CompTIA A+ Core 2 Practice Test Flashcards
An administrator uses a method that uses simultaneous authentication of equals (SAE) instead of the 4-way handshake. What is this method?
AES
MFA
TKIP
WPA3
WPA3
Wireless protected access (WPA3) uses passphrase-based group authentication of stations in private mode; it changes the method by which this secret is used to agree with session keys. The simultaneous authentication of equals (SAE) protocol replaces the 4-way handshake.
Multifactor authentication (MFA) allows the machine to establish a trust relationship and create a secure tunnel to transmit the user credentials or perform smart card authentication without a user password.
Temporal key integrity protocol (TKIP) tries to mitigate the various attacks against WEP developed by producing a new 128-bit encryption key for every packet sent on the network.
Advanced encryption standard (AES) is the standard encryption used by WPA2 and the strongest encryption standard to use by Wi-Fi.
What type of malware attack designates the victim’s computer to mine digital currency?
Trojans
Spyware
Cryptominer
Viruses
Cryptominer
Cryptominer hijacks the resources of the host to perform cryptocurrency mining. Cryptomining is often performed across botnets which are also referred to as cryptojacking.
Spyware is malware that can perform browser reconfigurations, such as allowing tracking cookies, changing default search providers, opening arbitrary pages at startup, adding bookmarks, and so on.
Viruses are concealed within the code of an executable process image stored as a file on a disk.
Trojans are malware concealed within an installer package for software that appears to be legitimate. The malware will be installed alongside the program and executed with the same privileges.
A software company hires a new app developer. The corporate network denies access when the developer tries to connect their phone. Why would the network deny access from the developer’s mobile phone?
Sluggish response time
App spoofing
Developer mode
High network traffic
Developer mode
The developer’s phone is in developer mode. The company’s Mobile Device Management (MDM) system blocks access to the network because developer mode can be used to install bootleg apps.
High network traffic is a bandwidth utilization issue; it would not cause access to the network to be denied.
App spoofing is when a malicious app will typically spoof a legitimate app by using a similar name and fake reviews and automated downloads to boost its apparent popularity.
Sluggish response time on a mobile device could be caused by malware, too many open apps, and a low battery charge, among other things. It would not cause the device to be denied network access.
A client administrator for a video game development company wants to upgrade machines to support five primary partitions. The developers work with a lot of large files and might even need partitions larger than 2 TB. Which of the following should the administrator use?
APFS
MBR
GPT
NTFS
GPT
One of the features of GPT is support for more than four primary partitions. Windows allows up to 128 partitions with GPT. GPT also supports larger partitions (2 TB+) and a backup copy of the partition entries.
An OS must be installed to a partition formatted using a compatible file system. For Windows, this means using the New Technology File System (NTFS).
The master boot record (MBR) partition style stores a partition table in the first 512-byte sector on the disk.
Where Windows uses NTFS and Linux typically uses ext3 or ext4, Apple Mac workstations and laptops use the proprietary Apple File System (APFS).
A technician uses filesystem-level encryption on some files that need to be encrypted on their device. What is this called?
EFS
Inheritance
Application security
Port security
EFS
The Encrypting File System (EFS) feature of the New Technology File System (NTFS) supports file and folder encryption. EFS is not available in the Home edition of Windows. The encryption key used by EFS is associated with the username and password.
Port security triggers are based on the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP) port number used by the application protocol.
Application security triggers are based on the process that listens for connections.
Inheritance permission assigned to a folder is automatically inherited by the file and subfolder created under the folder.
A progressive healthcare provider sets up color-filter modes on client machines and tailors them to specific users who are color blind. Where can the healthcare administrator configure this?
Show hidden files
Accessibility
Windows Firewall
Accessibility
Ease of Access settings configures input and output options to best suit each user. There are three main settings groups. In Windows 11, it can be found under the Accessibility heading.
A file or folder can be marked as “Hidden” through its file attributes. Files marked as hidden are not shown by default but can be revealed by setting the “Show hidden files, folders, and drives” option.
