility is a consideration. The user must make sure that the central processing unit (CPU), chipset, and RAM components are sufficient to run the OS.

Application and driver support and backward compatibility are other considerations. Most version upgrades try to maintain support for applications and device drivers developed for older versions.

Backup files and user preferences are a consideration. If the user is installing a new operating system or doing a clean install, the user should back up any necessary data and settings.

Most computers now come with a Preboot eXecution Environment (PXE)–compliant firmware and network adapter to support this boot option and is not necessarily a consideration.

58
Q

An attacker uses a technique against a wireless network that allows them to flood access points with too many packets. What is this called?

A

THE CORRECT ANSWER

DoS

A denial of service (DoS) attack causes a service at a given host to fail or become unavailable to legitimate users.

An on-path attack is a specific type of spoofing where the threat actor can covertly intercept traffic between two hosts or networks, allowing the threat actor to read and possibly modify the packets.

An insider threat is an employee or other person with immediate access to internal components of the company or organization.

Distributed DoS (DDoS) means that the attacks are launched from multiple compromised systems, referred to as botnet, to perform the attack against its target.

59
Q

An employee disposes of a disk by grounding it into little pieces. What is this called?

A

YOU WERE CORRECT

Shredding

Shredding is when a disk is put into a mechanical shredder to be destroyed. A mechanical shredder works in much the same way as a paper shredder.

Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a “clean” state, ready to be passed to the new owner.

Degaussing is when a hard disk is exposed to a powerful electromagnet that disrupts the magnetic pattern that stores the data on the disk surface.

Incinerating is when the disk is exposed to high heat to melt its components. It is performed in a furnace designed for media sanitization. Municipal incinerators may leave remnants.

60
Q

A helpdesk manager assesses older Windows 7 computers their company owns and tries to determine available upgrade paths. Which of the following can NOT be upgraded?

A

THE CORRECT ANSWER

Windows 7 Home to Windows 10 Enterprise

Users cannot upgrade from a Home to an Enterprise edition. If users consider an in-place upgrade, they must check that the current OS version is supported as an upgrade path to the intended version.

Users can upgrade from Windows 7 Home Premium to Windows 10 Home or Pro. With Windows, users have to consider the edition when upgrading.

Users can upgrade from Windows 10 Home to Windows 10 Pro.

Downgrading the edition is supported in some circumstances (Windows 7 Professional to Windows 10 Home, for instance), but this only retains documents and other data, not apps and settings.

61
Q

Over the day, a user’s computer becomes slow. Then pop-ups start to appear randomly. Later on, the pop-ups become more frequent, and the user notices that internet searchers are using Google when their default search provider is in Firefox. Once the computer starts crashing repeatedly, the user calls for help. Considering all of these data points, what is the best diagnosis of the problem?

A

THE CORRECT ANSWER

Adware or spyware infection

All of the symptoms listed in this scenario are common to adware and spyware. Another symptom is redirection, where a user tries to open one page but gets sent to another.

The goal of ransomware is extortion. Ransomware encrypts files to shut down access to data until payment is made.

A DNS server mapping domain names to the wrong IP addresses is an example of a redirection attack, where a user is redirected to a malicious site. It does not generate the other symptoms.

HOSTS is a legacy means of mapping domain names and IP addresses. If corrupted and incorrectly mapped, it is a redirection attack, and the other symptoms do not occur.

62
Q

An accountant has an unlimited data plan and has set data usage limit triggers for their mobile phone. What concern does the accountant have with high data usage with an unlimited data plan? (Select all that apply.)

A

DDoS
Cryptomining

Even with an unlimited data plan, setting data usage limits allows a user to be alerted to unusually high data usage like that associated with cryptomining.

Even with an unlimited data plan, setting data usage limits allows a user to be alerted to unusually high data usage associated with being used as part of a distributed denial of service (DDoS) attack.

Phishing is when an attacker sends an email from a supposedly reputable source to elicit private information from the victim.

Jailbreaking removes the protective seal and any operating system-specific restrictions to give users greater control over the device.

63
Q

A user is using AirDrop to send information to another device. What type of software is this?

A

YOU WERE CORRECT

File transfer

File transfer allows users to select a file-sharing protocol that all the connecting hosts can use. Using this, both the server and client can configure permissions on the shared folders and provision user accounts.

Videoconferencing or web-conferencing software, such as Microsoft Teams or Zoom, includes a screen-share client, and some also participants to be granted control of the share.

Screen-sharing is software designed to work over HTTPS across the internet; this is secure because the connection is encrypted and easier to implement as it does not require special firewall rules.

Desktop management suites are designed for deployment by a single organization and focus primarily on access control and authorization.

64
Q

While conducting an online search for cleaning services, a homeowner clicks on the link for one of the results. When the website loads, the page says, “Warning: Potential Security Risk Ahead.” What would cause this message to appear? (Select all that apply.)

