Chapter 7 - Security Flashcards
Which type of security device requires the user to insert some type of identification card to
validate access?
A. PIN code
B. Badge reader
C. Security token
D. Biometrics
B. A protected computer or area may have a badge reader into which you insert a smartcard.
A smartcard is a type of badge or card that gives you access to resources, including build-
ings, parking lots, and computers. It contains information about your identity and access
privileges. If using radio frequency identification (RFID), the reader is a wireless, no- contact
technology and the user does not need to touch the card to the reader. A PIN (personal
identification number) code is a number that would be entered to gain access to a system. A
security token is something you have that is used to verify your identity; it can be a software
or a hardware token. Biometrics are using part of your body as identification.
Someone has configured an external server with an IP address that should belong to one of
your sister company’s servers. With this new computer, they are attempting to establish a
connection to your internal network. What type of attack is this?
A. Spoofing
B. On- path attack
C. Zombie/botnet
D. Non-compliant system
A. A spoofing attack is an attempt by someone or something to masquerade as someone
else. This type of attack is usually considered an access attack. The most popular spoofing
attacks today are IP spoofing, ARP spoofing, and DNS spoofing. This is an example of IP
spoofing, where the goal is to make the data look as if it came from a trusted host when it
What type of security device often incorporates RFID technology to grant personnel access to
secure areas or resources?
A. Smartcard
B. Security token
C. Access control vestibule
D. Key fob
A. A smartcard is a type of badge or card that gives the holder access to resources, including
buildings, parking lots, and computers. It contains information about your identity and
access privileges. Each area or computer has a card scanner or a reader in which you insert
your card. Radio frequency identification (RFID) is the wireless, no- contact technology used
with these cards and their accompanying reader. A security token is something you have that
is used to verify your identity; it can be a software or a hardware token. An access control
vestibule is an area between two doors, often with a security camera. The second door grants
access to a secure area. A key fob is a small device used in two- factor identification. It can
generate a number or have software on it that is read to gain access.
You are configuring a wireless network for a small office. What should you enable for the
best encryption possible for network transmissions?
A. WPS
B. WEP
C. WPA
D. WPA3
D. There are generally four wireless encryption methods available. From least to most secure,
they are Wired Equivalent Privacy (WEP), Wi- Fi Protected Access (WPA), and two newer ver-
sions of WPA called WPA2 and WPA3. WPA3 is the most secure and should be used unless
strange circumstances prevent you from doing so, because WPA and WPA2 are no longer
secure. WPS is an easy way to configure Wi- Fi for devices like printers, where a number
would be generated on a printer, for example, and the number would need to be entered on
the access point, or vice versa. WPS has security flaws and is not listed in the CompTIA A+
exam objectives.
You work for a company that has employees fill out and manually sign personnel documents.
Once the signed documents are scanned into a system, the paper copies are no longer needed.
What should be done with the paper documents?
A. Place them in the recycle bin.
B. Shred them.
C. Place them in the trash.
D. Keep them in a locked cabinet.
B. Companies normally generate a huge amount of paper, most of which eventually winds
up in dumpsters or recycle bins. Dumpsters may contain information that is highly sensitive
in nature, and attackers may seek it out by practicing dumpster diving. In high- security and
government environments, if sensitive papers are no longer needed, they should be either
shredded or burned.
Which types of security threats involve the attacker attempting to directly contact a potential
victim? (Choose two.)
A. Spoofing
B. Phishing
C. Social engineering
D. Brute- force attacking
B, C. Social engineering is a process in which an attacker attempts to acquire information
about your network and system by social means, such as talking to people in the organiza-
tion, shoulder surfing, tailgating, or other methods. When this is done via email or instant
messaging, it’s called phishing. Spoofing involves pretending to be a trusted resource— for
example, by using a trusted resource’s IP address to gain access to something else. A brute-
force attack usually involves software that keeps trying passwords or codes until it hits upon
the right one to gain access.
An employee uses their security badge to enter the building through a secured door. Another
person tries to enter the building behind them before the door closes without swiping a
badge. What type of behavior is the second person demonstrating?
A. Shoulder surfing
B. On- path attack
C. Brute- force
D. Tailgating
D. Tailgating refers to being so close to someone when they enter a building that you can
come in right behind them without needing to use a key, a card, or any other security device.
Using an access control vestibule, which are devices such as small rooms that limit access to
one or a few individuals, is a great way to stop tailgating. Revolving doors can also help pre-
vent tailgating. Shoulder surfing is walking behind someone hoping to see passwords or other
security information they may be entering. On- path attacks occur when your data transmis-
sions are intercepted by someone enroute, then forwarded on to their destination, sometimes
with changes, sometimes without. A brute- force attack usually involves software that keeps
trying passwords or codes until it hits upon the right one to gain access.
You have a Windows domain network and want to ensure that users are required to meet
password complexity requirements. What is the best way to implement this on the network?
A. Use a firewall.
B. Use a VPN.
C. Use Group Policy.
D. Use DLP.
C. In a Windows domain, password policies can be configured at the domain level using
Group Policy Objects (GPOs). There are hundreds of variables that can be configured. Vari-
ables that can be configured relating to passwords include password complexity and length
and the time between allowed changes to passwords, and a lockout policy for failed access
attempts. A firewall can be configured to block certain types of traffic based on things like IP
address, protocol, or MAC address. A VPN (virtual private network) is a secure path between
a local and a remote device. Data loss prevention (DLP) is the process of monitoring and
identifying sensitive data to make sure it is accessed only by authorized persons.
You are planning security protocols for your company’s new server room. What’s the sim-
plest way to help physically keep potential attackers away from your servers?
A. Lock the door.
B. Use cable locks.
C. Install an access control vestibule.
D. Implement biometrics.
A. Sometimes the obvious solutions are the best ones! A key aspect of access control involves
physical barriers. One of the easiest ways to prevent those intent on creating problems from
physically entering your environment is to lock your doors and keep them out. Cable locks
are used to secure mobile devices like laptops to a table or a fixed device so they can’t be car-
ried away. An access control vestibule is a small room between two doors, where the secure
access area is beyond the second door, and biometrics are using a part of the body to iden-
tify a person.
A user on your network reported that their screen went blank and a message popped up.
It’s telling them that their files are no longer accessible, and if they want them back, they
need to enter a credit card number and pay a $200 fee. Which type of malware has infected
this system?
A. Rootkit
B. Ransomware
C. Trojan
D. Spyware
B. With ransomware, software, often delivered through a Trojan, takes control of a system
and demands that a third party be paid. The “control” can be accomplished by encrypting
the hard drive, by changing user password information, or via any of several other creative
ways. Users are usually assured that by paying the extortion amount (the ransom), they will
be given the code needed to revert their systems to normal operations. Even among mal-
ware, ransomware is particularly nasty. A rootkit is software that gains access to a system as
administrator, giving it full control over a system. Rootkits are adept at hiding their presence
and are difficult to eradicate. A Trojan is named after the Trojan horse of mythology. Trojans
are malicious software that hides in that fun game or screen saver that you just downloaded,
and it installs when you install the innocent-l ooking files. Spyware is designed to watch what
you do and where you go, hoping to gain information such as logins and passwords, and
bank account numbers.
You are setting up a new wireless router for a home office. Which of the following should
you change immediately when initially configuring the network? (Choose two.)
A. The router’s default administrator username and password
B. The default SSID
C. The radio power level
D. The guest account password
A, B. When configuring a new wireless router, always change the administrator’s username
and password first. This prevents would-b e hackers from having easy access to the router.
Then change the default SSID. These default values can easily be found online, and not
changing them immediately makes your router vulnerable to attack. The radio power level
might be changed later if you discover the signal is too weak or too strong. There is no guest
account on a router.
You are configuring a router for a small office network. The network users should be able
to access regular and secure websites and send and receive email. Those are the only connec-
tions allowed to the Internet. Which security feature should you configure to prevent addi-
tional traffic from coming through the router?
A. MAC filtering
B. Content filtering
C. Port forwarding/mapping
D. Port security/disabling unused ports
D. Port security involves disabling all unneeded protocols/ports. In this case, ports 80 and
443 are needed for HTTP and HTTPS access, and ports 25, 110, 143, 465 or 587 may be
needed for email. That’s it. If you don’t need them, remove the additional protocols, software,
or services, or prevent them (disable them, or block them, as the setting is typically called on
a router) from loading. Ports left open but not in use present an open door for an attacker to
enter. MAC filtering is an option on most routers that will only allow devices with specific
MAC addresses to access the router. Content filtering blocks undesirable traffic such as social
media or hate sites on a corporate network. Port forwarding/mapping will send all traffic
that comes in on a specified port number to a specific node on the network.
On a Windows 10 workstation, there are two NTFS volumes. The Managers group has
Modify access to the D:\mgmt directory. You move the folder to the D:\keyfiles folder,
to which the Managers group has Read access. What level of permissions will the Managers
group have to the new D:\keyfiles\mgmt directory?
A. Full Control
B. Modify
C. Read & Execute
D. Read
B. When you move a file or folder on the same NTFS volume, it will keep its original permis-
sions. If you copy it or move it to a different volume, it will inherit permissions from its new
parent directory.
For users to log on to your network from a remote location, they are required to supply
a username and password as well as a code from an RSA token. What type of security is
being used?
A. Firewall
B. Multifactor authentication
C. Access control list
D. Principle of least privilege
B. When users log on to a computer or network, they are generally required to provide cre-
dentials such as a username or password. In multifactor authentication (MFA), the user is
required to provide two or more items proving who they are. These items are generally from
two of four categories: something they know (such as a password), something they have
(such as a code from a security token), something they are (biometric screening), or some-
where they are (based on GPS location or Wi- Fi and cell tower triangulation). A firewall is a
software or hardware device that will block traffic into or out of a network based on param-
eters that the administrator specifies. An access control list exists for each resource. It defines
who has what level of access to that resource. The principle of least privilege states that you
give a user only enough access to do what they need to do and nothing more.
You want to recycle some hard drives that your company no longer uses but want to ensure
that other people will not be able to access the data. Which methods of removing the data are
acceptable for your purposes? (Choose two.)
A. Formatting the drive
B. Using an overwrite utility
C. Using a drive wipe utility
D. Using electromagnetic fields
B, C. The best methods are using either overwrite or drive wipe programs. Overwriting the
drive entails copying over the data with new data. A common practice is to replace the data
with 0s. Drive wipes do a similar thing. Formatting the drive does not guarantee that others
can’t read the data. Using electromagnetic fields (or degaussing) isn’t reliable and can damage
the hard drive, and it won’t work at all on SSDs.
You have installed Windows 11 Pro on a workstation. For better security, which user account
should you ensure is disabled?
A. Administrator
B. DefaultAccount
C. Power User
D. Guest
D. When Windows is installed, one of the default accounts it creates is Guest, and this repre-
sents a weakness that can be exploited by an attacker. While the account cannot do much, it
can provide initial access to a system, and the attacker can use that to find another account
or acquire sensitive information about the system. To secure the system, disable all accounts
that are not needed, especially the Guest account, which is disabled by default. The Adminis-
trator account should be renamed. If a hacker knows a valid username, then they are halfway
into your system. The DefaultAccount is an account that is managed by the system and is dis-
abled by default. Power User is not an account that is installed with Windows 11, but there is
a Power Users group that is kept for backward compatibility.
Which type of network attack involves an intermediary hardware device intercepting data
and altering it or transmitting it to an unauthorized user?
A. On- path attack
B. Non-compliant system
C. Zombie/botnet
D. Spoofing
A. On- path attacks clandestinely place something (such as a piece of software or a rogue
router) between a server and the user, and neither the server’s administrator nor the user is
aware of it. The on- path attack intercepts data, then sends the information to the server as if
nothing is wrong. The on-p ath attack software may be recording information for someone
to view later, altering it, or in some other way compromising the security of your system and
session. A noncompliant system is one that is not in line with acceptable security policies and
procedures. Zombie and botnet are attacks where the user of the computer doesn’t know
there is malware on their computer. Their computer is a zombie, and when many zombies are
used to attack a system, it’s known as a botnet attack. Spoofing occurs when another system
pretends or appears to be a trusted system.
You are implementing new password policies for your network, and you want to follow
guidelines for password best practices. Which of the following will best help improve the
security of your network? (Choose two.)
A. Require passwords to expire every 180 days.
B. Require passwords to be a minimum of 8 characters.
C. Require passwords to have a special character.
D. Require passwords to be no more than 10 characters long.
B, C. Setting strong passwords is critical to network security. They should be as long as
possible. Eight or 10 characters is a good minimum. Users should also be required to use a
combination of uppercase and lowercase letters, a number, and a special character such as #,
@, &, or others. Passwords should also expire, but 180 days is too long. Having a 45- day or
90- day requirement would be better.
What does NTFS use to track users and groups and their level of access to resources?
A. ACLs
B. Tokens
C. Badges
D. Control rosters
A. With NTFS, each file, directory, and volume can have its own security. NTFS tracks secu-
rity in access control lists (ACLs) for each resource. The ACL will contain the user or group
name and the level of access they have been granted. The basic permissions to choose from
are Full Control, Modify, Read & Execute, List Folder Contents, Read, and Write. There are
also special permissions and settings that can be applied. A token is software or hardware
that is used in multifactor authentication and falls under the category of something that a
user has. Badges may use RFID or other technology that is read to allow physical entry to a
secure area. Control rosters are used in areas that have security guards and contain a list of
people who are allowed to enter.
You have created a user account for a contract employee on a Windows 11 PC. The con-
tractor will be with the company for one month. Which user group should this user’s account
be placed in?
A. Power Users
B. Administrators
C. Standard Users
D. Guest
D. The Guest account is created by default (and should be disabled) and is a member of the
Guests group. For the most part, members of Guests have the same rights as Users except
they can’t access log files. The best reason to make users members of the Guests group is to
access the system only for a limited time. There is no group named Standard Users by default.
There are groups created automatically called Users, Administrators, Power Users, Guests,
and a few others. The Power Users group is kept for backward compatibility, but they are the
same as someone in the Users group. Administrators have complete control over the systems
that they are an administrator on.
On your network, there are multiple systems that users need to access, such as a Windows
domain, a cloud site for storage, and order processing software. You want to configure
the network such that users do not need to remember separate usernames or passwords
for each site; their login credentials will be good for different systems. Which technology
should you use?
A. EFS
B. MDM
C. SSO
D. UAC
C. One of the big problems larger networks must deal with is the need for users to access
multiple systems or applications. This may require a user to remember multiple accounts and
passwords. The purpose of single sign-o n (SSO) is to give users access to all the applications
and systems that they need when they log on. Some of the systems may require users to enter
their credentials again, but the username and password will be consistent between systems.