Windows Defender Firewall determines which processes, protocols, and hosts can communicate with the local computer over the network.
In Account settings, email & accounts are where sign-in credentials for other accounts can be added, such as email or social networking, allowing quick access.
An administrator uses a method that assigns permissions and rights to a collection of user accounts. What is this called?
ACL
MFA
Least privilege
Security group
Security group
A security group is a collection of user accounts, as it is more efficient to assign permissions to a group than to assign them individually to each user.
Access control list (ACL) allows each access control entry (ACE) to identify a subject and its permissions for the resource. A subject could be a human user, a computer, or a software service.
Least privilege means that a user should be granted the minimum possible rights necessary to perform that job which can be complex to apply in practice.
Multifactor authentication (MFA) means that the user must submit at least two different credentials.
A security administrator is in charge of multiple locations in various countries. The administrator wants to set Coordinated Universal Time (UTC) on a test box to ensure logging is standardized. In Windows, where can the administrator set this?
Personalization
Time and Language
Internet Options
Privacy
Time and Language
The Time & Language settings page sets the correct date/time and time zone. Keeping the PC synchronized to an accurate time source is important for processes.
The Personalization settings allow users to select and customize themes, which set the appearance of the desktop environment.
Privacy settings govern what usage data Windows is permitted to collect, what device functions are enabled, and for which apps.
The Internet Options Control Panel applet exposes the configuration settings for Microsoft’s Internet Explorer (IE) browser. The Security tab restricts what types of potentially risky active content are allowed to run.
A vulnerability manager investigates their mobile environment for overall risk posture and starts with identifying legacy systems. Who determines when an Android version is at the end of life?
Microsoft
Apple
Vendor
Vendor
End-of-life policies and update restrictions for particular handsets are determined by the handset vendor rather than the overall Android authority.
Android is a smartphone/tablet OS developed by the Open Handset Alliance, primarily driven by Google. However, vendors can make their versions as well.
Microsoft has their cell phone, which runs an OS designed to work with a handheld portable device. This type of OS must have a touch-operated interface.
iOS is the operating system for Apple’s iPhone smartphone and original models of the iPad tablet. Like macOS, iOS is also derived from UNIX.
A threat actor uses a technique that instills statements through an unfiltered user response. What is this technique?
SQL injection
Brute force attack
XSS
Dictionary attack
SQL injection
SQL injection attack is when the attacker modifies one or more of the basic functions by adding code to some input accepted by the app, causing it to execute the attacker’s own set of SQL queries or parameters.
Cross-site scripting (XSS) attack exploits the fact that the browser is likely to trust scripts that appear to come from a site the user has chosen to visit.
A dictionary attack is when the software matches the hash to those produced by ordinary words found in a dictionary.
A brute force attack is when the software tries to match the hash against one of every possible combination it could be.
An employee disposes of a disk by grounding it into little pieces. What is this called?
Erasing/wiping
Degaussing
Shredding
Incinerating
Shredding
Shredding is when a disk is put into a mechanical shredder to be destroyed. A mechanical shredder works in much the same way as a paper shredder.
Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a “clean” state, ready to be passed to the new owner.
Degaussing is when a hard disk is exposed to a powerful electromagnet that disrupts the magnetic pattern that stores the data on the disk surface.
Incinerating is when the disk is exposed to high heat to melt its components. It is performed in a furnace designed for media sanitization. Municipal incinerators may leave remnants.
A security engineer researches how to make backup and antivirus apps available to their iOS mobile devices. Where should the apps be pushed?
Business Manager
Security & Privacy
iCloud
Finder
Business Manager
A supervised macOS can be restricted in terms of app installation and uninstallation policies. Corporate apps can be pushed to devices via the Business Manager portal.
By default, macOS will only allow apps to be installed if downloaded from the Mac App Store. To allow the installation of download apps, go to System Preferences > Security & Privacy.