A

The certificate is issued by an untrusted CA.

The certificate has expired.

Malware is trying to redirect the browser to a spoofed page.

Suppose a certificate was issued by a Certificate Authority (CA) untrusted. In that case, the URL is displayed with strikethrough formatting, and the site content is likely to be blocked by a warning message.

If a certificate is expired, the site content is likely blocked by a warning message.

A warning message could indicate that malware on the computer is attempting to redirect the browser to a spoofed page.

Even if the cleaning service went out of business and shut down their website, it would not generate a security message.

65
Q

A helpdesk technician is helping a user experiencing printer problems. After several troubleshooting steps, the technician thinks the user may have installed the wrong driver. Where can they go to install a different one?

A

YOU WERE CORRECT

Device Manager

Device Manager allows users to view and edit the properties of installed hardware. They can change hardware configuration settings, update drivers, or remove/disable devices.

The Programs and Features Control Panel applet is the legacy software management interface. Users can use it to install and modify desktop applications and Windows Features.

Network and Sharing Center is a Control Panel applet that shows status information. Printer drivers will not be located here.

Search is also governed by settings configured in the Indexing Options applet. A corrupted index is a common cause of search problems.

66
Q

A company has backup storage located at a different location, which lowers the risk of losing both productions and backup copies of data. Which of the following is this backup storage?

A

YOU WERE CORRECT

Off-site backup storage

Off-site backup storage is more affordable and easier to implement because of the high-bandwidth internet and high-capacity cloud storage providers. Transporting media offsite can be an onerous task.

A synthetic full backup is not generated directly from the original data but instead assembled from other backup jobs.

Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.

On-site backup storage means that the production system and backup media are in the same location. Having storage in the same location risks losing both the production and backup copies of the data.

67
Q

A security analyst conducts an incident response investigation against suspected malware on a userbox. The analyst suspects a certain variant of malware known to beacon out to a command and control server. What command will help them investigate this?

A

THE CORRECT ANSWER

netstat

The netstat command can investigate open ports and connections on the localhost, which will help to investigate potential command and control connections established by malware on the localhost.

The hostname command returns the name configured on the local machine. The DNS server can also contain records to point machines to the host.

Several net and net use command utilities can be used to view and configure shared resources on a Windows network.

Accounts can be managed at the command line using net users, which must be executed in an administrative command prompt.

68
Q

An installer is implemented using. EXE file. What is this technique performing?

A

YOU WERE CORRECT

Installation of applications

Installation of applications is used in Windows as a setup file that can be executed in silent mode using the command switches for its installer. In Linux, scripts are often used to compile apps from source code.

In Windows Power, hundreds of Get verb cmdlets gather information/data from a Windows subsystem. Bash supports numerous commands to manipulate text.

The initiation of updates takes place through wusa.exe in Windows, which

processes batch files to initiate a typical update. The PSWindowsUpdate module in PowerShell contains numerous cmdlets. Users can use apt.get/apt or yum from a Bash script in Linux.

69
Q

A systems administrator for client machines has managed Windows machines for some time. The company is now adding Apple computers. The security team wants to implement an equivalent to Bitlocker. Which of the following should the administrator enable and configure?

A

YOU WERE CORRECT

FileVault

FileVault is a disk encryption product. Encryption protects the data stored on a disk against the possibility that a threat actor could remove it.

macOS has options to configure what analytics/telemetry data and personalized information can be collected. Users can adjust these options via the Security & Privacy preference pane.

The Time Machine preference pane lets data back up to an external drive or partition formatted using either the Apple File System (APFS) or macOS’s older extended file system.

The keychain feature helps users manage passwords for these accounts, other websites, and Wi-Fi networks. The regular keychain is just local.

70
Q

A software developer is looking at installing a new 64-bit program that will help to streamline coding and optimize workflow. What types of systems can the developer install it on?

A

THE CORRECT ANSWER

64-bit only

A 64-bit application requires a 64-bit CPU and OS platform. Like operating systems, software applications can be developed as 32-bit or 64-bit software.

64-bit applications cannot be installed on a 32-bit platform. Some apps may have both 32-bit and 64-bit versions.

32-bit software applications can usually be installed on 64-bit platforms, however. 32-bit applications can run on 64-bit software, although if there is a 64-bit version available, it is probably better to run the 64-bit version if possible.

64-bit applications for personal computers cannot run on Advanced RISC Machines (ARM) architecture. ARM is an architecture for smartphones and tablets.

71
Q

After installing Windows 10 on an old computer, a computer technician is stumped when the computer continues to boot to a blank screen. Determine which ones could conceivably fix the blank screen from the available solutions. (Select all that apply.)

A

Update the graphics adapter driver.

Repair Windows.