EFS is the Encrypting File System used to encrypt volumes, files, and folders in Windows OSs.
MDM is mobile device management, which allows an IT department to retain some control
even though users employ BYOD (Bring Your Own Device). UAC is user account control,
which verifies that someone has the authority to change a Windows system before making
any changes.
A user discovers a strange text file at the root of their user directory. It contains everything
they have typed over the past few days, including their credentials. What is the likely cause of
the text file?
A. System auditing enabled
B. Keylogger installed
C. Email application in debug mode
D. Backup file
B. A keylogger seems to be running on the system, monitoring and copying all that is typed
on the keyboard. Obviously, this malware needs to be removed and incident response
steps taken.
What security solution would protect a user from unwanted network traffic probing their
workstation?
A. Software firewall
B. Antiphishing training
C. Anti-malware
D. Antivirus
A. A software- based firewall on the workstation would be able to stop unwanted net-
work traffic, including port scans and probes. Antiphishing training teaches users to avoid
malicious emails. Anti-malware and antivirus are software designed to recognize and quaran-
tine or eradicate malicious code.
A user wants to use multifactor authentication at their PC but does not want to carry a key
fob and is strongly against biometrics. What method can you suggest?
A. Second password
B. Hardware token
C. Software token
D. Fingerprint reader
C. The software token is stored on a general- purpose device, such as the PC or a smart-
phone. The hardware token option would involve carrying an added key fob or device. A fin-
gerprint reader would be unacceptable as it involves biometrics. A second password defeats
the benefit of using multifactor authentication.
What wireless protocol used in WPA compensates for the weak encryption of WEP?
A. VLAN
B. TKIP
C. VPN
D. AES
B. Temporal Key Integrity Protocol (TKIP) is an encryption protocol, used in WPA (Wi- Fi
Protected Access) for wireless connections. It was intended to replace WEP’s weak encryption
by creating a unique key for each for each data frame. It has since been subject to wireless
attacks and is not considered acceptable for big business. A VLAN (virtual LAN) occurs
when devices from multiple LANs are joined together virtually and can act as if they are
Which of the following Active Directory concepts can help enforce security settings?
(Choose two.)
A. EFS
B. Group Policy/updates
C. Port security
D. Login scripts
B, D. Group Policy/updates and login scripts are common ways to push and enforce secu-
rity settings on Active Directory objects. EFS is the Encrypting File System, which is used to
encrypt volumes, files, and folders. Port security means opening or closing ports on a router
to control what type of packets traverse the router.
What 128- bit block encryption that uses an encryption key of 128, 192, or 256 bits is used in
WPA2 and is more secure than TKIP?
A. AES
B. VPN
C. RADIUS
D. Kerberos
A. AES (Advanced Encryption Standard) is used in WPA2 (Wi- Fi Protected Access, ver-
sion 2). VPN is a virtual private network that transmits data across a public network using
encryption. RADIUS (Remote Authentication Dial- In User Service) and Kerberos are both
authentication protocols.
What protocol was designed to authenticate remote users to a dial- in access server?
A. TKIP
B. TACACS+
C. VPN
D. RADIUS
D. RADIUS (Remote Authentication Dial- in User Service) was originally designed to authen-
ticate remote users to a dial- in access server but is now used in several authentication situ-
ations. TKIP is a wireless encryption protocol used in WPA (Wi- Fi Protected Access) which
made WPA more robust/secure than WEP (Wired Equivalent Privacy). TACACS+ (Terminal
Access Controller Access- Control System) is an authentication protocol for centralized
authentication, and a VPN (virtual private network) uses encryption to create a private con-
nection using a public network.
A user is complaining that they can no longer sign into their account because of too many
bad attempts. What basic Active Directory function is at work here?
A. Failed login attempts restrictions
B. Antivirus/anti-malware
C. A bollard
D. A rootkit
A. Using Active Directory settings or the Local Group Policy Editor, you can restrict the
number of failed login attempts before the user is locked out of their account. This is impor-
tant to help prevent a brute- force attack, which attempts to guess passwords until it hits
upon the right one. Antivirus/anti-malware is important to have and identifies malicious soft-
ware based on its signature code but is not at work here. A bollard is a physical post to block
vehicular traffic, and a rootkit is a particularly difficult malware to eradicate because it is
working with administrator rights and it’s good at hiding in a system.
What concept in Active Directory creates a directory subdivision within which may be placed
users, groups, computers and other objects?
A. User
B. Domain
C. Organizational unit
D. Home folder
C. The organizational unit (OU) is a subdivision within which may be placed users, groups,
more OUs, and other objects. The OU exists on a domain, which is a group of users and
resources under a single administrative control. Windows domains are managed by soft-
ware called Active Directory. Active Directory is organized into organizational units, usu-
ally for security purposes. A home folder is where an individual user stores their documents
and such, and in a Windows domain, that location is usually on the domain controller or
another server.
Which of the following authentication encryption protocols is older than the others and was
developed by Cisco but became an open protocol in the 1990s and can be found on Linux
distributions?
A. AES
B. TACACS+
C. Kerberos
D. RADIUS
B. TACACS+ is an authentication protocol developed by Cisco that is now an open standard.
It separates the AAA (authentication, authorization, and accounting) packets and encrypts
them. It was released in 1993 and RADIUS (Remote Authentication Dial- In User Service) is
an authentication protocol that was released in 1997. Kerberos is an open source authenti-
cation protocol that has been around since the 1980s. AES (Advanced Encryption Standard),
which is for wireless encryption and not authentication, has been around since 2001 and is
the successor to TKIP (Temporal Key Integrity Protocol).
Your data center recently experienced a theft of a server from the rack. Which security mech-
anisms would protect servers from future theft? (Choose two.)
A. Equipment locks
B. Security token
C. Alarm systems
D. Hard token
A, C. An equipment lock would slow down a would-b e thief, and alarm systems often send
thieves looking for an easier mark. A security token is involved in multifactor authentication,
and a hard token is one of two types of security tokens, the other being a soft token.
What other security devices are often employed in an access control vestibule? (Choose two.)
A. Bollard
B. Motion sensors
C. Guards
D. Video surveillance
C, D. Often an access control vestibule will have either a security guard, or video surveil-
lance, or both. Once in the vestibule the second door could be opened remotely by someone
watching through the surveillance camera or by a guard who personally clears the person try-
ing to gain access. A bollard is a post used to block vehicular traffic. A motion sensor detects
movement and is often used to trigger an alarm, turn on a light, or turn on a camera, or a
combination of those.
Normally, a company places a user’s profile and folders on the local machine. Now, the orga-
nization would like a few users to be able to log in from other computers. What concept in
Active Directory allows a user’s profile folders to be placed in storage somewhere else on
the network?
A. Home folder
B. Folder redirection
C. Organizational unit
D. VPN
B. Folder redirection allows users’ profile folders to be stored off a local machine and instead
placed in a more centralized location on the network. A profile stored this way is called a
roaming profile. The home folder is the specific location where a user’s documents and such
are stored. An organizational unit is a management tool that can be used to organize Active
Directory resources and can contain users, computers, and other resources. A VPN (virtual
private network) is created across a public network by using strong encryption protocols.
What wireless encryption protocol replaced WPA and uses both TKIP, for backward compat-
ibility, and AES?
A. WEP
B. WPA2
C. WPA3
D. RADIUS
B. WPA2 (Wi-F i Protected Access, version 2) replaced WPA, which had replaced WEP (Wired
Equivalency Protocol). WEP was the first wireless security protocol. WPA, which was devel-
oped next, used TKIP (Temporal Key Integrity Protocol), and WPA2 uses TKIP and the more
secure AES (Advanced Encryption Standard). WPA3 was released in 2018 to replace WPA2,
whose security had been broken. WPA3 also includes better security for the proliferation of
IoT devices. WPA, WPA2, and WPA3 all have personal and enterprise options.
When should OS and application patches be applied to a system to prevent it from becoming
vulnerable?
A. Every 6 months
B. Every 3 months
C. Once a month
D. As soon as they are available
D. Operating system (OS) and application patches may fix vulnerabilities in the software and
should be applied as soon as possible after they are released. In a corporate environment it
would likely be best to test them in a sandbox first to avoid any problems. On a Windows
PC, the Windows Update utility is used to manage the process for you.
You have a Windows workstation and want to prevent a potential hacker from booting to a
USB drive. What should you do to help prevent this?
A. Require strong Windows passwords.
B. Restrict with user permissions.
C. Set a BIOS/UEFI password.
D. Change the default administrator password.
C. A strong Windows password, restricting with user permissions, and changing the default
administrator password will help protect Windows but does not protect the computer in
general. If a user can get into the BIOS/UEFI (Basic Input Output System/Unified Exten-
sible Firmware Interface), then they can change the boot sequence, boot to a USB drive,
and do some damage to the system. The way to protect against this is to implement a BIOS/
UEFI password.
Which type of security solution generally functions as a packet filter and can perform stateful
inspection?
A. VPN
B. EFS
C. Antivirus/anti-malware
D. Firewall
D. Firewalls are among the first lines of defense in a network. They can be hardware fire-
walls or software firewalls and can exist on several layers of a network. The basic purpose
of a firewall is to isolate one network from another or one network node from another.
Firewalls function as one or more of the following: packet filter, proxy firewall, or stateful
inspection firewall. VPN (virtual private network) creates a private network across a public
one by using encryption protocols. EFS (Encrypting File System) is used to encrypt files and
folders. Antivirus/anti-m alware is used to detect malicious attackers by identifying signature
lines of code or actions.
Which of the following are examples of physical security methods? (Choose two.)
A. Biometric locks
B. Multifactor authentication
C. Keys
D. Firewalls
A, C. Biometric locks use a part of your body as identification. They are considered physical
security, as are simple door keys. Multifactor authentication is security that requires
identification and two or more methods of authentication, such as a password and key fob.
A user on your network reported that they received a phone call from someone in the IT
department saying the user needed to reset their password. The caller offered to do it for
them if the user could provide the IT worker with their current password. What is this most
likely an example of?
A. The IT department helping the user to reset their password
B. A spoofing attack
C. A social engineering attack
D. A brute- force attack
C. A person in the IT department is not likely to ask for your password. If they want you to
reset it, they can use software to reset it that will make you choose a new password on next
login. This is a social engineering attack. Social engineering is using kindness, coercion, or
fear to get you to give up privileged information such as your password. Spoofing is when
a website or server, for example, is made to look like a trusted one but in reality there is an
attacker lurking there. A brute- force attack uses software to repeatedly try different pass-
words to break into a system.
Your corporate IT department has decided that to enhance security they want to draft a mo-
bile device management (MDM) policy to require both a passcode and fingerprint scan to
unlock a mobile device for use. What is this an example of?
A. An authenticator application
B. Biometric authentication
C. Full- device encryption
D. Multifactor authentication
D. Any time there is more than one authentication method required, it’s multifactor authen-
tication (MFA). In this case, it does involve using biometrics, but the passcode is not a
biometric factor. An authenticator app can provide a code and be a part of multifactor
authentication. Authenticator apps run on a device like a smartphone or PC and provide a
unique key that changes every few seconds. The key proves that you have the smartphone
or PC in your possession. Full- device encryption could be accomplished with a feature like
Microsoft’s BitLocker, which encrypts an entire drive including the boot files, or a TPM chip,
which prohibits accessing a drive if the chip is not present. Multifactor authentication usu-
ally requires two of the following four types of inputs: something you know (password),
something you have (smart token), something you are (biometrics), or somewhere you are
(GPS or other location services).
Several employees at your company have been tailgating to gain access to secure areas.
Which of the following security methods is the best choice for stopping this practice?
A. Door lock
B. Entry control roster
C. Access control vestibule
D. ID badges
C. Tailgating refers to being so close to someone when they enter a building that you can
come in right behind them without needing to use a key, a card, or any other security device.
Using an access control vestibule, which is a device such as a small room that limits access to
one or a few individuals, is a great way to stop tailgating. With a door lock or ID badge, the
tailgaters could still follow the other employee in. An entry control roster is merely a list of
people who are allowed access to an area, and it isn’t much use without a guard to check it.
A user has joined your company as a network administrator. Let’s assume their user account
name is AOShea. What is the recommended way to give AOShea the administrative privileges
they need?
A. Add the AOShea user account to the Administrators group.
B. Create an account called AdminAOShea. Add that account to the Administrators group.
Have the new administrator use the AOShea account unless they need administrative
rights, in which case they should use the AdminAOShea account.
C. Copy the Administrator account and rename it AOShea.
D. Add the AOShea user account to the Power Users group.
B. Adding AOShea to the Administrators group will certainly work, but it’s not the recom-
mended approach. Since members of the Administrators group have such power, they can
inadvertently do harm (such as accidentally deleting a file that a regular user could not). To
protect against this, the practice of logging in with an Administrators group account for daily
interaction is strongly discouraged. Instead, system administrators should log in with a user
account (lesser privileges) and change to the Administrators group account (elevated privi-
leges) only when necessary.
You are designing a security policy for mobile phones on your network. Which of the follow-
ing is a common method of biometric authentication used with mobile devices?
A. Fingerprint scan
B. Retina scan
C. Swipe lock
D. DNA lock
A. Biometric authentication requires identification of a physical feature of the user, such as
a fingerprint or palmprint. Mobile devices commonly use your fingerprint to prove who you
are. Most modern laptops can also use a facial scan to identify you. DNA and retina scan-
ners are considered a form of biometric authentication, but they’re not commonly used today
with mobile devices. (Imagine your phone needing to collect blood or saliva to authenticate
you— no thanks!) DNA and facial scans aren’t on the CompTIA A+ objectives yet, but retina
scanners, fingerprint, and palmprint scanners are. A swipe lock is not a type of biometrics.
An administrator is transferring confidential files from one Windows Pro workstation to
another, using a flash drive. Policy dictates that the files on the flash drive must be encrypted.
Which technology should be used?
A. BitLocker
B. BitLocker To Go
C. EFS
D. AES
B. BitLocker allows you to use drive encryption to protect files— including those needed for
startup and logon. For removable drives, BitLocker To Go provides the same encryption tech-
nology to help prevent unauthorized access to the files stored on them. EFS is the Encrypt-
ing File System, used to encrypt volumes, files, and folders on a drive. AES is the Advanced
Encryption Standard, an encrypting protocol for Wi- Fi.
Which type of security system uses physical characteristics to allow or deny access to loca-
tions or resources?
A. ID badges
B. Bollards
C. Biometrics
D. Tokens
C. Biometric devices use physical characteristics to identify the user. Biometric systems
include fingerprint/palm/hand scanners, retinal scanners, face scanners, and soon, possibly,
DNA scanners. To gain access to resources, you must pass a physical screening process.
