A+, Core 2, Practice Test 1

Question 1

A technician has been tasked with removing malware from a desktop computer. Arrange these malware removal tasks in the correct order to successfully remove the malware.

Answer 1

Identify malware symptoms
Quarantine infected systems
Disable System Restore
Remediate
Schedule scans and run updates
Enable System Restore
Educate the end user

Question 2

A technician has recently removed malware from a Windows computer, but the technician is concerned that some of the system files may have been modified. From the command line, analyze and repair any damaged operating system files.

Answer 2

The sfc (System File Checker) utility will scan the integrity of all protected system files and replace any files that may be corrupted.

Question 3

Match the technology with the description. Some descriptions will not have a match.

Answer 3

Question 4

A user needs to access a file located on the \gate-room server. The file is located in a share called ship-diagnostics. Use the command line to connect to this share using drive g:.

Answer 4

The Windows net use command is used to map a network share to a drive letter. The syntax is:
net use drive: \<servername>\<sharename></sharename></servername>

For example, if you want to map a network drive to drive letter Z and connect to a shared folder named “SharedFolder” on a computer named “Server1” with the username “user1” and password “password123”, the command would be:

net use Z: \Server1\SharedFolder /user:user1 password123

***Remember to replace “Server1”, “SharedFolder”, “user1”, and “password123” with your actual server name, shared folder name, username, and password.

Question 5

Match the commands to the description. Some descriptions will not have a match.

Answer 5

Question 6

The motherboard of a server in the corporate data center has started smoking, and flames can be seen inside the computer case. Which of the following would be the BEST way to extinguish this fire?
❍ A. Water-based extinguisher
❍ B. Foam-based extinguisher
❍ C. Disconnect the power
❍ D. Carbon dioxide extinguisher

Answer 6

The Answer: D. Carbon dioxide extinguisher
For an electrical fire, it’s best to use carbon dioxide, FM-200, or other dry chemicals to extinguish any flames.

The incorrect answers:
A. Water-based extinguisher
Water and electricity don’t go well together, and that applies just as strongly if a fire is involved.
B. Foam-based extinguisher
Foam-based extinguishers have a similar effect as a water extinguisher, and you shouldn’t use them with electrical equipment.
C. Disconnect the power
Although it’s important to disconnect the power source, the more important task will be to put out the fire. Removing the power source would not extinguish an electrical fire once it has started.

Question 7

A user on the headquarters network has opened a help desk ticket about their Windows desktop. When starting their computer, the login process proceeds normally
but the Windows desktop takes fifteen minutes to appear. Yesterday, the desktop would appear in just a few seconds. Which of the following would be the MOST likely reason for this issue?
❍ A. Slow profile load
❍ B. Incorrect boot device order
❍ C. Faulty RAM
❍ D. Incorrect username and password

Answer 7

The Answer: A. Slow profile load
A roaming user profile is commonly used on enterprise Windows networks to allow a user’s desktop to follow them to any computer. When a user logs in, their profile is downloaded to the local computer. If there is any network latency to the domain controller, the login process could be significantly slower.
The incorrect answers:
B. Incorrect boot device order
A BIOS setting of an incorrect boot device order would cause the computer to boot a completely different operating system or no operating system at all. This would not be associated with a slow login process.
C. Faulty RAM
Faulty RAM would cause the system to fail or crash. Bad RAM would not commonly cause a login process to perform slowly.
D. Incorrect username and password
Incorrect login credentials would present an error message instead of slowing down the login process.

Question 8

A Linux administrator needs to modify the configuration text file for a service. Which of the following utilities would provide this functionality?
❍ A. nano ❍ B. chmod ❍ C. df
❍ D. sudo

Answer 8

The Answer: A. nano
The nano utility is a full-screen text editor that can be used from the command line of a Linux device.

The incorrect answers:
B. chmod
The chmod (Change Mode) utility is used to modify the read, write, or execution permissions of an object in the Linux file system.
C. df
The df (Disk Free) utility provides a view of available filesystems and the free disk space in each filesystem.
D. sudo
The sudo command allows a Linux user to execute a command as the superuser or as any other user on the system. The sudo command on its own does not provide any backup or imaging functionality.

Question 9

A network administrator has configured all of their wireless access points with WPA3 security. Which of the following technologies would be associated with this configuration?

❍ A. RC4
❍ B.TACACS
❍ C.TKIP
❍ D. GCMP

Answer 9

The Answer: D. GCMP
WPA3 (Wi-Fi Protected Access version 3) uses GCMP (Galois/Counter Mode Protocol) to provide encryption of all wireless data.