The Finder is the macOS equivalent of File Explorer in Windows. It lets the user navigate all the files and folders on a Mac.
iCloud is Apple’s online storage solution for its users. It provides a central, shared location for mail, contacts, calendar, photos, notes, reminders, and more across macOS and iOS devices.
A Linux server administrator notices a service they do not recognize, although the environment is quite big. They look at the help file for the ksh process, but the documentation seems poor. It does seem to indicate that it provides interactivity, however. What type of program is this?
Backup
Antivirus
Terminal
Updates
Terminal
The shell provides a command environment by which a user can operate the OS and applications. Many shell programs are available with Linux, notably Bash, zsh, and ksh (Korn shell).
Products such as Clam AntiVirus (ClamAV) and the Snort Intrusion Prevention System (IPS) can be used to block varied malware threats and attempts to counteract security systems.
apt-get is a command interface for the Advanced Packaging Tool (APT). APT is used by Debian distributions and works with .deb format packages.
Linux does not have an “official” backup tool. There are plenty of commercial and open-source backup products for Linux, however. Some examples include Amanda, Bacula, Fwbackups, and Rsync.
A spouse plans a surprise birthday party for their significant other. The spouse wants to turn off activity history on their browser to make sure their significant other does not find out the surprise. Where can the spouse do this?
Update and security
Internet Options
Privacy
Personalization
Privacy
Privacy settings govern what usage data Windows is permitted to collect, what device functions are enabled, and for which apps.
The Update & Security settings provide a single interface to manage a secure and reliable computing environment.
The Personalization settings allow the users to select and customize themes, which set the appearance of the desktop environment.
The Internet Options Control Panel applet exposes the configuration settings for Microsoft’s Internet Explorer (IE) browser. The Security tab is used to restrict what types of potentially risky active content are allowed to run.
A Windows administrator wants to learn how to use Linux by installing the Linux subsystem for Windows. What should their version of Windows have on the New Technology File System (NTFS) to support case-sensitive naming and hard links required by Linux?
POSIX
Journaling
32-bit allocation table
Indexing
POSIX
To support UNIX/Linux compatibility, Microsoft engineered NTFS to support case-sensitive naming, hard links, and other key features UNIX/Linux applications require. This is known as POSIX compliance.
When data is written to an NTFS volume, it is re-read, verified, and logged via journaling. In the event of a problem, the sector concerned is marked as bad and the data relocated.
FAT32 is a variant of FAT that uses a 32-bit allocation table, nominally supporting volumes up to 2 TB. The maximum file size is 4 GB minus 1 byte.
The Indexing Service creates a catalog of file and folder locations and properties, speeding up searches.
A server administrator sets up jobs that will copy over files on various servers. They want it to detect if the file was transferred successfully and, if not, resend the file. Which command is optimal for server administrators to perform this task?
move
robocopy
xcopy
copy
robocopy
Robocopy command (or “robust copy”) is another file copy utility. Microsoft now recommends using robocopy rather than xcopy. Robocopy is designed to work better with long file names and NTFS attributes.
The xcopy command is a utility that allows users to copy the contents of more than one directory at a time and retain the directory structure.
The move command provides the ability to transfer files contained in a single directory. It uses a three-part syntax: command Source Destination, where Source is the drive name, path, and name of the files to be moved/copied.
The copy command also allows transferring files contained in a single directory.
A penetration tester conducts the initial reconnaissance phase and is currently targeting externally facing servers for a certain company. Currently, they are trying to enumerate the domain name system (DNS) servers. Which built-in tool will help them perform this?
nano
find
cat
dig
dig
dig is a powerful tool for gathering information and testing name resolution, installed on most Linux distributions. Output is displayed in an answer section and includes the IP address mapped to the domain name.
The find command is used to search for files. This basic syntax is found in a path expression.
cat returns the contents of the files listed as arguments. The -n switch adds line numbers to the output. Often, cat output is piped to a pager (cat | more or cat | less) to control scrolling.
There are numerous text file editors. The Nano text editor is a basic example often preferred by those from a Windows environment.