Bollards are vertical posts to block vehicular traffic. ID badges often use RFID (radio fre-
quency identification) to communicate with a reader and verify your identity. Tokens can be
either hard (like a key fob) or soft (software on a system) and are often used in multifactor
authentication.
You have just transformed a Windows workgroup into a small domain and are config-
uring user accounts. Which of the following is considered a best practice for managing user
account security?
A. Require every user to log on as a Guest user.
B. Allow all users Read and Write access to all server files.
C. Follow the principle of least privilege.
D. Place all user accounts in the Administrators group.
C. When assigning user permissions, follow the principle of least privilege; give users only
the bare minimum that they need to do their job, nothing more. Another best practice is
to assign permissions to groups rather than users, and make users members of groups (or
remove them from groups) as they change roles or positions.
A security consultant for your company recommended that you begin shredding or burning
classified documents before disposing of them. What security risk is the consultant trying to
protect the company from?
A. Shoulder surfing
B. Dumpster diving
C. Social engineering
D. Brute- force attack
B. Companies normally generate a huge amount of paper, most of which eventually winds
up in dumpsters or recycle bins. Dumpsters may contain information that is highly sensitive
in nature, and attackers may seek it out by practicing dumpster diving. In high- security and
government environments, sensitive papers should be either shredded or burned. Shoulder
surfing is literally looking over someone’s shoulder to try to see passwords or other sensitive
information. Social engineering happens any time someone tries to coerce, threaten, or cajole
someone into giving up privileged security information. A brute- force attack is repeatedly
trying passwords in an effort to guess the correct one.
Several workstations on your network have not had their operating systems updated in more
than a year, and your antivirus software is also out- of- date. What type of security threat does
this represent?
A. Non-compliant systems
B. Zombie/botnet
C. Brute- force attack
D. Zero- day attack
A. The systems are not up-t o- date and therefore are more vulnerable to attacks. These sys-
tems are considered noncompliant systems. It’s a violation of security best practices to fail
to keep all software on your network up-t o- date. Zombie and botnet are attacks where the
user of the computer doesn’t know there is malware on their computer. Their computer is a
zombie, and when many zombies are used to attack a system, it’s known as a botnet attack. A
brute- force attack usually involves software that keeps trying passwords or codes until it hits
upon the right one to gain access. A zero- day attack happens when a hole is found in a web
browser or other software and attackers begin exploiting it the very day it is discovered by
the developer, before they have time to plug the hole.
On the Internet, you get a news flash that the developer of one of your core applications
found a security flaw. They will issue a patch for it in two days. Before you can install the
patch, it’s clear that the flaw has been exploited and someone has illegally accessed your net-
work. What type of attack is this?
A. Zombie/botnet
B. Non-compliant system
C. Zero- day attack
D. Brute- force attack
C. When a hole is found in a web browser or other software and attackers begin exploiting
it the very day it is discovered by the developer (bypassing the one- to two- day response time
that many software providers need to put out a patch once the hole has been found), it is
known as a zero- day attack (or exploit). Zombie and botnet are attacks where the user of the
computer doesn’t know there is malware on their computer. Their computer is a zombie, and
when many zombies are used to attack a system, it’s known as a botnet attack. Noncompli-
ant systems are those whose software is not up- to- date or they are not following best prac-
tices or corporate restrictions and rules. A brute- force attack usually involves software that
keeps trying passwords or codes until it hits upon the right one to gain access.
UserA is a member of the Dev group and the HR group. They are trying to access a local
resource on an NTFS volume. The HR group has Full Control permission for the payroll
folder, and the Dev group has Deny Read permission for the same folder. What is UserA’s
effective access to the payroll folder?
A. Full Control
B. Read
C. Write
D. Deny
D. When there are conflicting NTFS permissions, generally they are combined, and the most
liberal is granted. The exception to that is when there is an explicit Deny. That overrides any
allowed permissions.
Which default Windows group was designed to have more power than normal users but not
as much power as administrators, and is now kept for backward compatibility only?
A. Superuser
B. Standard Users
C. Power Users
D. Advanced Users
C. Microsoft wanted to create a group in Windows that was powerful but not as powerful
as the Administrators group, which is how the Power Users group came into being. The idea
was that membership in this group would be given Read/Write permission to the system,
allowing members to install most software but keeping them from changing key operating
system files or accessing other users’ data. However, for many current Windows versions, the
Power Users group now is assigned permissions equivalent to the Standard user, a member
of the Users group. There is no group called Superuser, or Standard Users, or Advanced Users.
You have assigned a Windows workstation to a workgroup. Which of the following are
recommended best practices for maximizing security regarding the Administrator account?
(Choose two.)
A. Disable the Administrator account.
B. Rename the Administrator account.
C. Remove the Administrator account from the Administrators group.
D. Require a strong password.
B, D. You should rename the default Administrator account and always require strong
passwords.
You’re at home using a digital security method to connect to your corporate network. This
security method wraps data in encryption (encapsulating it) to transfer the data across a
public network (the Internet), and your connection gets a corporate IP address just as if you
were sitting in the office. What type of connection is this?
A. VPN
B. Firewall
C. BitLocker
D. EFS
A. A virtual private network (VPN) is a private network connection that occurs through a
public network. VPNs make use of tunneling, which sends private data across a public net-
work by placing (encapsulating) that data into other packets. Even though a VPN is created
through the Internet or other public networks, the connection logically appears to be part of
the local network, although the connection will likely be a bit slower than sitting at a PC in
the office. A firewall is used to filter packets, blocking or accepting them based on the port
number they use, MAC address, or other criteria. BitLocker is a full- drive encryption utility.
EFS (Encrypting File System) is used to encrypt volumes, individual files, and folders.
Which of the following are advantages of using NTFS permissions over using share permis-
sions? (Choose two.)
A. NTFS permissions will override share permissions if there is a conflict.
B. NTFS permissions affect users at the local computer, but share permissions do not.
C. NTFS permissions are more restrictive in their access levels than share permissions.
D. NTFS permissions can be set at the file level, but share permissions cannot.
B, D. NTFS permissions affect users regardless of whether they are at the local computer or
accessing the resource across a network. They can also be applied to individual files, whereas
share permissions can be applied only to folders. One set of permissions is not inherently
more restrictive than the other, as either type can be used to deny access in a given situation
(at least when accessing across the network). When NTFS and share permissions affect the
same folders, the most restrictive permission applies.
Someone has placed an unauthorized wireless router on your network and configured it
with the same SSID as your network. Users can access the network through that router, even
though it’s not supposed to be there. What type of security threat could this lead to?
A. Zombie/botnet
B. Spoofing
C. Non-compliant system
D. On- path attack
D. An unauthorized router with a seemingly legitimate configuration is specifically known
as an evil twin. Those can lead to on-p ath attacks, which involve clandestinely placing
something (such as a piece of software or a rogue router) between a server and the user, and
neither the server’s administrator nor the user is aware of it. The unauthorized device in the
middle intercepts data and then sends the information to the server as if nothing is wrong.
The unauthorized device software may be recording information for someone to view later,
altering it, or in some other way compromising the security of your system and session.
Which type of security method is worn by employees and usually has a picture on it?
A. Key fobs
B. ID badges
C. Smartcards
D. Biometrics
B. An ID badge is worn by employees to identify them. Some companies use different colored
badges to indicate different functions or security privileges. Most ID badges have a picture of
the user on them to prevent unauthorized use. Key fobs are small devices that generate a code
that changes every few seconds and are often used in multifactor authentication. Smartcards
will have either an RFID tag or a chip that can be read by a reader device to allow or deny
entrance to an area. Biometrics are any type of identification that uses a part of your body to
identify you.
You’re working at a high- security server farm and must ensure that vehicles stay a certain
distance away from the building. What physical security methods can be used for this
purpose? (Choose two.)
A. Bollards
B. Motion sensors
C. Fences
D. Lighting
A, C. Bollards are vertical posts that are short and sturdy, sometimes made of cement or
steel. They can be placed closely enough together so that a vehicle can’t go through an area
but people can. Fences can also be erected to keep vehicles and people out of an area. Motion
sensors can be used to trigger alarms but won’t actually keep anyone out, and good lighting
is always a deterrent, but again it won’t physically keep anyone out.
Between you and your family members, there are several mobile devices, including phones,
laptops and smart watches. Someone generally forgets where they put their phone, or it
may be stolen, and it would be nice to easily find it. In addition, you want to see where
other family members are when they are around town. Which type of app will allow you
to do this?
A. Trusted source app
B. Remote control app
C. Locator app
D. Firewall app
C. A locator app is what you need. Apple supplies a free app called Find My, and Google has
Find My Device that, together with their respective websites, allow multiple mobile devices
and to be located if powered on and attached to the Internet (via 5G, 4G, 3G, Wi- Fi, Ether-
net, and so on). For Apple devices, if not attached to the Internet, nearby devices can identify
your device and tell you where it is. Both Find My and Find My Device allow the device to
be controlled remotely to lock it, play a sound (even if audio is off), display a message, or
wipe the device clean.
Which security mechanism specifies permissions for users and groups as well as the type of
activities the users or groups can perform?
A. ACL
B. EFS
C. VPN
D. PIN
A. File systems such as NTFS, and security devices such as firewalls, can specify security
by using access control lists (ACLs). ACLs can hold permissions for local users and groups,
and each entry in the ACL can also specify what type of access is given. This allows a great
deal of flexibility in setting up a network. EFS is the Encrypting File System used to encrypt
volumes, files, and folders, but not entire drives. VPN is a type of network connection that
uses encryption to create a private network that traverses a public one. PINs (personal
identification numbers) are used in many applications to identify a user.
You need to know which files have been modified in a folder. Which of the following is not a
way to see when files have been modified?
A. Right- click each file and choose Properties, and then Advanced to see whether the
archive bit is set.
B. Open the folder in File Explorer and click Date Modified to sort the files by the date
they were last modified.
C. Type archive at a command prompt.
D. Type attrib at a command prompt.
C. On any individual file or folder you can right-c lick and choose Properties to see the Read-
only and Hidden attributes, then click Advanced to see whether the file is ready for archiving
(needs to be backed up). You can also open a folder in File Explorer and click Date Modi-
fied to sort the files by the last date modified. Simply typing attrib at a command prompt
will show the file attributes for everything in that folder. Attributes are information such as
whether the file is a system file (S), hidden (H), read only (R), or ready to be archived (A). To
see the attributes for a single file, type attrib filename. The attrib command is not in the
CompTIA A+ objectives, but file attributes are.
You want to create a new policy to encrypt all company drives using BitLocker. Which
operating system will need to be upgraded?
A. Windows 10 Pro
B. Windows 11 Home
C. Windows 11 Pro
D. Windows 10 for Workstations
B. Professional and higher operating system editions in either Windows 10 or Windows
11 will support BitLocker. Home editions will not, regardless of what version of the Win-
dows operating system they are.
Software was installed on a laptop without the user’s knowledge. The software has been
tracking the user’s keystrokes and has transmitted the user’s credit card information to an
attacker. What type of threat is this?
A. Zombie/botnet
B. Spoofing
C. Spyware
D. Ransomware
C. Spyware differs from other malware in that it works— often actively— on behalf of a third
party. Rather than self-r eplicating, like viruses and worms, spyware is spread to machines
by users who inadvertently ask for it. The users often don’t know they have asked for it but
have done so by downloading other programs, visiting infected sites, and so on. The spyware
program monitors the user’s activity and responds by offering unsolicited pop- up adver-
tisements (sometimes known as adware), gathers information about the user to pass on to
marketers, or intercepts personal data such as credit card numbers. Zombies and botnets are
innocent computers that are used to perpetrate an attack on someone else without the user’s
knowledge. An example of spoofing is using an IP address that should be someone else and
pretending to be them to gain access to a system. Ransomware locks a system in some way or
encrypts data and won’t allow access until the system’s owner pays a ransom.
A new user has joined your company as a network administrator. Which of the following
statements is most correct regarding their network access?
A. They should have just one user account, with administrator-level permissions.
B. They should have just one user account, with standard user-level permissions.
C. They should have two user accounts: one with user- level permissions and one with
administrator-l evel permissions.
D. They should have three user accounts: one with user- level permissions, one with
administrator- level permissions, and one with remote access administrator permissions.
C. The new administrator should have a nonadministrative account to use for day- to- day
tasks. They also need an account with administrative privileges to perform the administrative
duties. When creating user accounts, follow the principle of least privilege: give users only the
permissions they need to do their work and no more. This is especially true with administra-
tors. Those users should be educated on how each of the accounts should be used.
Which types of security threats are direct attacks on user passwords? (Choose two.)
A. Brute- force
B. Zombie/botnet
C. Dictionary attack
D. Spoofing
A, C. Password attacks occur when an account is attacked repeatedly with the intent of
determining the password that will gain access. This is accomplished by using applications
designed to break the password by sending possible passwords to the account in a systematic
manner. Two types of password attacks are brute- force and dictionary attacks. Zombie and
botnet are attacks where the user of the computer doesn’t know there is malware on their
computer. Their computer is a zombie, and when many zombies are used to attack a system,
it’s known as a botnet attack. A spoofing attack is an attempt by someone or something to
masquerade as someone else.
You read corporate email on your smartphone and do not want others to access the phone if
you leave it somewhere. What is the first layer of security that you should implement to keep
others from using your phone?
A. Multifactor authentication
B. Full- device encryption
C. Screen lock
D. Remote wipe software
C. All the options will increase the security of a smartphone. For just the basic level of secu-
rity, though, enable a screen lock. A user will need to enter a code to gain access to the device.
It’s typically enough to thwart casual snoops and would-b e hackers. Multifactor authenti-
cation occurs whenever you need two or more ways to prove who you are (something you
know, something you have, something you are, or someplace you are). Full- device encryption
would mean encoding the data and requiring a key to decrypt it. Remote wipe is a feature
that can be used to remove all the personal or corporate data from a phone even though it is
lost or stolen.
You use your smartphone for email and extensive Internet browsing. You want to add an
additional level of security to always verify your identity online when accessing various
accounts. Which type of app do you need?
A. Authenticator app
B. Trusted source app
C. Biometric authenticator app
D. Account encryption app
A. An authenticator app can help securely verify your identity online, regardless of the
account you want to log into. Different apps work in different ways, but the general
procedure is that the app will generate a random code for you to type along with your
username and password. The random code helps identify you and tells the site you are log-
ging into that you really are who you say you are. The other options are not actual applica-
tion types.
You have instructed users on your network to not use common words for their passwords.
What type of attack are you trying to prevent?