The incorrect answers:
A. RC4
The first version of WPA used RC4 (Rivest Cipher 4) to encrypt wireless traffic.
B. TACACS
TACACS (Terminal Access Controller Access-Control System) is an authentication protocol used to control access to network resources. TACACS is not part of the WPA2 protocol.
C. TKIP
TKIP (Temporal Key Integrity Protocol) is the underlying security protocol used in the initial WPA encryption standard.

Question 10

A network administrator has configured all of their wireless access points with WPA3 security. Which of the following technologies would be associated with this configuration?
❍ A. RC4
❍ B.TACACS
❍ C.TKIP
❍ D. GCMP

Answer 10

The Answer: D. GCMP
WPA3 (Wi-Fi Protected Access version 3) uses GCMP (Galois/Counter Mode Protocol) to provide encryption of all wireless data.

The incorrect answers:
A. RC4
The first version of WPA used RC4 (Rivest Cipher 4) to encrypt wireless traffic.
B. TACACS
TACACS (Terminal Access Controller Access-Control System) is an authentication protocol used to control access to network resources. TACACS is not part of the WPA2 protocol.
C. TKIP
TKIP (Temporal Key Integrity Protocol) is the underlying security protocol used in the initial WPA encryption standard.

Question 11

A server administrator is replacing the memory in a database server. Which of the following steps should be followed FIRST?

❍ A. Remove the existing memory modules
❍ B. Wear an air filter mask
❍ C. Disconnect all power sources
❍ D. Connect an ESD strap

Answer 11

The Answer: C. Disconnect all power sources
The first step when working inside of a computer or printer is to remove all power sources.

The incorrect answers:
A. Remove the existing memory modules
Prior to removing the existing modules, the power source would need to be disconnected and an ESD (Electrostatic Discharge) strap attached to the computer case.
B. Wear an air filter mask
A filtered mask would not commonly be required for replacing memory modules. If the environment is very dusty or dirty, then a filtered mask may be necessary.
D. Connect an ESD strap
An ESD strap would allow the technician to minimize the potential of an electrostatic discharge. However, disconnecting the power source takes a higher priority.

Question 12

A system administrator is configuring a server to use eight bootable partitions on a single SSD. Which of the following partition styles would be the BEST choice for this configuration?
❍ A. MBR ❍ B. NTFS ❍ C. diskpart ❍ D.GPT

Answer 12

The Answer: D. GPT
The GPT (GUID Partition Table) partition style allows for up to 128 separate bootable partitions.

The incorrect answers:
A. MBR
The MBR (Master Boot Record) partition style provides a maximum of four bootable primary partitions per drive.
B. NTFS
NTFS (NT File System) is a file system designed for Windows computers. Although a system may store files using NTFS, the partition style containing the NTFS file system would determine the maximum number of supported partitions.
C. diskpart
The diskpart utility is a command line option for managing partition styles and bootable configurations. Although diskpart can be used to configure a partition style, the diskpart utility itself is not a partition.

Question 13

A user working from home is not able to print to a laser printer at the corporate office. Which of the following would be the MOST likely reason for this issue?
❍ A. WPA3 settings
❍ B. Outdated anti-virus signatures
❍ C. Disconnected VPN
❍ D. MDM configuration

Answer 13

The Answer: C. Disconnected VPN
Remote users will commonly connect to the corporate office over a VPN (Virtual Private Network). This VPN is an encrypted tunnel and all traffic between the locations is protected from anyone monitoring the connection. If the VPN link is not active, then the remote user will be unable to use any resources at the corporate office.

The incorrect answers:
A. WPA3 settings
WPA3 (Wi-Fi Protected Access 3) is a standard for wireless encryption and security. WPA3 would not be involved in a printing problem across a VPN to a corporate office.
B. Outdated anti-virus signatures
Anti-virus signatures would not commonly restrict the printing process, and the age of the signatures would only affect the ability of the anti-virus software to block known viruses.
D. MDM configuration
An MDM (Mobile Device Manager) is used to manage mobile tablets and phones. MDM configurations would not commonly have an impact on home users connecting to a corporate printer.