A customer has opened a ticket for a problem to be fixed, and when the customer opens the ticket, there will be a record that shows what?
Follow up statement
Distractions
Proper documentation
Clarify customer statements
Proper documentation
Proper documentation should be provided so that the customer knows what to expect in terms of supported items, how long incidents may take to resolve, and when they can expect an item to be replaced instead of repaired.
Clarifying statements by asking how the customer expects the work to proceed and when it will be done, and their concerns about the costs and the impact of the work.
Following up with a customer to provide general feedback on what caused the issue, how it was fixed, and assurance that the issue is now fixed and unlikely to recur.
A distraction is anything that interrupts an employee from the task of resolving the ticket.
What uses domain names of components loading on the web page against a vast blacklist?
Browser sign-in
Private browsing mode
Ad blocker
Clearing browsing data
Ad blocker
Ad blockers use more sophisticated techniques to prevent displaying anything that does not seem to be part of the site’s main content or functionality.
Clearing browsing data options are used to delete browsing history. The user can have the browser do this automatically or do it manually.
Private browsing mode disables the caching features of the browser so that no cookies, browsing history, form fields, passwords, or temp files will be stored when the session is closed.
Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices.
A technician configures a method to run some server application from a network and make it accessible to the internet. What is this method?
DHCP reservation
Port forwarding
Disabling unused ports
UPnP
Port forwarding
Port forwarding means that the router requests an internet host for a particular service and sends the request to a designated host on the LAN.
The Dynamic Host Configuration Protocol (DHCP) reservation means that the DHCP server always assigns the same IP address to the host. A user can usually choose which IP address this should be.
Disabling unused ports so that only the enabled services will be enabled. If a service is unused, then it should be accessible. If a port-forwarding rule is no longer required, it should be disabled or deleted completely.
The universal plug-and-play (UPnP) framework sends instructions to the firewall with the correct configuration parameters to allow applications to work.
A customer uses their computer at a café, and an attacker watches the customer typing their login information. What is this called?
Shoulder surfing
Phishing
Vishing
Tailgating
Shoulder surfing
Shoulder surfing attacks are when the attacker learns a password, PIN, or any secure information by watching the user type it.
Tailgating is when entering a secure area without authorization by following closely behind the person allowed to open the door or checkpoint.
Phishing uses social engineering techniques to make spoofed electronic communications seem authentic to the victim. A phishing message might convince the user to perform actions, such as installing malware disguised as an antivirus program.
Vishing is an attack through a voice channel like a telephone. It can be much more difficult for someone to refuse a request made in a phone call than one made in an email.
An IT technician is installing software on a device that inspects network traffic and accepts or blocks traffic based on a set of rules. What is this called?
PIN
Firewall
Swipe
Pattern
Firewall
Firewalls perform the role of filtering allowed and denied hosts and protocols. A basic firewall is configured with rules, referred to as a network access control list (ACL).
Swipe is a gesture that means that access to the device is unauthenticated. Simply swiping across the screen will unlock the device.
Pattern requires the user to swipe a “join-the-dots” pattern. The pattern method has numerous weaknesses.
Personal identification numbers (PINs) are used on most devices to enable screen lock authentication and generate an encryption key. The PIN can act as a primary or backup authentication method.
After starting the computer and signing in, a user notices the desktop takes a long time to load. Evaluate the following Windows operating system problems to determine the one that best diagnoses what could be causing the slowness.
Corrupted registry
Invalid boot disk
Corrupted user profile
Time drift
Corrupted user profile
When a computer starts normally, and a user logs in normally, the desktop is slow to load; a corrupted user file is likely a culprit.
Time drift occurs when the time on the motherboard and the server gets out of sync. Using GPS-synchronized time sources or a pool of internet sources will address time drift.
A corrupted registry likely would prevent the computer from booting, or it would boot to a blue screen of death (BSOD).
An invalid boot disk means the system has failed to boot, which is not true in this scenario.
An IT manager, who is in charge of the client image, considers enabling a data at rest solution. Where can the manager go to enable the built-in Microsoft solution?