A. Brute- force
B. Dictionary attack
C. Social engineering
D. Shoulder surfing
B. A dictionary attack uses a dictionary of common words to attempt to find the user’s pass-
word. Dictionary attacks can be automated, and several tools exist in the public domain
to execute them. As an example of this type of attack, imagine guessing words and word
combinations found in a standard English- language dictionary. The policy you have recom-
mended could also help thwart those who may try to look over a shoulder (shoulder surfing)
to see a user’s password because even with a quick glance they can see whether or not it’s a
common word. Brute-f orce is trying repeatedly to guess a user’s password. Social engineering
is using kindness, coercion, or fear to get you to give up privileged information such as
your password.
Which type of malware is designed to look like a different program and, when installed, cre-
ates a back door for an attacker to access the target system?
A. Trojan
B. Spyware
C. Virus
D. Whaling
A. Trojans are programs that enter a system or network under the guise of another program.
A Trojan may be included as an attachment or as part of an installation program. The Trojan
can create a back door or replace a valid program during installation. It then accomplishes
its mission under the guise of another program. A Trojan is named after the Trojan horse of
mythology. Spyware watches what you do and reports back to someone. A virus is spread
from computer to computer because of some contact between the machines, often through
email. Whaling is phishing for “big fish,” such as very wealthy or influential people. Phishing
gets its name from fishing for information.
You have been asked to dispose of several old magnetic hard drives. What are you doing if
you use a large magnet to clear the data off a hard drive?
A. Overwriting
B. Zero writing
C. Degaussing
D. Incineration
C. A large electromagnet can be used to destroy any magnetic media, such as a hard drive
or backup tape set. The most common of these is the degaussing tool. Degaussing involves
applying a strong magnetic field to initialize the media. This process helps ensure that
information doesn’t fall into the wrong hands. Overwriting and zero writing write random
binary (or all zeros) on a magnetic hard drive using software. The process must be done sev-
eral times by the software to be effective. Incineration means simply burning the drive.
You’re setting up a Windows 11 Pro machine and want to encrypt the entire hard drive,
including startup files. Which technology best meets your needs?
A. Windows OSs do not allow full-d rive encryption.
B. BitLocker
C. BitLocker to Go
D. EFS
B. BitLocker Drive Encryption allows you to use drive encryption to protect files— including
those needed for startup and logon. This is available only with Windows Pro and higher edi-
tions. For removable drives, BitLocker To Go provides the same encryption technology to
help prevent unauthorized access to the files stored on them. EFS (Encrypting File System) is
used to encrypt volumes, files, and folders but is not capable of encrypting the entire drive.
Which type of security threat gains administrative- level access for an attacker to perform
another attack, and then hides its presence from system management tools?
A. Virus
B. Whaling
C. Rootkit
D. Ransomware
C. Rootkits are software programs that can hide certain things from the operating system;
they do so by obtaining (and retaining) administrative- level access. With a rootkit, there may
be several processes running on a system that don’t show in Task Manager, or connections
that don’t appear in a netstat display may be established or available— the rootkit masks
the presence of these items. Rootkits are known for being particularly difficult to eradicate.
A virus is spread from computer to computer because of some contact between the machines,
often through email. Whaling is phishing for “big fish,” such as very wealthy or influential
people. Phishing gets its name from fishing for information. Ransomware holds a machine or
network hostage, making it and its data inaccessible, until a ransom is paid.
A computer user wants to encrypt a few files on an NTFS volume on their Windows Pro
workstation. They do not have administrative rights to the computer. Which of the following
statements is correct?
A. They can only use device encryption.
B. They can use BitLocker.
C. They can use BitLocker To Go.
D. They can use EFS.
D. Encrypting File System (EFS) is available in most editions of Windows, and it allows for
encryption/decryption of files stored in NTFS volumes. All users can use EFS, whereas only
administrators can turn on BitLocker. It does not require any special hardware, while Bit-
Locker benefits from having the Trusted Platform Module (TPM). As an additional distinc-
tion, EFS can encrypt just one file, if so desired, while BitLocker encrypts the whole volume
and whatever is stored on it.
Which type of digital security is designed to protect your network from malicious software
programs by both preventing them from entering the system and removing them if they
are found?
A. Firewall
B. Anti- malware
C. EFS
D. UAC
B. Anti- malware software will help protect computers from malicious programs. Typically,
anti- malware does everything that antivirus software does as well as identify threats beyond
just viruses. In fact, viruses are a type of malware. A lot of anti- malware software is marketed
as antivirus software. A firewall is a hardware or software device designed to prevent certain
types of traffic from entering or leaving a network. EFS (Encrypting File System) allows
a user to encrypt individual volumes, files, or folders, and UAC (User Account Control) is
designed to prevent users from making changes that they are not authorized to make.
Your company has hired a consultant to intentionally send emails asking for login
information from your employees. What is your company engaging in?
A. Phishing
B. Whaling
C. Zero- day attack
D. Anti-phishing training
D. Educating users to recognize phishing is one of the most important steps in preventing
hackers from acquiring login credentials. One way to do this is to hire a consulting company
to send phishing emails and see which employees respond when they should not and need
additional training. Phishing is usually done through email and is an attempt to “fish” for
information from an authorized network user such as logon information. Whaling is phishing
for high- profile or wealthy targets. A zero- day attack is one that happens the same day a vul-
nerability is discovered, so there has not been time to rectify the vulnerability.
On a Windows workstation, there is one volume formatted with NTFS. The Developers
group has Modify access to the C:\dev directory. You copy the folder to the C:\
operations folder, to which the Developers group has Read access. What level of permis-
sions will the Developers group have to the new C:\operations\dev directory?
A. Read & Execute
B. Read
C. Full Control
D. Modify
B. When a file or folder is copied on NTFS volumes, the new file or folder will inherit its
NTFS permissions from its new parent folder. The old permissions will be discarded. How-
ever, when files and folders are moved versus copying them, the original permissions are
retained at the new location.
You are configuring NTFS and share permissions on a Windows 11 workstation. Which of
the following statements is true regarding permissions?
A. Both NTFS and share permissions can be applied only at the folder level.
B. NTFS permissions can be applied at the file or folder level, and share permissions can
only be applied at the folder level.
C. NTFS permissions can be applied only at the folder level, but share permissions can be
applied to files and folders
D. Both NTFS and share permissions support inheritance.
B. Only NTFS permissions can be applied to individual files. Both NTFS and share per-
missions can be applied to volumes and folders. Share permissions are only effective when
the resource is accessed via a network. NTFS permissions are effective whether the person
accesses the resource locally or via a network. NTFS permissions are inherited from a parent
folder. Share permissions do not have inheritance.
Which type of security device displays a randomly generated code that the user enters for
access to computer resources?
A. ID badge
B. RFID badge
C. Smartcard
D. Key fob
D. A key fob is a small device about the size that could usually be carried on a key chain.
They generate a random number every few seconds that can be used for multifactor
identification to gain access to a secure system such as a bank account. Key fobs are also a
type of hard token. The other three choices— ID badge, RFID badge, and smartcard— are
all something that can be carried by an employee to gain access to an area. Smartcards or
RFID badges store electronic information that could be used to access equipment as well.
Information on them is accessed by devices called readers.
You recently noticed a change on your computer. Now when you open your web browser, no
matter what you search for, you get a dozen unsolicited pop- up windows offering to sell you
items you didn’t ask for. What type of problem does your computer have?
A. Spyware
B. Ransomware
C. Zombie/botnet
D. Trojan
A. Spyware differs from other malware in that it works— often actively— on behalf of a third
party. Rather than self-r eplicating, like viruses and worms, spyware is spread to machines
by users who inadvertently ask for it. The users often don’t know they have asked for it but
have done so by downloading other programs, visiting infected sites, and so on. The spyware
program monitors the user’s activity and responds by offering unsolicited pop- up advertise-
ments (sometimes known as adware), gathers information about the user to pass on to mar-
keters, or intercepts personal data such as credit card numbers. Ransomware is software that
takes over a computer and won’t allow access to the data until a ransom is paid. Zombies
are computers that have been taken over by another party and are used to perform malicious
acts. When there are many zombies acting together, they form a botnet. The computer user
is generally unaware of the presence of the attacker. A Trojan is software that is downloaded
when the user downloads an innocent-l ooking software program or digital image. Once
downloaded, the Trojan loads into the computer system.
A computer user wants to encrypt the data on their Windows 10 Home device. They have
administrative rights to the computer. Which of the following statements is correct?
A. They may be able to use Windows device encryption.
B. They can use BitLocker.
C. They can use BitLocker To Go.
D. They can use EFS.
A. Encrypting File System (EFS) allows for encryption/decryption of individual volumes,
files, and folders stored in NTFS volumes, whereas BitLocker encrypts entire drives, but
neither of them is available in Home editions of Windows. If there is supporting hardware
(Trusted Platform Module [TPM] enabled in BIOS/UEFI and Secure Boot enabled), then
device encryption can be used instead. With device encryption, only someone with authori-
zation to use the device will be able to decrypt it. You must be logged in as an administrator
Which of the following statements are true regarding file and folder attributes on a Windows
11 workstation? (Choose two.)
A. File attributes are available only on NTFS volumes.
B. Only members of the Administrators group can change file/folder attributes.
C. Attributes can be accessed by right-c licking the file/folder and choosing Properties and
then selecting the General tab.
D. Compression is an advanced file/folder attribute.
C, D. File attributes are accessed in the same manner whether you are using Windows 10 or
Windows 11. In the GUI, attributes are accessed by right- clicking the object and choosing
Properties and then selecting the General tab. For some attributes, such as compression and
encryption, you need to click Advanced in the Attributes section of the General tab. Com-
pression uses algorithms to remove repeated characters and excess spaces, making files take
up less space. The user does not need to be an administrator to change attributes. In addition
to right-c licking the object, attributes can be changed using the attrib command.
Which type of digital security needs to have constant updates to best protect your network
or computer?
A. Antivirus
B. Firewall
C. Access control list
D. NTFS permissions
A. Antivirus software needs continual updates of virus signatures as new viruses are
unleashed daily. The updates are known as definition files and ensure that the antivirus
engine will recognize new viruses. Firewalls can be software or hardware and are designed
to block or allow network traffic based on certain criteria. Once established, settings are not
often changed. ACLs (access control lists) are tied to objects in a system and are compared
to an authenticated user’s information to determine whether to grant access. These too are
seldom changed once they are configured. NTFS permissions are part of what creates ACLs.
NTFS permissions for an object are granted to a user and can include Full Control, Modify,
Read & Execute, List Folder Contents, Read, and Write. Share permissions also affect access
to a resource but only when a user accesses it via a network.
You are at work and receive a phone call. The caller ID indicates it’s coming from your man-
ager’s desk. You can see your manager’s desk and no one is sitting there. Which of the follow-
ing is likely happening?
A. Zombie/botnet attack
B. Impersonation attack
C. Zero- day attack
D. Phishing attack
B. Impersonation is an attempt by someone or something to masquerade as someone else.
You might think of impersonation attacks as affecting network systems, but they can affect
phone systems as well. A zombie is a computer system that a hacker has a back door into and
can use to perpetrate attacks, unknown to the computer system’s legitimate user. A botnet is a
system of zombie computers engaged in an orchestrated attack on a target. A zero-d ay attack
occurs when a vulnerability is used to attack a system on the very day that the vulnerability
is discovered, before preventive measures to block the vulnerability have been able to be cre-
ated. In a phishing attack, the attacker uses coercion or other means to attempt to gain pass-
words or other privileged information.
A user is working on a Windows workstation. Their user account is a member of the Man-
agers group, and they are trying to access a folder named reports, located on a different
computer. The NTFS permissions for the reports shared folder on that computer for the Man-
agers group are Read and Write. The folder’s share permissions for the Managers group is the
Read permission. What are the user’s effective permissions on the reports folder?
A. Full Control
B. Read and Write
C. Read
D. No access
C. Because the user is accessing the NTFS- based resource over the network, both NTFS
and share permissions are applied. If there is a difference between the two of them, the most
restrictive permissions are used. Therefore, the user has Read access only.
Which NTFS permission overrides all the others?
A. Full Control
B. Deny
C. List Folder Contents
D. Read
B. Regardless of what other permissions may be granted, Deny will override all of them and
the effective permission will be Deny.
A system administrator is concerned about Windows users inadvertently installing malware
from DVD- ROMs and USB thumb drives that contain malicious code. What can they do to
help prevent this from happening?
A. Set restrictive user permissions.
B. Enable BIOS/UEFI passwords.
C. Disable AutoRun and AutoPlay.
D. Enable data encryption.
C. Disable AutoRun and AutoPlay should be selected on computers connected to the net-
work. (It is never a good idea to put any media in a workstation if you don’t know where it
came from or what it is). The simple reason is that the media (CD, DVD, USB, SD) could
contain malware. Compounding matters, the malware could be referenced in the autorun
.inf file, causing it to be summoned when the media is inserted in the machine and
requiring no other action. User permissions are not effective on optical drives whose content
changes all the time. A BIOS/UEFI password would prevent the computer from being booted,
and enabling data encryption can’t be done on media that is subject to change.
Someone has placed an unauthorized wireless router on your network and configured it
with the same SSID as your network. Users can access the network through that router, even
though it’s not supposed to be there. What is this router configuration known as?
A. Zombie/botnet
B. Evil twin
C. Non-compliant system
D. On- path attack
B. An unauthorized router with a seemingly legitimate configuration is specifically known
as an evil twin. Those can lead to on-p ath attacks, which involve clandestinely placing
something (such as a piece of software or a rogue router) between a server and the user, and
neither the server’s administrator nor the user is aware of it. The on- path attacker intercepts
data and then sends the information to the server as if nothing is wrong. The on- path attack-
er’s software may be recording information for someone to view later, altering it, or in some
other way compromising the security of your system and session. A zombie is a computer
system that a hacker has a back door into and can use to perpetrate attacks, unknown to the
computer system’s legitimate user. A botnet is a system of zombie computers engaged in an
orchestrated attack on a target. A noncompliant system is one that is not updated or not fol-
lowing company protocols regarding security.
Your office has recently experienced several laptop thefts. Which security mechanism, is designed to protect mobile devices from theft?
A. Security token
B. Laptop lock
C. Key fob
D. Magnetometer
B. Locks and keys are some of the simplest yet effective physical security measures. The
device shown in the graphic is a laptop lock. The user has a key to unlock the device. The
heavy cable is looped around something solid like a table leg, and the end where the key is
inserted locks into a special slot in a laptop or other mobile device. Security tokens can be
either soft tokens or hard tokens. Hard tokens are objects a user carries such as a key fob.
Soft tokens are software installed on a system. A magnetometer measures magnetic fields and
can be used in a mobile device to determine your location with respect to Earth’s magnetic
north and south.
Which of the following is an open source authentication encryption protocol that is widely
used and that uses a third party to verify user credentials?