Question 14

An employee has modified the NTFS permissions on
a local file share to provide read access to Everyone. However, users connecting from a different computer do not have access to the file. Which of the following is the reason for this issue?
❍ A. The NTFS permissions were not synchronized
❍ B. Share permissions restrict access from
remote devices
❍ C. The user is an Administrator
❍ D. Remote users are connecting with Guest accounts

Answer 14

The Answer: B. Share permissions restrict access from remote devices NTFS (NT File System) permissions are used to control access from both local users and users over the network. For users connected over the network, the Windows share permissions are also used to determine access. If access is available locally but not across the network, then it’s likely that the share permissions include additional access restrictions.

The incorrect answers:
A. The NTFS permissions were not synchronized
NTFS does not require any permissions to be synchronized or copied between systems.
C. The user is an Administrator
A Windows Administrator would not commonly be restricted from accessing local files, but this issue is not related to the local NTFS permissions. Since the access problems are for users across the network, the share permissions would most likely be the issue.
D. Remote users are connecting with Guest accounts
All remote access is managed through Windows share permissions. These share permissions, combined with the NTFS permissions, determine the rights that remote users will have to the resources.

Question 15

A network administrator needs to manage a switch and firewall in the local data center. Which of the following would be the BEST choice for this requirement?
❍ A. RDP ❍ B.VPN ❍ C. SSH ❍ D. VNC

Answer 15

The Answer: C. SSH
SSH (Secure Shell) provides encrypted console communication, and it’s commonly used to manage devices across the network. If an administrator is managing a server, switch, router, or firewall, they’re probably using SSH.

The incorrect answers:
A. RDP
Microsoft RDP (Remote Desktop Protocol) is commonly used to share the desktop of a Windows computer. Most switches and firewalls are not Windows devices, so RDP would not be the best choice for this connection.
B. VPN
A VPN (Virtual Private Network) is required when connecting to a remote site over an encrypted tunnel. In this example, the technician is connecting to devices in a local data center.
D. VNC
VNC (Virtual Network Computing) is a screen sharing technology common to many non-Windows operating systems. If a technician is sharing the screen of a macOS or Linux desktop, they may be using VNC.

Question 16

A user is using a smartphone at their desk, and they occasionally receive a security warning in the browser. After some additional troubleshooting, the technician determines the security warnings are fake. Which of the following should a technician follow to
BEST resolve this issue?
❍ A. Put the phone into airplane mode
❍ B. Connect to the corporate network using a VPN connection
❍ C. Run an anti-malware scan on the smartphone
❍ D. Remove any paired Bluetooth devices

Answer 16

The Answer: C. Run an anti-malware scan on the smartphone
Fake security warnings would be considered a strong indication of malware. This suspicious activity should be researched further and an anti- malware scan should be used to start testing for any security issues.

The incorrect answers:
A. Put the phone into airplane mode
Disconnecting all network connections may be part of the troubleshooting process, but simply using airplane mode would not resolve the issue of fake security warnings.
B. Connect to the corporate network using a VPN connection
Any connection to the corporate office from a remote location should use a VPN (Virtual Private Network) connection, but using this encrypted tunnel would not resolve a smartphone with fake security warnings.
D. Remove any paired Bluetooth devices
Bluetooth connections do not generally cause messages to appear on the screen. This almost certainly indicates malware or some other unauthorized process is running on the smartphone.

Question 17

Sam, a user on the research and development team, reports that her computer displays the message “Missing operating system” during boot. A technician runs hardware diagnostics and finds that the RAM, CPU, storage drive, and power supply all pass the tests. The technician then finds that a connected USB flash drive was causing the issue. Which of the following would prevent this issue from occurring in the future?

❍ A. Create a login script
❍ B. Install the latest OS patches
❍ C. Run SFC
❍ D. Modify the BIOS boot order

Answer 17

The Answer: D. Modify the BIOS boot order
If the BIOS is configured to boot from a USB interface prior to the internal storage drive, then any bootable flash drive would be used as a boot device. In this case, modifying the BIOS boot order would cause the system to boot from an internal drive first before attempting to boot from another device.

The incorrect answers:
A. Create a login script
A login script is often configured in Active Directory to customize the work environment after authentication. In this example, the system isn’t booting so there would be no opportunity to run a login script.
B. Install the latest OS patches
Patching the operating system would not prevent the USB interface from booting before the internal storage drive.
C. Run SFC
System File Checker is a Windows utility used to verify the integrity of the core operating system files. Running the SFC utility will not prevent the system from attempting to boot from a USB-connected drive.