A blank screen following a Windows installation could be caused by several factors, including an interruption to the installation process and an incomplete install. Repairing Windows could address this.

Updating the graphics driver is another possible remedy since the driver may be outdated and incompatible with Windows 10.

IDLE is the Python Integrated Development and Learning Environment. While IDLE does have a debugger, it is for Python scripts, not Windows issues.

Defragging the hard drive is done to optimize file storage and improve sluggish performance. It would not fix a blank screen.

72
Q

The Instagram app on an Android phone will not launch. Which of the following options could fix the problem?

A

YOU WERE CORRECT

Force Stop

If an app fails to launch, first use Force Stop to quit it and try launching again. In Android, open Settings > Apps. Tap an app, then select Force Stop. In iOS, either swipe up or double-tap the physical Home button, then swipe the app up off the screen.

Swiping is a mobile gesture that serves several purposes, such as bringing up the notification bar in Android (swipe down from the top of the screen) and bringing up a list of apps in iOS (swipe up from the bottom).

AirDrop is an iOS feature that allows file transfer between iOS and macOS devices over Bluetooth.

Software Update is an iOS option. The comparable Android option is a System Update.

73
Q

After starting the computer and signing in, a user notices the desktop takes a long time to load. Evaluate the following Windows operating system problems to determine the one that best diagnoses what could be causing the slowness.

A

THE CORRECT ANSWER

Corrupted user profile

When a computer starts normally, and a user logs in normally, the desktop is slow to load; a corrupted user file is likely a culprit.

Time drift occurs when the time on the motherboard and the server gets out of sync. Using GPS-synchronized time sources or a pool of internet sources will address time drift.

A corrupted registry likely would prevent the computer from booting, or it would boot to a blue screen of death (BSOD).

An invalid boot disk means the system has failed to boot, which is not true in this scenario.

74
Q

A systems administrator wants to create a scheduled task throughout the environment, which does a basic health check at night when users are not working. Which command should the administrator use in their scheduled task?

A

YOU WERE CORRECT

chkdsk

chkdsk scans the file system and disk sectors for faults and can attempt to repair any problems detected.

The format command writes a new file system to a drive. This process deletes any data existing on the drive. This could be catastrophic if used in the wrong way.

The xcopy command is a utility that allows administrators to copy the contents of more than one directory at a time and retain the directory structure.

Diskpart is the command interface underlying the Disk Management tool. Diskpart deals with partitions and management.

75
Q

A technician creates full backups by having the chain start with an initial full backup as normal and afterward makes a series of incremental backups. Which of the following backups is this?

A

THE CORRECT ANSWER

Synthetic

A synthetic full backup is not generated directly from the original data but instead assembled from other backup jobs.

Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.

Retention is the period that any given backup job is kept for. Short-term retention is important for version control and for recovering from malware infection.

On-site backup storage means that the production system and backup media are in the same location. Having storage in the same location risks losing both the production and backup copies of the data.

76
Q

Most vendors have recycling systems for what types of products? (Select all that apply.)

A

Toner
Device
Battery

Recycling used toner cartridges is offered at most vendors. The products in toner powder are not classified as hazardous to health.

Batteries must be disposed of through an approved waste facility. Swollen or leaking batteries from devices must be handled carefully and stored within appropriate containers. Gloves and safety goggles may be used to minimize the risk of burns from the corrosive material.

Device disposal can be donated, and if it can not be reused, it must be disposed of through the approved waste facility.

Voltage is the potential difference between two points measured in volts (V).

77
Q

An employee is working with a substance that can potentially harm them. Which of the following should they use? (Select all that apply.)

A

Safety goggles
Air filter mask

Safety goggles are used to minimize the risk of burns from corrosive materials such as broken batteries, cellphones, tablets, or irritation from particles such as toner or dust.

An air filter mask that fits over the mouth and nose is a recommended face covering when working with compressed air, toner spills, or working in a dusty environment. An air filter mask will not protect the eyes.

Lifting techniques are included in safety handbooks; the guidance sets out to show employees lifting heavy objects incorrectly can cause muscle strains, back injuries, and damage the object.

An electrical device has a fuse appropriate to its maximum current. If the current increases past the fuse capacity, the fuse will blow. However, if the fuse fitted is rated too low, the fuse will blow too easily.

78
Q

A technician is working with a customer who is becoming abusing and unreasonable on a phone call. Which of the following skills should the technician use in this instance? (Select all that apply.)

A

Identify early that the customer is angry.

Hang up.
Do not take complaints personally.

Identifying early that the customer is angry and trying to calm the situation down by using a low voice and soothing language and focusing on positive actions.

Do not take complaints personally and do not express any anger toward the customer.

Hang up and be guided by whatever policy an organization has in place, but in general, if a customer is abusive or threatening, issue a caution to warn them about this behavior.