A. AES
B. TACACS+
C. Kerberos
D. RADIUS
C. Kerberos was developed and named by computer scientists at MIT. It is an open source
authentication protocol that uses a third party to verify user credentials and symmetric key
cryptography to encode transmissions between parties. TACACS+ is an authentication pro-
tocol developed by Cisco that is now an open standard. RADIUS (Remote Authentication
Dial- In User Service) is an authentication protocol that was originally used for dial- in access.
It has morphed into a protocol used for authenticating remote Wi- Fi or on premises users.
AES (Advanced Encryption Standard), which is for wireless encryption and not authenti-
cation, has been around since 2001 and is the successor to TKIP (Temporal Key Integrity
Protocol).
Your company allows employees to use their own devices, and as the IT director, you are
naturally concerned with the security of corporate information on those devices. Which tech-
nology should you require in this situation?
A. EFS
B. MDM
C. SSO
D. UAC
B. MDM (mobile device management) is a software technology that allows an IT department
to retain control over corporate data while allowing users to use their personal devices.
BYOD (Bring Your Own Device) can save companies money on hardware but presents a
security risk. Using MDM, an IT administrator can restrict the type of data and applications
that are used with company information. They can also wipe all corporate information off
a device that is lost or stolen, or if an employee leaves the company. EFS (Encrypting File
System) is used to encrypt files and folders in Windows OSs, excluding Home editions. The
purpose of single sign- on (SSO) is to give users access to all the applications and systems that
they need when they log on. Some of the systems may require users to enter their creden-
tials again, but the username and password will be consistent between systems. UAC (User
Account Control) verifies that someone has the authority to change a system before making
any changes by requiring them to enter an administrator password for certain operations.
Which of the following is not a logical security method of delivering a code for multifactor
authentication?
A. Voice call
B. Email
C. Bollards
D. SMS
C. Bollards are a method of physical security that can be used to keep vehicles out of a
particular area. Voice calls, email, and SMS (short message service) can all be used to deliver
a one- time code for multifactor authentication.
Which of the following is an example of a hard token? (Choose two.)
A. Key fob
B. Retina scanner
C. Smartcard
D. Motion sensor
A, C. Both smartcards and key fobs are hard tokens. Hard tokens are a physical security
device that can be carried about by the user. A smartcard has a chip whose data can be
accessed by a reader to allow a user access to a secure area or computer system. A key fob
generates a random number every few seconds that can be entered into a system as part of
multifactor authentication. Retina scanners are biometric devices, because they use part of
your body as authentication/identification, and while motion sensors are a part of physical
security, they’re generally used in conjunction with alarm systems.
Which of the following devices. often found in smartphones and other mobile devices, is
used to pinpoint a person’s location on Earth, and therefore can be used for multifactor
authentication?
A. Magnetometer
B. Retina scanner
C. Key fob
D. Hard token
A. A magnetometer measures magnetic fields and can be used to locate a person’s position
on Earth. As a part of multifactor authentication, that location is compared to an allow or
block list, and if the device to be accessed is in an allowed location, access may be granted. A
retina scanner is a biometric device that scans a person’s eye to determine if access should be
granted. A key fob will generate a code that changes every few seconds. A key fob is a type of
hard token used for authentication.
Which of the following is not a physical security measure for protecting computer systems
and access to them?
A. Lighting
B. Equipment locks
C. Motion sensors
D. Soft token
D. A soft token is a logical, rather than a physical, security measure. An example of a soft
token would be an authenticator app on your cell phone used to generate a code to access
a website. Proper lighting can often deter would- be attackers, as can equipment and door
locks, and motion sensors that trigger alarms.
Which of the following is not a biometric identification device?
A. Fingerprint reader
B. Retina scanner
C. Hard token
D. Palmprint scanner
C. A hard token is a security device that a computer user has in their possession, such as a
key fob or smartcard. Biometric devices are those that use a part of your body to identify you
and either deny or allow access to a system based on your identity.
A user is worried about others shoulder surfing. What should they use to help avoid
this problem?
A. Access control vestibule
B. Video surveillance
C. Display privacy filter
D. Smartcard
C. To prevent shoulder surfing, a user could install a display privacy filter. Privacy filters are
either film or glass add-o ns that are placed over a monitor or laptop screen to prevent the
data on the screen from being readable when viewed from the sides. Only the user sitting
directly in front of the screen can read the data. In shoulder surfing, a potential attacker is lit-
erally looking over someone’s shoulder to try to read what is on their screen. An access con-
trol vestibule is an area between two doors that helps to prevent tailgating. Video surveillance
occurs when there are security cameras watching a secure area and a person observing the
output of those cameras. Smartcards are devices that a user can carry that will authenticate
them to a system as a part of multifactor login.
Which type of malware will often cause critical files to disappear, often while displaying a
taunting message, and requires user intervention (usually inadvertent) to spread from com-
puter to computer?
A. Botnet
B. Virus
C. Trojan
D. Rootkit
B. Many viruses will announce that you’re infected as soon as they gain access to your
system. They may take control of your system and flash annoying messages on your screen
or destroy your hard disk. When this occurs, you’ll know that you’re a victim. Other
viruses will cause your system to slow down, cause files to disappear from your computer,
or take over your disk space. Many viruses today are spread using email. The infected
system attaches a file to any email that you send to another user. The recipient opens this
file, thinking it’s something that you legitimately sent them. When they open the file, the
virus infects the target system. A botnet is a group of computers that are used to perpetrate
an attack without the knowledge of the authorized user of that computer. The computer is
called a zombie and is controlled by some third- party attacker. A Trojan is malicious soft-
ware that hides in that fun game or screen saver that you just downloaded, and it installs
when you install the innocent-l ooking files. A rootkit is malware that gains access to a
system as administrator, giving it full control over a system. Rootkits are adept at hiding
their presence and so are difficult to eradicate.
A computer user in the accounting department received a phone call from someone who
claimed to be from the company’s bank. They had a partial account number and needed
the user to verify the full account number, their username, and password before they could
discuss the reason for their call with the user. The user said they would call them back,
and the caller on the other end hung up abruptly. They contacted you in the IT department
because it seemed like such a strange call. What kind of attempted attack will you tell them
just happened?
A. Phishing
B. Vishing
C. Whaling
D. Evil twin
B. Vishing, phishing, and whaling are variations of the same type of attack. In all of these,
someone attempts to gain usernames and passwords or other information by intimidation,
coercion, or other means. Then they’ll use that information to attack your company’s sys-
tems. They’re all play-o n- words for fishing. The attacker is casting a line and hoping you
will bite on it. Vishing is using voice calls, phishing uses email, and whaling is phishing for
powerful or wealthy fish (people). An evil twin attack happens when someone plugs an
unauthorized WAP (wireless access point) into your network and gives it the same SSID
(service set identifier) that your valid network has.
Your company allows employees to use their personal devices for company work, because it
will save the company money on hardware. What is this called?
A. BYOD
B. MDM
C. SSO
D. UAC
A. Bring Your Own Device (BYOD) can save companies money on hardware and make
users happy, but BYOD presents a security risk. Mobile device management (MDM) is a
software technology that allows an IT department to retain control over corporate data
while allowing users to use their personal devices. Using MDM, an IT administrator can
restrict the type of data and applications that are used with company information. They
can also wipe all corporate information off a device that is lost or stolen, or if an employee
leaves the company. The purpose of single sign- on (SSO) is to give users access to all the
applications and systems that they need when they log on. Some of the systems may require
users to enter their credentials again, but the username and password will be consistent
between systems. User Account Control (UAC) verifies that someone has the authority to
change a system before making any changes by requiring them to enter an administrator
password for certain operations.
Why is an EOL OS a security threat?
A. There will be no more security updates.
B. There will be no more feature updates.
C. There will be no more company support.
D. The software will stop working on the EOL date.
A. When an operating system is at end of life (EOL), it means that the company will no
longer be supporting the software. That might not be a problem if you’re an expert with
the software and it meets your needs. The security problem arises because an EOL software
will no longer receive security updates, making your network vulnerable to attack. The
operating system won’t magically stop working on the EOL date, and while you won’t get
any new features, that isn’t a threat to security.
What type of malware is dangerous because it is loaded during system startup before the
antivirus software is able to load?
A. Spyware
B. Ransomware
C. Boot sector virus
D. Keylogger
C. When a virus infects the boot sector, Master Boot Record (MBR), or partition table of
a hard drive, it is called a boot sector virus. Boot sector viruses load before the operating
system and security software can load. They may delete or modify files needed to boot
the system, or the system may show no signs of being infected until an antivirus program
is run. Removing the boot sector virus from a system may require booting to a different
Which of the following is not a type of malware that needs to be eradicated from a com-
puter system?
A. Keylogger
B. Virus
C. WinRE
D. Spyware
C. Keyloggers, viruses, and spyware are all types of malware, although anti- malware and
antivirus are often used interchangeably. Windows Recovery Environment (WinRE) is a
tool used to repair problems with the operating system (OS). In addition to other tools such
as startup repair and refreshing the OS, it provides access to a command prompt utility that
can be used to correct problems without booting into the Windows operating system.
You believe your computer has contracted a boot sector virus. Which command- line
tool permits someone to make changes to the operating system without having to boot
up Windows?
A. WinRE
B. RADIUS
C. Administrative tools
D. Active Directory
A. The Windows Recovery Environment (WinRE) in Windows 10/11 provides a command-
line tool (among other tools) that allows the administrator the ability to copy or remove
directories, enable or disable services, write a new Master Boot Record (MBR), format
volumes, and much more. If you have a virus that has infected the boot sector of the hard
drive, the only way to access the system before the boot sector virus loads is to boot to
another drive, either a DVD or a USB that contains either the Windows installation media
or an antivirus. Using the installation media is one way to enter the WinRE. Typically the
system will automatically enter the WinRE if booting into Windows has failed three times
in a row. You can force this to happen by turning the power off as soon as Windows starts
to load, and repeating that until the system boots into WinRE. From the recovery environ-
ment main screen, choose Troubleshoot ➢ Advanced Options ➢ Command Prompt to get to
the command prompt. Here you can enter commands or run antivirus software to remove
a boot sector virus on the other hard drive. RADIUS is an authentication encryption pro-
tocol. Administrative Tools can be found in Control Panel of Windows 10 and is a collec-
tion of commonly used tools. Administrative Tools is not available in Windows 11. Active
Directory is the database and software used to control and manage a Windows domain.
You’re reviewing the Event Viewer logs and notice repeated failed attempts to access the
corporate bank account information. The attempts are coming from someone with a
company login, and in fact, you are able to catch the person, an employee hired only a
month ago, in the act. What type of attack is this?
A. Insider threat
B. Eval twin
C. Whaling
D. Social engineering
A. When someone who is an authorized user on your system attempts to gain access to
something they should not or attempts a malicious act on your computer system, an insider
threat has occurred. An evil twin is when an unauthorized wireless access point (WAP)
appears on your network, using your service set identifier (SSID) and users are able to con-
nect to the network using the unauthorized access point. Whaling is going after a big target
using vishing or phishing. Social engineering is an attempt to acquire information about
your network and system by social means, such as talking to people in the organization,
shoulder surfing, tailgating, or other methods.
Your web server just crashed because there was a flood of responses to a packet that looks
like it was from your server but your server didn’t send it. What just happened?
A. Whaling attack
B. Denial- of-s ervice attack
C. Distributed DoS attack
D. Evil twin attack
B. This is a type of denial- of- service (DoS) attack. Someone spoofs your IP address (mak-
ing it look like you) and sends out requests all at once to multiple hosts who respond to
your IP address. Your server is flooded with those responses and crashes. It’s called a DoS
attack because users who want to use the server for legitimate purposes such as placing an
order are unable to due to all the malicious traffic. Whaling is using phishing to go after
a big target. Distributed denial-o f- service (DDoS) attacks happen when many computers
are used, as in a botnet. An evil twin attack happens when someone plugs an unauthorized
wireless access point (WAP) into your network and gives it the same service set identifier
(SSID) that your valid network has.
A computer user on your network is trying to access a folder named Projects on a local
NTFS volume. Their user account is in the Developers group. The Developers group has
Read & Execute permissions to the folder, and the user’s user account has Full Control.
What is the user’s effective access to the Projects folder?
A. Full Control
B. Read & Execute
C. Read
D. No access
A. In this case, the user has Full Control. When there are conflicting NTFS permissions,
generally they are combined and the most liberal is granted. This holds true for conflicting
permissions between groups or between a user’s account and group memberships. The
exception is Deny, which overrides all other permissions.
You’ve discovered that a system on your network has had its firewall turned off and antivi-
rus disabled. What type of vulnerability does this present?
A. Zero- day attack
B. SQL injection
C. Unprotected system
D. Cross- site scripting
C. This system is vulnerable to attack because it is unprotected. The remedy is to turn on
the system’s software firewall and antivirus protection. Zero- day attacks happen the same
day a vulnerability is discovered and attackers are able to evade antivirus programs because
the antivirus companies have not had the time to respond to the vulnerability yet. A Struc-
tured Query Language (SQL) injection occurs when an attacker puts code into a database
instead of data and the code is executed, giving the attacker access to the data in the data-
base. Cross- site scripting (XSS) is similar to a SQL injection, except it uses a website and
Hypertext Markup Language (HTML) or JavaScript instead of a database. Code is injected
into the website and used to gather data from legitimate- website users because their sys-
tems don’t see the normally trusted website as a threat.
What Active Directory security measure moves a user’s data to a server and off the local
drive so that if a laptop is lost or stolen and someone gains access to it, they won’t have
access to information in the user’s data files?
A. Home folder
B. Security group
C. Organizational unit
D. Login script
A. Using a home folder on an Active Directory server to store the user’s files adds a level of
security because the user’s data is not on the local drive and is less subject to being stolen.
A security group is used to grant permissions to a shared resource. Organizational units are
groupings that can include people, computers, and resources. Group Policies can be applied
to organizational units, ensuring that all computers and users in that group are given the
proper access to resources. A login script is used to automate activities when a user or com-
puter logs into a domain.
You notice that your computer seems to be working more than the normal updating that
it does when you’re not actively using it. It also seems to be running more slowly than
normal. What type of malware, instead of stealing your data, uses your computing power?
A. Spyware
B. Ransomware
C. Keyloggers
D. Cryptominers
D. Cryptominers are malware that want to use your computing power rather than steal
your data. You may notice that the computer is performing more slowly than usual. Spy-
ware is designed to watch what you do and where you go, hoping to gain information such
as logins, passwords, and bank account numbers. Ransomware locks a system in some way
or encrypts data and won’t allow access until the system’s owner pays a ransom. A keylog-
ger is malware that records every keystroke and reports it back to a third party.
Which of the following is not important in preventing malware from damaging your com-
puter system?