Question 18

In which of the following file types would a system administrator expect to see the command, “cd c:\source”?
❍ A. .sh ❍ B. .vbs ❍ C. .py ❍ D. .bat

Answer 18

The Answer: D. .bat
The .bat file extension refers to Windows batch files. The “cd” command can refer to many different operating systems, but the reference to the drive letter “c:” is common to the Windows operating system.

The incorrect answers:
A. .sh
The .sh extension is a shell script. Scripts that run in Linux, Unix, or macOS often use the .sh extension to designate a file as a shell script.
B. .vbs
Microsoft Visual Basic Scripting Edition scripts are commonly called VBScript and use the extension .vbs. A VBScript would not use the cd command and drive letters.
C. .py
Python scripts often use the .py extension. Python has its own method of managing files and would not use the Windows “cd” command.

Question 19

A malware infection has recently been removed from a computer. When starting the operating system, Windows shows errors during the startup process indicating some core operating system files are missing. Which of the following should be used to restore these missing files?

❍ A. gpupdate
❍ B. winver
❍ C. sfc
❍ D. diskpart

Answer 19

The Answer: C. sfc
The sfc (System File Checker) command is used to scan and replace
any core operating system files which may be corrupted or missing. It’s common to run the sfc utility after removing malware or after a significant operating system issue.

The incorrect answers:
A. gpupdate
The gpupdate (Group Policy Update) command is used to force a Group Policy update to computers in a Windows Active Directory domain. The gpupdate command would not restore any missing operating system files.
B. winver
The winver (Windows Version) command line utility will display the “About Windows” dialog box on the screen.
D. diskpart
An administrator can manage disk configurations and partitions with the Windows diskpart utility. The diskpart utility is not used to restore or modify files within the Windows operating system.

Question 20

A desktop administrator has determined that an employee in the corporate office has been using their computer to share copyrighted materials to others on the Internet. Which of the following should be the best NEXT step?
❍ A. Create a firewall rule to block Internet access to this computer
❍ B. Create a hash for each file that was shared
❍ C. Compile a list of licenses for each set of
copyrighted materials
❍ D. Retrieve and securely store the computer

Answer 20

The Answer: D. Retrieve and securely store the computer
When a security incident has occurred, it’s important to securely collect and store any evidence to create a chain of custody. The computer used to share copyrighted materials should be collected and stored until the proper authorities can take control of this evidence.

The incorrect answers:
A. Create a firewall rule to block Internet access to this computer Creating a firewall rule would stop anyone from accessing the computer, but it wouldn’t stop the user from modifying or deleting files and evidence from the PC.
B. Create a hash for each file that was shared
Although creating hashes of the files may be part of the evidence gathering process, the immediate need is to impound and protect the data on the system used in this event.
C. Compile a list of licenses for each set of copyrighted materials
The determination of copyright is part of the process that will occur later. The more important task will be to collect the evidence and protect its integrity.

Question 21

A system administrator is creating a series of shared folders that should not be visible when users browse the network for available resources. What symbol should
be added to the end of a share name to provide this functionality?
❍ A..(period)
❍ B. $ (dollar sign)
❍ C. ! (exclamation mark / bang)
❍ D. # (hash sign / number sign)

Answer 21

The Answer: B. $ (dollar sign)
Windows shares ending with a dollar sign ($) are hidden and won’t
be shown in the normal list of available shares. The hidden share can still be accessed if the user knows the share name, so this should not be considered a security feature.

The incorrect answers:
A. . (period)
Ending the Windows share with a period is not supported.
C. ! (exclamation mark / bang)
Using the exclamation mark in a share name is not supported.
D. # (hash sign / number sign)
The hash sign is not allowed in a share name.

Question 22

A technician is troubleshooting a computer infected with a virus. The user thought they were opening a spreadsheet, but the file was actually a virus executable. Which of the following Windows options were MOST likely associated with this issue?
❍ A. Always show icons, never thumbnails
❍ B. Display the full path in the title bar
❍ C. Always show menus
❍ D. Hide extensions for known file types

Answer 22

The Answer: D. Hide extensions for known file types
With extensions hidden, it’s difficult to know the type of file based only on the filename. A filename named “Monthly Orders” might be a spreadsheet, or it could be an executable containing a virus.

The incorrect answers:
A. Always show icons, never thumbnails
Showing icons instead of thumbnails can still be a way to hide information. For example, it’s relatively easy to create an executable that uses the same icon as a spreadsheet.
B. Display the full path in the title bar
The full path in the title bar shows where the file is located on the volume, but it doesn’t provide any information about the contents of the file.
C. Always show menus
The Windows menus are useful, but the menus themselves don’t provide any additional information about the contents of a particular file.