Being judgmental is not one that will help in this situation. Do not assume that the customer lacks knowledge about the system.

79
Q

A company is conducting live meetings between two or more applicants at different sites. What is this called?

A

YOU WERE CORRECT

Videoconferencing

Some web-conferencing and videoconferencing software, like Microsoft Teams and Zoom, provides a screen-sharing client that participants may control.

Screen-sharing is software that is designed to work over HTTPS across the internet. This is secure because the connection is encrypted but also easier to implement as it does not require special firewall rules.

Desktop management suites are designed for deployment by a single organization and focus primarily on access control and authorization.

With file transfer, users can choose a file-sharing protocol that can be used across all connected hosts. It allows configuring permissions on the share and provisioning user accounts that are recognized by both the server and client.

80
Q

Malware encyclopedias are a resource that antivirus vendors often make available to IT professionals. What is their value for IT practitioners? (Select all that apply.)

A

They are documentation of known malware.

They provide information about the type, symptoms, purpose, and removal of malware.

Malware encyclopedias from antivirus vendors, also called “bestiaries,” maintain information about the malware that IT professionals can use to verify and remediate malware. Information includes the type of malware, the symptoms, and the purpose.

Antivirus companies document known malware by maintaining encyclopedias, including information about the makeup, behavior, and removal process.

Malware encyclopedias do not troubleshoot known or unknown malware; they are a verification and remediation reference for known malware.

Pricing or a pricing model for malware remediation is out of the purview of an antivirus vendor’s malware encyclopedia.

81
Q

Which of the following is to use clear and concise statements that avoid jargon, abbreviations, acronyms that a user might not understand?

A

YOU WERE CORRECT

Proper language

Proper language is not being overly familiar with customers. Do not use slang phrases and any language that may cause offense. When active listening, the employee makes a conscious effort to focus on what the other person is saying.

Cultural sensitivity means being aware of customs and habits used by other people.

Formal attire means matching suit clothes in sober color and minimal accessories or jewelry. This is used for business meetings.

Business casual means smart clothes. Jeans, shorts and short skirts, and T-shirts are not smart workwear. Business casual is typically sufficient for troubleshooting appointments.

82
Q

While researching and writing a paper on their home computer, a student notices an alert in the notification area that Windows Defender has expired and needs to be updated. The student is annoyed by the interruption but clicks on the alert and follows the update instructions. Later, the student told their parents that Defender expired, and they installed the update. The student’s parents are panic-stricken. Determine the best reason for the parents’ reaction from the information provided.

A

THE CORRECT ANSWER

A malicious browser push notification tricked the student into downloading malware.

One way to infect a host with malware is to misuse the browser push notification system that allows a website to send messages. Often these messages are designed to trick users into installing malware by disguising it as an antivirus update.

While this scenario describes a malicious browser push notification, it is not a drive-by download. In a drive-by attack, the computer is infected with malware simply by visiting a malicious site; there is no user installation.

Defender is a Windows built-in antivirus and firewall product, so it does not expire. Scheduled updates are irrelevant.

Defender has no subscription to be renewed because it is automatically installed on all Windows computers (starting with Windows 7).

83
Q

Rooting is typically an action related to Android, while jailbreaking is associated with iOS. They are both trying to do the same thing. What is that?

A

YOU WERE CORRECT

Gain unrestricted access.

The goal of rooting and jailbreaking is to gain unrestricted access, or privilege escalation, by subverting the security controls built into iOs or Android. This also has the side effect of leaving many security measures permanently disabled.

Publishing malicious apps is the purview of rogue developers. It is not the goal of rooting and jailbreaking.

Bootlegging is developing software that illegally copies or imitates a commercial product or brand.

Spoofing is developing a malicious app that spoofs a legitimate app by using a similar name and fake reviews, and automated downloads to boost its apparent popularity.

84
Q

A pet store owner receives an email from their bank with a special financing offer. The owner clicks on the attachment, but it does not open. Later that day, when the owner returns to their computer, it is running very slowly and will not connect to the internet. By the time the IT consultant arrives, the computer has locked up. Which of the following is the best action for the IT consultant given the existing conditions?

A

YOU WERE CORRECT

Run an antivirus scan.

The symptoms in this scenario are consistent with a malware infection, even though it could be other causes. As such, running an antivirus scan is the appropriate first step.

CHKDSK is a command-line tool that checks for hard disk errors and can repair them. Problems with the hard disk could cause all of the listed symptoms, except internet access. Moreso, CHKDSK takes a long time to run, so it would not be the best first step in this case.

SMART (Self-Monitoring, Analysis, and Reporting Technology) is a hard disk monitoring program. It is an alerting tool, not a diagnostic tool.

Disconnected Wi-Fi could explain the inability to access the internet, but nothing else in this scenario.