A. User education regarding common threats
B. Installing a keylogger
C. Keeping anti- malware signatures up-to-date
D. Keeping operating systems and applications patches up-to-date
B. Installing a keylogger would be installing malware, and exactly the opposite of what
you need to do to keep a system safe. Educating users about the types of malware,
including recognizing them, avoiding them, and what to do with suspicious emails, phone
calls, and so on, is one of the best things you can do to protect a system. Keeping antivi-
rus/anti- malware software up-to-date so that new malware can be detected and keeping
operating systems and applications up-to-date to patch vulnerabilities are key to keeping
malware out.
A user on your network wants to install an interesting browser extension that they found
on a download site neither you nor they have used before. They got a warning before going
to the site but clicked an option to continue. What type of website is this?
A. Spoofed
B. Trusted source
C. Untrusted source
D. Certified
C. This is an untrusted source. Not only have you never used it before, but there is a
problem with the website’s certificate that caused the warning message the user received.
There is no evidence that is it a spoofed site, and clearly it does not have a valid digital cer-
tificate. Digital certificates are issued by certificate authorities who confirm that a website,
person, or company is who they say they are.
As the IT person in a small firm using Windows operating systems, you would like a
window to pop up whenever apps try to make changes to a system and when the user
makes changes to the system so that an administrator password will be required to be
entered. What utility will you use to configure that setting?
A. UAC
B. Windows Defender Firewall
C. Facial recognition
D. Personalization
A. User Account Control (UAC) settings is where you can change when the operating
system requests an administrator password before making changes to the system. The
options range from Always Notify to Never Notify, with Notify Me Only If Apps Try To
Make Changes To My Computer the default. UAC can be found in Windows 11 by going
A friend is considering purchasing an antivirus program. You let them know that there is
one included with the Windows operating system. What settings should they look for in
Windows Settings?
A. Windows Defender Firewall
B. Virus & threat protection
C. Windows Update
D. Device Security
B. In both Windows 10 and 11, a quick search for Virus & threat protection will bring you
to the Windows Settings for that feature. Windows Defender Firewall is a built- in firewall
found in Control Panel. Windows Update, which is in the Settings app, is for keeping the
operating system files patched. Device Security is also found in the Settings app and has set-
tings and information for the security features of your computer, such as the TPM (Trusted
Platform Module) chip.
Your company’s website has been a victim of a botnet attack, causing your server to crash.
What type of attack did the botnet attack cause?
A. Brute- force
B. Zero- day
C. Distributed denial of service
D. Non-compliant system
C. A DDoS (distributed denial-o f- service) attack is caused by a botnet attack. It is a denial
of service because legitimate users are unable to access resources. The distributed part of
the name comes from the fact that there was traffic from many infected computers (zom-
bies) in different locations attacking your server at the same time, known as a botnet. Bots,
by themselves, are but a form of software that runs automatically and autonomously and
are not harmful. Botnet, however, has come to be the word used to describe malicious
software running on a zombie and under the control of a bot- herder. Denial- of- service
attacks— DoS and DDoS— can be launched by botnets, as can many forms of adware, spy-
ware, and spam (via spambots). A brute- force attack uses software to repeatedly try to dis-
cover a password. Zero- day attacks happen the same day a vulnerability is discovered and
are able to evade antivirus programs because the antivirus companies have not had the time
to respond to the vulnerability yet. A noncompliant system is one that is not updated or
complying with corporate security policies.
What type of attack is like a SQL injection, except that it uses a website and HTML or
JavaScript instead of a database, where malicious code is injected into the website (which
is normally trusted by the user), and then used to gather data from the website user’s com-
puter because their systems don’t see the normally trusted website as a threat?
A. Zero- day attack
B. SQL injection
C. Unprotected system
D. Cross- site scripting
D. Cross- site scripting (XSS) is similar to a SQL injection, except that it uses a website and
Hypertext Markup Language (HTML) or JavaScript instead of a database. Code is injected
into the website and used to gather data from legitimate- website users because their sys-
tems don’t see the normally trusted website as a threat. Zero- day attacks happen the same
day a vulnerability is discovered and are able to evade antivirus programs because the
antivirus companies have not had the time to respond to the vulnerability yet. A Structured
Query Language (SQL) injection occurs when an attacker puts code into a database instead
of data and the code is executed, giving the attacker access to the data in the database. An
unprotected system is one that lacks normal measures of security such as a software fire-
wall on the system and antivirus/anti- malware.
Your company has different locations, each with its own management needs, but it wants a
cohesive way to manage all the users, computers, and other resources on the network. What
will you group those users, computers, and resources into that will provide a centralized
point of control for each location?
A. Active Directory
B. Domain
C. Security groups
D. Home folders
B. A domain is a grouping of resources, including people, computers, servers, printers, and
so on, into a single centrally controlled unit. A domain is managed by Active Directory
software. A best practice is to group the users into security groups and establish access to
resources on the group level, which will then give that access to members of the group.
Home folders provide a central place for users’ documents, each with their own home
folder, which gets the documents off the local computer, consolidating security for those
folders into one place.
The company’s vice president just called you in the IT department because they received an
email from you requesting their username and password. The VP didn’t respond because
they thought you should know them already. What kind of attack was just attempted?
A. Phishing
B. Vishing
C. Whaling
D. Evil twin
C. Whaling is an attack on a powerful or wealthy fish (person). Phishing uses email, and
vishing is using voice calls to gain information. Vishing, phishing, and whaling are varia-
tions of the same type of attack. In all of these, someone attempts to gain usernames and
passwords or other information by intimidation, coercion, or other means. Then they’ll use
that information to attack your company’s systems. They’re all play- on- words for fishing.
The attacker is casting a line and hoping you will bite. An evil twin attack happens when
someone plugs an unauthorized wireless access point (WAP) into your network and gives it
the same service set identifier (SSID) that your valid network has.
What is the software used to control access to resources in a Windows domain?
A. Home folder
B. Security group
C. Organizational unit
D. Active Directory
D. Active Directory is the name given to the software and large database that is used to
manage resources on a Windows domain. Using a home folder on an Active Directory
server to store the user’s files adds a level of security because the user’s data is not on the
local drive and is less subject to being stolen. A security group is a grouping of computers
or users that need the same access to resources. Permissions are granted to the security
group and passed on to the members of the group. Organizational units are groupings that
can include people, computers, and resources. Group Policies can be applied to organiza-
tional units, ensuring that all computers and users in that group are given the proper access
to resources.
You’ve been reading about a recent malware that is causing problems for other companies
and want to verify that the Windows built- in antivirus definitions are up-to-date. Where is
this done?
A. Virus & Threat Protection in the Settings app
B. Virus & Threat Protection in Control Panel
C. Windows Defender Firewall in the Settings app
D. Windows Defender Firewall in Control Panel
A. Virus & Threat Protection can be found in the Settings app. There you can see when the
last update was done and run a system scan, among other options.
You are a junior IT administrator, and your supervisor has asked you to ensure that all
workstations have the built-i n Windows firewall activated. Where can you go to do that?
(Choose two.)
A. Firewall & Network Protection in the Settings app
B. Firewall & Network Protection in Control Panel
C. Windows Defender Firewall in the Settings app
D. Windows Defender Firewall in Control Panel
A, D. The Windows built- in firewall can be configured either in the Setting app using
Firewall & Network Protection or in Windows Defender Firewall, which is found in Con-
trol Panel.
Your company has started using a new software in the cloud, but your users are finding
that they can’t use the software. Their computers are running Windows 11. What can you
do to ensure that the software can be used remotely by the employees? (Choose two.)
A. Click Allow An App Through Firewall in the Firewall & Network Protection settings
of the Settings app.
B. Click Allow An App Through Firewall in the Virus & Threat Protection settings of the
Settings app.
C. Add a new rule in the Advanced settings of Windows Defender Firewall, which can be
found in Control Panel.
D. Add a new rule in Administrative Tools in Control Panel.
A, C. The firewall can be configured to allow an application through (or block one)
in both the Firewall & Network Protection settings of the Settings app or in Windows
Defender Firewall’s Advanced settings in Control Panel. The Virus & Threat Protection set-
tings are for configuring antivirus. Administrative Tools is found in Windows 10, not Win-
dows 11, and it doesn’t have settings for the firewall, although it does contain a shortcut to
the Windows Defender Firewall.
Employees in your company work on very confidential projects. All employees have been
instructed to lock their screens whenever they walk away from their computer, even if it
is only for a minute. What key sequence will immediately lock their desktop and require a
password to reenter?
A. Windows Key+X
B. Windows Key+L
C. Windows Key+Right Arrow
D. Windows Key+D
B. Use Windows Key+L simultaneously to lock the Windows desktop. Windows Key+X
brings up the Power menu, which has shortcuts to many often- used tools. Windows
Key+Right Arrow will snap the active window to the right half of the screen, and Windows
Key+D displays the desktop by minimizing all the other apps. These keyboard shortcuts
work in both Windows 10 and Windows 11.
Your employees have all been trained on end- user best practices, including locking their
laptop when they walk away from it. What can be done to ensure that each employee’s
laptop and its data will remain with the company and not fall into someone else’s hands?
(Choose two.)
A. Use a cable lock to secure the laptop to the desk.
B. Use MDM software to wipe the laptop remotely if stolen.
C. Place the laptop in a desk drawer when the employee walks away.
D. Ask a stranger to watch the laptop when they use the restroom at a coffee shop.
A, B. A laptop cable lock uses a special slot on the side of the laptop and a very strong
cable wrapped around something solid, like a desk leg, to secure the laptop to the work
area. A key is used to free the laptop from the cable when you want to take it somewhere.
Mobile device management (MDM) software can be used to wipe a laptop remotely if it is
stolen. Placing a laptop in a desk drawer might get it out of sight, but it is still vulnerable,
and you should never let a laptop out of your sight when you’re in a public place.
You’re setting up authentication for new users of Windows 10 and Windows 11 machines.
Which of the following Windows logon methods requires specific hardware? (Choose two.)
A. Username and password
B. PIN
C. Fingerprint
D. Facial recognition
C, D. Fingerprints and facial recognition are both biometric logins and require a finger-
print reader and camera, respectively. Many laptops come equipped with this hardware,
but not all. Both could be added to a laptop or desktop that is missing the hardware by
connecting them via a USB port. Username and password can also be used, and a personal
identification number (PIN) is used. Windows gives you the option to include letters and
symbols in your PIN, or just numbers.
You’re setting up new users on your network and have let them know that they will need
to change their user password the first time they log in and that it must meet complexity
requirements. Which of the following is not true about password best practices?
A. Password minimum length is eight characters.
B. Longer passwords are better.
C. At least one of each of these should be used: upper- and lowercase letters, numbers,
and special characters.
D. Passwords that are four characters long are okay if they are complex.
D. Passwords should be a bare minimum of eight characters long, and complexity
should be required using at least one upper- and one lowercase letter, number, and special
character. If you must choose between a longer password or a more complex password,
then longer is better.
You’ve just hired a new employee who will be working at a Windows workstation on your
network. You’re helping the user understand what their password should be like. Which of
the following are best practices for passwords? (Choose two.)
A. Enforce password complexity.
B. Passwords should be easy to guess in case you forget, like your dog’s name.
C. Passwords expire after 45 days.
D. Passwords expire after 180 days.
A, C. Password complexity should be enforced. Passwords that are created by the user
are better than randomly generated passwords because the user can remember them easily
without having to write them down, but they should not be something that is easy for
someone else to guess, like the dog’s name or someone’s birthday. Passwords should expire
after a reasonable time, making it more difficult for someone to use a compromised pass-
word. One hundred and eighty days (6 months!) is too long of a time between password
expiration; 45–90 days would be more reasonable.
Your company has a Windows domain managed by a domain controller. Following best
practices, what feature of the domain controller is used to apply permissions to users?
A. Active Directory
B. User accounts
C. Security groups
D. Home folders
C. A domain is a grouping of resources including people, computers, servers, printers, and
so on, into a single centrally controlled unit. A domain is managed by Active Directory soft-
ware. A best practice is to group the users into security groups and assign permissions to
the security groups. Members of the security group will have the access that was assigned
to the group. Home folders provide a central place for the users’ documents, each with
their own home folder on the server. This removes the documents from the local computer,
consolidating security for those folders into one place.
You’re configuring password requirements such as length and expiration for several Win-
dows 11 Pro workstations. What utility can you use on the workstation to configure the
password requirements?
A. Users Accounts in Control Panel
B. Local Users and Groups
C. Administrative Tools
D. Local Security Policy
D. Password policies such as history, password age, length, and complexity can be found
in Local Security Policy ➢ Password Policy. User Accounts in Control Panel is for add-
ing and managing users. You can set the password there, but not the password policies.
Administrative Tools is available in Windows 10, but not Windows 11. Local Security
Policy is in Pro editions of Windows 10 and 11 only, not Home editions.
A user of a computer that you administer on your Active Directory domain has forgotten
their logon password. What can be done to get them back into the system?
A. Reset the password on the local computer.
B. Reset the password on the domain controller.
C. Reinstall the OS and re-c reate their user.
D. Make them a new account with a new username.
B. One of the features of the domain controller and Active Directory is that there is a
central place to control and manage security, including users’ passwords. You can easily
reset their password and allow them to create a new one at next login. Resetting it on the
local computer would not work because they log into the domain. Reinstalling the OS and
making a new username are simply not necessary.
A computer user is setting up a new Windows 11 Home computer for the first time. They
called you because they can’t figure out how to set it up with a local account. What will you
tell them?
A. That option is not available. They must use a Microsoft account.
B. Press F10 during bootup to create a local account.
C. They must switch to the Pro edition if they want to use a local account after setup.
D. Local accounts are never available in Windows 11.
A. When setting up a Windows 11 Home PC for the first time, you are required to use a
Microsoft account. The setup will allow you to create one during setup. Pressing F10 does
not change the type of account you need to set up Windows 11 Home. A local account can
be used whether they have Windows 11 Home or Pro, but when setting up the Home ver-
sion, it must be set up with a Microsoft account. It is possible to add a local account later
and use it to log in to either Windows 11 Home or Pro.
When using a Microsoft account to log in to your Windows 11 computer, which of the fol-
lowing is not true?
A. Your username is your email.
B. There are more recovery options if you use a Microsoft account rather than a local
account to access your computer.
C. You won’t be able to use your computer if your Internet access is down.
D. You can access information stored on OneDrive from another computer if you log in
with your Microsoft account.
C. You will be able to use your computer if you log in using your Microsoft account, even
if the Internet is down. It will just use cached versions of files. All the other options are true.
Your friend wants to change the password for another user who is unable to log into the
PC because they forgot their password. When they try to access User Accounts in Control
Panel, they are unable to access it. What will you tell them?
A. They need administrator access to change or create another user’s account, and they
are only a standard user.