Question 23

A data center manager requires each server to maintain at least fifteen minutes of uptime during a power failure. Which of these would be the BEST choice for this requirement?

❍ A. Cloud-based storage
❍ B. UPS
❍ C. Redundant power supplies
❍ D. Surge suppressor

Answer 23

The Answer: B. UPS
A UPS (Uninterruptible Power Supply) provides short-term battery backup if a power outage or low-voltage situation was to occur.

The incorrect answers:
A. Cloud-based storage
The use of cloud-based storage does not provide any server uptime if a power outage occurs.
C. Redundant power supplies
Some servers might use redundant power supplies to maintain uptime if one of the power supplies was to fail. If there’s a power outage, then none of the power supplies will be working properly.
D. Surge suppressor
A surge suppressor will protect a computer from spikes and noise, but it won’t provide any uptime if the primary power source was to fail.

Question 24

Sam, a user in the accounting department, has opened a help desk ticket due to problems accessing the website of the company’s payroll service provider. While
testing other website connections on Sam’s computer, the technician finds that many pop-up windows are displayed. Which of the following would be the BEST way for the technician to resolve this issue?
❍ A. Uninstall the browser and reinstall with a different version
❍ B. Restore the workstation from a known good backup
❍ C. Start in Safe Mode and connect to the payroll website
❍ D. Modify the browser’s proxy settings

Answer 24

The Answer: B. Restore the workstation from a known good backup
The help desk technician found the pop-up windows appeared to indicate a malware infection. Given the available answers, the only one that would provide a resolution is to restore the system from a known good backup.

The incorrect answers:
A. Uninstall the browser and reinstall with a different version
If a system is infected with malware, uninstalling the browser and reinstalling another version will not resolve the issue. To guarantee removal of the malware, the entire system must be deleted and reinstalled.
C. Start in Safe Mode and connect to the payroll website
Safe Mode does not prevent malware from running, and it’s unlikely that Safe Mode would provide access to the third-party website.
D. Modify the browser’s proxy settings
There’s no evidence from the testing that the connectivity issue is related to an incorrect proxy setting. In this example, the large number of pop-up windows appears to indicate a malware infection.

Question 25

A business partner in a different country needs to
access an internal company server during the very early morning hours. The internal firewall will limit the partner’s access to this single server. Which of these would be the MOST important security task to perform on this server?

❍ A. Install the latest OS patches
❍ B. Remove the server from the Active Directory domain
❍ C. Use only 64-bit applications
❍ D. Run a weekly anti-virus scan

Answer 25

The Answer: A. Install the latest OS patches
This system will be used during non-working hours from a location that
is not part of your organization, so keeping the operating system secure will be important. Maintaining an aggressive patching schedule will ensure that any known vulnerabilities are always removed before they could possibly be exploited.

The incorrect answers:
B. Remove the server from the Active Directory domain
An Active Directory domain allows a domain administrator to centrally manage security policies and to provide ongoing monitoring of a device. The server would be less secure if it were removed from the AD domain.
C. Use only 64-bit applications
There’s no enhanced security with 64-bit applications, so ensuring the use of those applications wouldn’t provide any significant security advantages.
D. Run a weekly anti-virus scan
The concern with this server is that it will be accessed by unknown third- parties from the partner’s network. Running an anti-virus scan every week would not provide any significant security benefit, and would probably be delivered too late to be of use.

Question 26

A Linux administrator has been asked to upgrade the web server software on a device. Which of the following would provide the administrator with the appropriate rights and permissions for this upgrade?
❍ A. chmod
❍ B. apt-get
❍ C.dig
❍ D. sudo

Answer 26

The Answer: D. sudo
The sudo (superuser do) command will execute a command as
the superuser or any other user on the system. When performing administrative tasks such as upgrading software, it’s often necessary to use elevated rights and permissions.

The incorrect answers:
A. chmod
The chmod (change mode) command will modify the read, write, and execution permissions for a file system object. The mode of a file or folder would not commonly need to be modified during an upgrade.
B. apt-get
The apt-get (Advanced Packaging Tool) command is used to manage application packages and software upgrades. The apt-get command does not provide any additional rights and permissions, however.
C. dig
The dig (Domain Information Groper) command is used to query a DNS (Domain Name System) server for IP address or fully-qualified domain name details. The dig command does not provide any additional permissions.