B. They can change it in Local Users and Groups.
C. They need to use the command-l ine utility to change the user’s password.
D. They can’t change the password but they can add a new username for the password
and make that user an administrator so that they can access their data.
A. Administrators have access to everything in the system, but a standard user account is
limited in what they can do. They are not able to add or manage another user’s account, for
example. Nor are they able to access another user’s files. Local Users and Groups is avail-
able in Pro or greater editions, but a standard user still won’t be able to manage users there.
You are disposing of used hard drives, and a network administrator recommends
performing a low-l evel format. What is the difference between a low- level format and a
standard format?
A. Low- level formats are performed at the factory, and standard formats are performed
using the format command.
B. Standard formats are performed at the factory, and low- level formats are performed
using the format command.
C. A modern low- level format fills the entire drive with zeros, returning it to factory
mode. A standard format creates the file allocation table and root directory.
D. A standard format records the tracks and marks the start of each sector on each track.
A low- level format creates the file allocation table and root directory.
C. What is known as a low-l evel format now (also called a zero-f ill) is drastically different
than it was years ago. The intent is the same, though, and that is to erase all data on the
hard drive so it’s not recoverable. Technically, the low- level format needs to happen first.
Then the drive is partitioned, creating one or more sections, and a standard format is used
to create the file allocation table and root directory.
You have been instructed to destroy several old hard drives that contained confidential
information, so you take them to a local company that specializes in this process. The IT
director wants confirmation that the drives were properly destroyed. What do you need to
provide him with?
A. Hard drive fragments
B. Photos of the destroyed hard drives
C. A notarized letter from the disposal company
D. A certificate of destruction
D. A certificate of destruction (or certificate of recycling) may be required for audit pur-
poses. Such a certificate, usually issued by the organization carrying out the destruction, is
intended to verify that the asset was properly destroyed and usually includes serial num-
bers, type of destruction done, and so on.
You work for a bank whose policy is to physically destroy, rather than recycle, hard drives
that are no longer needed. Which of the following is not a physical destruction method for
hard drives?
A. Incinerating
B. Drilling
C. Zero- filling
D. Shredding
C. Zero- filling a drive will make data that was once on the drive unreadable, but it is not
a physical destruction method. Methods of physical destruction include drilling, shredding,
degaussing, and incinerating.
A friend is getting overwhelmed with the number of passwords they need to remember and
has been writing them down, but the passwords aren’t very complex, and your friend has
used the same ones on several sites. You offer to help them. What will you do?
A. Clear their browser cache.
B. Clear their browsing data.
C. Update their certificates.
D. Install a password manager.
D. A password manager is software that uses algorithms to generate secure passwords.
The passwords are encrypted in the software manager. The user only needs to remember a
single password to access the password manager, not all the other passwords. Most pass-
word managers will use two-f actor authentication to allow the user to log in and change
any passwords. Websites that you access are stored in a cache on your computer so that the
next time you visit the website, it will only download the changes and make websites load
much more quickly. If a website you visit isn’t updating properly, clearing the cache should
resolve the issue. Certificates are issued by a certificate authority and prove that the website
(or person) is who they say they are. A browser may warn you or block your access to a
website whose certificate is expired or invalid.
You work for a company that is trying to be green. They want to repurpose their old PCs
by giving them to a charitable organization rather than destroying or recycling them. What
should you do before you give them away? (Choose two.)
A. Wipe all drives.
B. Restore the computer to its factory default condition.
C. Create a new user for the charity and delete your user.
D. Delete users and all their files and leave a generic administrator account active.
A, B. Before you give a computer to someone else, you will certainly want to remove
all of your data from it. The best way to do this is to zero- write (also called a low- level
format) the drive, then restore it to its factory default condition. This can often be accom-
plished with a utility provided by the computer manufacturer, or in Windows, by using
options in WinRE.
You’re donating a Windows 10 PC to a charity, but first want to remove all your data and
restore the PCs OS to a factory install. You’ve booted into WinRE. What does Microsoft
call the recovery option to reinstall the OS and delete all user files and data?
A. Refresh Your PC
B. Reset Your PC
C. Restore Your PC
D. Repair Your PC
B. Choosing Reset Your PC will give you two options. You can choose to keep your
personal files but remove apps and settings, or remove everything, including your files, and
perform a fresh installation.
You are setting up a Windows 11 Pro computer that will house data shared by many peo-
ple. How will you establish security for this group?
A. Use the Local Users and Groups app to create groups such as Accounting, Office, and
so on. Then set up permissions for each group on shared files. Add and remove users
to the group as needed.
B. In Control Panel, User Accounts, make all users administrators so they can do what
they need.
C. Use the Local Users and Groups app to create groups such as Accounting, Office, and
so on. Then set up permissions for each person on the shared files. Add users to the
groups just for organizational purposes.
D. Groups are only used on servers, so set up each person with their specific NTFS per-
missions on the shared data folders.
A. Option A, use the Local Users and Groups app to create groups, set up permissions for
each group on shared files, then add users to the group as needed, is considered a best prac-
tice. By arranging security in this way, when someone changes jobs, leaves the company, or
joins the company, all you need to do is remove the user from the group and/or add them
to the group with the security access that they need. This process saves on human error as
there is just one place that security is set up (for the group) instead of establishing the set-
tings for each individual user. Local Users and Groups is available in Pro or better versions
of modern Windows operating systems.
You’re providing system training to a new employee, and they want to know where they
should keep their password. What will you tell them? (Choose two.)
A. Write the password on a sticky note attached to the bottom of their keyboard.
B. Passwords will be saved in password manager software, and multifactor authentica-
tion is used for network access.
C. Tape the password to the monitor so they can see it.
D. They need to memorize their password and not write it down.
B, D. One of the best things you can do to protect a network is to train employees on how
to handle IT information and events. All too often users put their passwords where they are
easy for them to find, but they are also too easy for someone with malicious intent to find.
Passwords need to meet complexity requirements but be simple enough for a user to under-
stand. Other tools for securing passwords are to use password management software and
multifactor authentication. Windows Credential Manager and macOS Keychain are two
utilities that can manage passwords for users. Credential Manager is not on the CompTIA
A+ objectives, but Keychain is.
Which of the following are best practices for managing user accounts? (Choose two.)
A. Restrict user permissions.
B. Restrict login times.
C. Enable the Guest account.
D. Give all users administrative access.
A, B. Following the principle of least privilege, users should be given only the access that
they need and nothing more. If a user needs to read files but not change them, then they
should be restricted to reading those files only. Sometimes even the most careful users can
make changes that they did not intend. If a user works only Monday to Friday, then they
should not be able to log in on the weekend. Having their login available gives a hacker
one more way to get into your system. The Guest account is disabled by default and should
remain disabled. Even administrators should have a standard user account that they will
use unless they are doing something that requires administrative access. Then they would
only log on as an administrator while doing that activity.
Workers have been instructed to lock their computers whenever they walk away from them,
but as you walk around the company, you notice computers unlocked and no one sitting
there. What is the best solution to mitigate this problem? (Choose two.)
A. Fire people who won’t lock their computer.
B. Enforce screen saver locks after a short time of inactivity.
C. Train users on the importance of locking their PC.
D. Set the PC to shut down after 2 minutes of inactivity.
B, C. Configuring all the computers to lock the screen saver after a short period of inac-
tivity would help to mitigate the problem. If a user was still at their desk but doing
something else, they could easily enter their password and log in again. Training employees
on network and data safety is always helpful. Firing them would be a very drastic measure,
but depending on the environment, it might be the company policy. Setting the PC to shut
down after 2 minutes of inactivity is also a bit drastic, and you wouldn’t want to risk losing
whatever the employee was working on. Locking the screen saver can be just as effective.
Data encryption has been established for data that travels across the network, but you work
in a secure environment and want to encrypt all the data on users’ storage drives, including
laptop drives, to prevent dissemination of information if the drives are compromised or
stolen. Which of the following would not be a good solution to encrypt this data- at- rest?
A. Use EFS and let the employee choose what to encrypt.
B. Use a third-p arty encryption solution.
C. Use MDM software.
D. Use BitLocker on desktop systems.
A. Data- at- rest is any data that is sitting on a drive somewhere. It’s not moving between
network locations, but it needs to be protected. Letting the employee choose what to
encrypt with EFS is not a good solution because it opens too much possibility for human
error. There are third- party companies that specialize in protecting data- at- rest. Other solu-
tions are to use MDM (mobile device management) software. Using MDM, the IT admin-
istrator can enforce encryption on remote devices, even those owned by employees who are
using their personal devices for company business. If the device is lost or stolen, company
data can be wiped from it using MDM software. BitLocker is a solution for encrypting
entire hard drives, but it requires Pro or higher editions of both Windows 10 and 11 and a
TPM (Trusted Platform Module) chip or module on the motherboard. BitLocker stores an
encryption key in the TPM, and the TPM will only allow access to the key when the com-
puter started as expected.
You have a new smartphone that can authorize a transaction by using your phone’s camera
while you are simply looking at it. What is this technology called?
A. Pin code
B. Fingerprint scanner
C. Device encryption
D. Facial recognition
D. Facial recognition and fingerprint readers are available on an increasing number of
smartphones and mobile devices. Facial recognition uses your cell phone’s camera, sensors,
and a dot projector to make a 3D map of your face. The phone then uses that 3D map to
recognize you for future transactions. Pin codes are a number that you enter to gain access.
Fingerprint scanners require that you touch a spot repeatedly to set up. Once the device has
a map of your fingerprint, you can use your finger to log in or authorize certain transac-
tions. Device encryption is not a method of identifying the user.
Which method of logging into a mobile device may make it easy for someone to guess your
password based on marks left by the oils in your skin?
A. Facial recognition
B. Fingerprint
C. Pattern
D. Swipe
C. Some mobile devices allow the user to draw a pattern on the screen that is recognized
by the device, then the user is allowed access. The problem with using this security device
is that, because the pattern is repeatedly drawn on the screen, someone may see the oils left
behind by your skin and be able to figure out the pattern that is drawn. Facial recognition
uses the mobile device’s camera to make and store a 3D map of your face. To gain access to
the device, the camera reads your face again and compares it to the stored image. Finger-
print readers compare your fingerprint to one stored on the device for access. With a swipe
lock, the user merely swipes across the screen to unlock it.
Which of the following is the least secure way to access a mobile device whose screen
is locked?
A. Facial recognition
B. PIN code
C. Swipe
D. Pattern
C. Most mobile devices will lock after a period of inactivity. For some, merely swiping
across the device will unlock it. Since this can be done by anyone, it isn’t secure. Facial rec-
ognition is a biometric (something that you are) type of identification, so it is quite secure
depending on the software that is used to recognize the face. PIN codes and patterns are
something that the user must know, and although a hacker may figure them out, they’re
still more secure than merely swiping across the device.
You just installed a security camera that communicates on port 4150. The video camera is
connected to your SOHO router. With the camera set up, you can view the video stream
from your computer that is on the same SOHO router, but not remotely on your phone or
another computer. What did you forget to do?
A. Configure port forwarding on the router.
B. Close port 4150.
C. Connect the camera to the router.
D. Disable the firewall.
A. Since the camera communicates over port 4150, the port would need to be open and
port forwarding configured so that your remote connection can access the camera, through
the router, using that port. You know that the camera is properly connected to the router
because you can access the video stream on it from a computer connected to the same
router. Disabling the firewall should not be done because the firewall is a vital part of your
network’s security.
You are installing a SOHO router and a wired network for a small office. The manager is
concerned that employees will visit websites with objectionable material. Which feature
should you look for in a router to help prevent such access?
A. Content filtering
B. Disabling ports
C. VPN access
D. Port forwarding/mapping
A. Content filtering is the process of blocking objectionable content from either websites
or email. Many routers and firewalls will provide content filtering services. In many cases,
a reference service is used to block websites, and filters can be implemented to scan emails
for prohibited content. Disabling ports stops traffic from entering the network. It does not
filter for content. VPN access means that a user can access the network remotely just as if
they were sitting in the office. Port forwarding/mapping is used when you need traffic on a
particular port to go to a particular network device. It is often used for gaming and secu-
rity cameras.
Your office is in a building with several other companies. You want to configure the
wireless network so that casual users in the building are not able to easily see your network
name. What should you do to configure this?
A. Enable WPA3.
B. Enable MAC filtering.
C. Disable SSID broadcasts.
D. Reduce radio power levels.
C. One method of “protecting” the network that is often recommended is to turn off the
SSID (service set identifier) broadcast. The SSID is the name of your network. The access
point is still there and can still be accessed by those who know of it, but it prevents those
who are looking at a list of available networks from finding it. This should be considered
a weak form of security because there are still ways, albeit a bit more complicated, to dis-
cover the presence of the access point besides the SSID broadcast. WPA3 is a secure Wi- Fi
encryption standard. MAC (Media Access Control) filtering allows or denies access to the
network based on the MAC address associated with a NIC (Network Interface Card).
You’re changing some configuration settings on your SOHO router and notice that WPA3
is not available. What might you be able to do to resolve this issue?
A. Configure port forwarding.
B. Configure content filtering.
C. Update the SSID.
D. Update the router’s firmware.
D. Just like computers, routers occasionally need their software updated to add new fea-
tures or correct security holes. On a router this is called a firmware update because it is
updating software that is embedded in chips on the router’s circuit board (i.e., the router’s
firmware). Port forwarding will send traffic for a specified port number to a specified com-
puter. Content filtering inspects packets for specified content and rejects or allows packets
to enter or leave the network based on those criteria. The SSID (service set identifier) is the
name of the network.
Which of the following are very fast and very secure ways to access your mobile device?
(Choose two.)
A. PIN code
B. Fingerprint scanner
C. Swipe
D. Facial recognition
B, D. Facial recognition and fingerprint readers are available on an increasing number of
smartphones and mobile devices, and they can identify you faster than you can enter num-
bers on a screen. Facial recognition uses your cell phone’s camera, sensors, and a dot pro-
jector to make a 3D map of your face. The phone then uses that 3D map to recognize you
for future transactions. Fingerprint readers can use capacitive, optical, or ultrasonic sensors,
but regardless of the method, they make a map of your fingerprint and, like facial recog-
nition, compare that map to your body. With either one you can gain access to a device
or authorize a transaction in about one second. PIN codes are a number that you enter to
gain access. They can be entered quickly but can also be guessed, so they’re not as secure as
biometrics (fingerprint scanning and facial recognition). Using a swipe to unlock a mobile
device is fast but not secure.
You’re setting up a SOHO network that uses DHCP but would like the IP address for a
printer to remain consistent. What will you configure on the router to achieve this?
A. DHCP scope
B. DHCP reservations
C. APIPA scope
D. Loopback address
B. Configuring a DHCP (Dynamic Host Configuration Protocol) reservation means that
you’re setting aside a particular IP address to be used only with a specific device. That IP
address is then not one of the addresses that the DHCP server can assign to workstations
attempting to connect to it and be given an IP address. The DHCP scope is the range of
IP addresses that can be assigned, such as 192.168.1.100 to 192.168.1.199, which would
yield 100 private class C IP addresses. There is no such thing as an APIPA scope. An APIPA
(Automatic Private IP Addressing) address is not configured on a router, or anywhere. It
is an address in the 169.254.x.x range and is generated by an operating system when it is
unable to reach a DHCP server. The loopback address, 127.0.0.1 for IPv4 or ::1 for IPv6, is
a number used to test TCP/IP on the local machine.
What method of securing a mobile device requires entering a series of numbers?
A. PIN code
B. Fingerprint scanner
C. Pattern
D. Facial recognition
A. PIN codes are a number that you enter to gain access to a mobile device. Fingerprint
scanners and facial recognition systems are biometrics, meaning that they use a part of your
body to identify you. Once a 3D map of the face or finger is made, that map is compared
to a new one generated when you touch the screen or look into the camera. If they match,
access is granted. Drawing a pattern on the screen is sometimes used.
You’ve been using a drawn pattern on your phone to unlock it for some time, and now it
simply won’t work. What might quickly resolve this issue? (Choose two.)
A. Clean the screen.
B. Wipe the phone and do a factory reset.
C. Restart the phone.
D. Use your Google credentials to gain access.
A, C. Oils on your skin can be left behind on the screen and cause it to not recognize a
pattern or fingerprint. Cleaning the phone may help. If that doesn’t work, another quick
solution is to restart the phone, then try the pattern again. The other two options will
take longer. If it is an Android phone and you still can’t access it, you may be able to use
your Google credentials to access the phone if you are logged into Google on the phone.
Performing a factory reset would be akin to giving up and starting over.
You own a small company with a SOHO router and a web server that is used to sell your
products. You don’t want the IP address of your web server to change, so you’ve paid the
ISP for a specific IP address that is yours and will not change. What would you configure
on your router for your ISP connection?
A. Dynamic WAN IP
B. Static WAN IP
C. UPnP
D. Screened subnet
B. On your router you would configure a static WAN (wide area network) IP address. That
is the address that the ISP (Internet service provider) has assigned to you. Usually the ISP
uses dynamic addressing, and your WAN setting would be Dynamic WAN IP, so having a
static WAN IP generally involves higher fees paid to the ISP. UPnP (Universal Plug and Play)
is a protocol that lets devices find and communicate with each other on your LAN (local
area network) such as your laptop and your printer. Unfortunately, UPnP could also be
used by malware to spread to other devices on your network. A screened subnet uses one
or more routers to create a separate area on a network where servers, such as a web server,
can be accessed from either inside the LAN or from the Internet. It provides greater security
and protects the LAN.
What is the protocol that allows devices on your LAN, such as your laptop and printer, to
find each other?
A. WPA3
B. WPA2
C. PIN
D. UPnP
D. UPnP (Universal Plug and Play) is a protocol that lets devices find and communicate
with each other on your LAN (local area network), such as your laptop and your printer.
Unfortunately, UPnP could also be used by malware to spread to other devices on your
network. WPA3 (Wi- Fi Protected Access version 3) and WPA2 are wireless networking
encryption protocols. A PIN is a personal identification number used to authenticate to a
computer system.
You are configuring a new SOHO router that replaced a failed one. Your network has a
mixture of devices purchased several years ago and newer ones purchased in 2022. Which
of the following encryption options should you choose?
A. WPA3
B. WPA2
C. WPA2/WPA3
D. WEP
C. WPA3 (Wi- Fi Protected Access version 3) is the newest and most secure wireless encryp-
tion protocol for your SOHO router, but the devices that you’ve had for a few years might
not be able to work with it. For the time being, until those legacy devices can be replaced,
it’s best to use the WPA2/WPA3 mixed mode so that all your devices can connect to the
network as securely as possible. WEP (Wired Equivalent Privacy) should no longer be used
because it is not secure. Also, it is not listed in the CompTIA A+ exam objectives.
You perform very confidential work as a government contractor, and you work from home.
Your contract specifies that the only external computers your computers can communicate
with are the government computers involved in the project. What can you configure on
your router to block all other computers from communicating with your network?
A. IP address filtering
B. Untrusted sources
C. Hashing
D. Port filtering
A. Configuring IP filtering enables you to set which IP addresses are allowed to commu-
nicate through your router and which are not. Untrusted sources are websites that your
browser has deemed suspicious or dangerous, and it warns you of such. Hashing is the act
of translating a character string into code. Port filtering is a way of allowing or denying
access to a network based on the port number in the packet. Filtering router traffic by port
is also an excellent security practice.
Your company has decided to allow users to use their own devices for company business.
This decision will save the company money on hardware. To use their personal devices,
the company will require that employees sign an agreement. What would this agreement
be called?
A. BYOD policy
B. MDM policy
C. Cell phone policy
D. Remote work policy
A. A company may have many policies and procedures that employees must agree to as a
condition of employment. Two of the most common ones are an acceptable use agreement
(AUP) and bring-y our- own- device (BYOD) policies. Acceptable use policies define what
you can and can’t do with company technology, and the consequences if the policy is
violated. The BYOD policy describes the conditions for an employee using their own
device for company business. This likely includes that the company will use mobile device
management (MDM) software to secure the company information on the user’s device.
Your iPhone requires a passcode to unlock it. Because of recent phone thefts around your
office, you want to set your phone so that all data is destroyed if incorrect passcodes are
entered 10 times in a row. Which feature allows you to do this?
A. Failed login attempts restrictions
B. Screen locks
C. Remote wipes
D. Locator applications
A. Failed login attempt restrictions will destroy all local data on the phone if incorrect
passcodes are entered 10 times in a row. While this is recommended for users with phones
that contain sensitive data and that are frequently taken into public venues or placed in
compromising positions, the casual user should not turn on this feature unless they can be
sure there will always be a recent backup available.
You turned your back for a minute in the coffee shop and your mobile device is missing.
Which one of the following is not a way to achieve a remote wipe on a mobile device?
A. Exceeding failed login restrictions
B. Using Google Find My Device or Find iPhone app
C. Using MDM software
D. Disabling guest access
D. Exactly how to wipe your device depends on the device. If you have configured failed
login restrictions on your device, then after the prescribed number of failed attempts, the
device will either lock or, in the case of an iOS device, 10 failed tries will cause the device
to be erased. For Android devices you can use Google Find My Device to remotely wipe it,
You are setting up a router and network for a SOHO business. The router has wired
and wireless connections. Which of the following is not a method for securing the router
and network?
A. Place the router in the kitchen area for easy access.
B. Disable any guest accounts on the network. If guests need access, set up a separate
VPN for them.
C. Ensure that the Wi- Fi signal doesn’t extend beyond the required area, and if it does,
lower the power of the Wi- Fi signal.
D. Place the router in an area that can be locked.
A. A kitchen is one of the worst places for a router to be. First, there will be EMI
(electromagnetic interference) from appliances like refrigerators and microwaves, which
will interfere with the wireless signal and if they’re too close to the router or wires, they
could interfere with the wired signal, too. Second, having easy access to the router might be
good for the IT person, but it’s a terrible idea for security. For physical security, place the
router in a room or an enclosure that can be locked and out of reach of people passing by.
Any guest access or guest accounts should be disabled. If your company is one that needs
to have Wi- Fi available for visitors, put it on a separate VLAN (virtual LAN) so that your
network isn’t exposed to those connections. For Wi- Fi routers, take a walk around with a
Wi- Fi meter and ensure that the signal doesn’t extend into areas where it should not be. If it
extends too far, you may need to turn the power down or possibly move the router.
There seems to be a great deal of interference on your wireless network. You determine that
it’s due to the network in the office next door. What should you do to keep your network
safe and reliable? (Choose three.)
A. Change the channel your router uses.
B. Turn your Wi- Fi signal power to maximum power to drown out theirs.
C. Turn your signal power down to decrease interference.
D. Try moving the router or using a different band.
A, C, D. While the interference is usually more of an annoyance than a problem, hav-
ing your wireless network easily accessed by others is a security issue. If you change the
channel so that your Wi-F i and theirs are on different channels, there will be less inter-
ference. Turn your signal power down to keep your Wi- Fi signal inside your office. If the
offending network is already interfering with your Wi- Fi signal, turning up the power on
your router’s Wi- Fi signal might make it worse because there would be more crossover bet-
ween your network and theirs. You could also try moving the router to an area with less
interference. Finally, try using a different band to avoid interference. If you’re using the
5 GHz band, try using the 2.4 GHz band instead if devices support it. Some environments
employ a process called channel hopping (changing channels frequently) to avoid packet
sniffing and signal jamming on their wireless networks.
A user needs to download a new video card driver for their HP laptop. They find the driver
on the HP site and ask you if they can download it. The HP site is an example of what?
A. Part of an access control list
B. An authenticator website
C. A trusted software source
D. An untrusted software source
C. There are trusted software sources that you know and work with all the time (such
as Microsoft, HP, or other manufacturers’ websites) and there are untrusted sources, and
you should differentiate between them. Don’t use or let your users use untrusted software
sources. Generally, common sense can be your guide, but there are “safe lists” of trusted
software vendors from authoritative watchdog companies such as Comodo.
You are planning a wireless network for a small office. Which of the following is a good
rule of thumb when considering access point placement?
A. Place them in walls or ceilings for protection.
B. Place them near metal objects so the signal will reflect better.
C. Place them in the center of the network area.
D. Place them at the edge of the network area and focus them in the proper direction.
C. There isn’t any one universal solution to wireless access point placement; it depends a
lot on the environment. As a general rule, the greater the distance the signal must travel,
the more it will attenuate, but you can lose a signal quickly in a short space as well if the
building materials reflect or absorb it. You should try to avoid placing access points near
metal (which includes appliances) or near the ground. They should be placed in the center
of the area to be served and high enough to get around most obstacles. Note that of all
current 802.11 standards, only 802.11ac and 802.11ax offer directional antennae. All other
standards are omnidirectional, meaning that the signal transmits in all directions.
You receive an email from an overseas bank notifying you that a relative has left you a
large sum of money. You need to respond with your bank routing information so they
can electronically transfer the funds directly to your account. What is this most likely an
example of?
A. Phishing
B. Ransomware
C. Spoofing
D. Whaling
A. Social engineering is a process in which an attacker attempts to acquire information
about your network and system by social means, such as talking to people in the organiza-
tion. A social engineering attack may occur over the phone, by email, or in person. When
the attempt is made through email or instant messaging, it is known as phishing, and it’s
often made to look as if a message is coming from sites where users are likely to have
All of the following are methods to keep your mobile device safe except for one. Which
one is that?
A. Use a swipe to unlock a mobile device.
B. Accept and install OS updates as soon as possible.
C. Install antivirus/anti- malware.
D. Use a remote backup application to safeguard your data in the event that you must
wipe your phone.
A. Using a swipe to unlock a mobile device does not protect your device or your data. At
the very least, using a PIN (personal identification number) is far safer than using a swipe
to unlock a mobile device. Keeping operating systems up-to-date to plug any vulnerabilities
is very important. All devices should have some form of antivirus, even if it is one that is
built into the operating system. Make sure that you are using a remote backup application
to ensure that if your mobile device is lost or stolen and you must remotely wipe all the
data, you will be able to download it to a new device.
Your wireless network has been working just fine, but today you’re flooded with calls
that employees can’t access the network. You suspect that an unhappy employee who was
recently fired is perpetrating a DoS attack by causing network interference. Which of the
following might temporarily solve the problem?
A. Set your router to use a different channel.
B. Have everyone log off their computers and back on.
C. Reset the router.
D. Restore the router to factory defaults.
A. It doesn’t take much to perpetrate a DoS (denial- of- service) attack on a wireless net-
work. Someone nearby could use a Wi- Fi analyzer to determine what channel you’re using
and bombard that channel with interference, bringing your network to a halt. Changing
the channel would provide a temporary fix. Use a Wi- Fi analyzer to find a less crowded
channel and switch to that one. You don’t want to reset your router to factory defaults.
That wouldn’t solve the problem and would just make more work for you.
Your data center recently experienced a theft of a server from the rack. Which security
mechanism would protect servers from future theft?
A. Security token
B. Server lock
C. Key fob
D. Firewall
B. It’s a bold move to try to steal a server. But a server lock or locks on the rack door
would stall future theft attempts. A key fob is a type of hard security token. A security
token is something you have that authenticates who you are. A firewall can be a software
or hardware device that is used to filter traffic on a network.
A user is complaining that they have so many ads popping up on their screen when they are
doing Internet research that they can’t get their work done. What can you configure in their
browser to mitigate this problem?
A. Private- browsing mode
B. Pop- up blocker
C. Password manager
D. Certificate
B. Pop- up blockers are available in virtually every browser to stop those annoying ads
from taking over your screen. Look in the settings for the browser. Private- browsing mode,
or incognito mode, will avoid keeping your browsing history or cookies, and keep your
activities from being seen by others on the same Wi- Fi or later by another user of the
device. Password managers provide a single login for you and are able to generate unique
and complex passwords for all the sites that you use.
You work as a contractor for a government entity that requires proof of data destruction
when decommissioning old hard drives and computers. What is the best way to do this?
A. Hire a third- party vendor to do the destruction and provide a certificate of destruction
and recycling.
B. Have the recycling center give you a receipt for the drives.
C. Destroy them within your company and show pictures of the destroyed drives.
D. Zero- write all the drives.
A. Data destruction contractors (third- party vendors) can be certified by groups such as
NAID (National Association for Information Destruction) or can show that they follow
government rules (such as HIPAA, in the United States) for data destruction. They can pro-
vide proof of destruction, which would be difficult to do on your own. Once you drop a
drive off at a recycling center, you have no idea where that drive or its data may end up.
While you could destroy the data on your own either physically or logically, it would be
better to have a third- party vendor certify to the data destruction.
What type of technology used in security devices requires bringing a smartcard or ID close
to but not touching a card reader to gain access to an area?
A. Access control vestibule.
B. Key fob.
C. Biometrics.
D. RFID.
D. Radio frequency identification (RFID) devices use a reader to access information on
a special tag that can be on a smartcard. The information can be used to allow or deny
access to a secured area or device. RFID is also often used for inventory and fixed asset
management. An access control vestibule is an area between two doors that is often used to
prevent tailgaiting. A key fob is a type of hardware token; a hardware device that a person
carries to identify the user. Biometrics are devices that use a part of a person’s body to iden-
tify that person such as a face, palm, or fingerprint reader.