Network and Sharing
Programs and Features
System Settings
Devices and Printers
System Settings
The System Settings page in the Settings app presents options for configuring input and output devices, power, remote desktop, notifications, and clipboard (data copying). BitLocker disk encryption is here.
The Devices and Printers applet in the Control Panel provides an interface for adding devices manually and shortcuts to the configuration pages for connected devices.
The Programs and Features Control Panel applet is the legacy software management interface. Users can use it to install and modify desktop applications and Windows Features.
Network and Sharing Center is a Control Panel applet that shows status information.
What uses a 4-way handshake to allow a station to associate with an access point, authenticate its credential, and exchange a key to use for data encryption?
TKIP
WPA3
WPA2
MFA
WPA2
Wi-Fi protected access 2 (WPA2) was designed to fix critical vulnerabilities in the earlier WEP standard. WPA2 used the AES cipher deployed within the counter mode, blocking the changing message CCMP.
Temporal key integrity protocol (TKIP) tries to mitigate the various attacks against WEP developed by producing a new 128-bit encryption key for every packet sent on the network.
Multifactor authentication (MFA) allows the machine to establish a trust relationship and create a secure tunnel to transmit the user credentials or perform smart card authentication without a user password.
Wi-Fi protected Access (WPA3) uses passphrase-based group authentication of stations in private mode; it changes the method this secret is used to agree with session keys.
A technician implements a type of authentication method used on Windows machines that once users are authenticated, they are trusted by the system. What is this method?
Kerberos
RADIUS
TACACS+
TKIP
Kerberos
Kerberos allows a user account to authenticate to a domain controller (DC) over a trusted local cabled segment. Kerberos facilitates single sign-on (SSO).
Terminal access controller access control system plus (TACACS+) is another way of implementing AAA. TACACS+ is often used in authenticating administrative access to routers, switches, and access points.
Remote authentication dial-up user service (RADIUS) is implementing the AAA server when configuring enterprise authentication. Rather than storing and validating user credentials directly, it forwards data between the RADIUS server and the supplicant without reading it.
Temporal key integrity protocol (TKIP) tries to mitigate the various attacks against WEP developed by producing a new 128-bit encryption key for every packet sent on the network.
What ensures that old data is destroyed by writing to each location on a hard disk drive?
Erasing/wiping
Incinerating
Standard formatting
Low-level formatting
Erasing/wiping
Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a “clean” state, ready to be passed to the new owner. This overwriting method is suitable for all but the most confidential data.
The standard formatting tool deletes partitions and writes a new file system that will only remove references to files and mark all sectors as useable.
A low-level formatting tool resets a disk to its factory condition. Most of these tools will now incorporate some sanitize function.
Incinerating is when the disk is exposed to high heat to melt its components. It is performed in a furnace designed for media sanitization. Municipal incinerators may leave remnants.
Which of the following log-in options require a user to touch a device that takes a digital print?
Facial recognition
OU
Fingerprint scanner
Security key
Fingerprint scanner
A fingerprint is a type of bio gesture authentication that uses a sensor to scan the unique features of the user’s fingerprint.
Facial recognition is the bio gesture that uses a webcam to scan the unique features of the user’s face. The camera records a 3-D image using its infrared (IR) sensor to mitigate attempts to use a photo to spoof the authentication mechanism.
Security key uses a removable USB token or smart card. It can also use a trusted smartphone with a near-field communication (NFC) sensor.
An organizational unit (OU) is a way of dividing a domain up into different administrative realms. OUs might be created to delegate responsibilities for administering company departments or locations.
The Instagram app on an Android phone will not launch. Which of the following options could fix the problem?
Software Update
Force Stop
AirDrop
Swiping
Force Stop
If an app fails to launch, first use Force Stop to quit it and try launching again. In Android, open Settings > Apps. Tap an app, then select Force Stop. In iOS, either swipe up or double-tap the physical Home button, then swipe the app up off the screen.
Swiping is a mobile gesture that serves several purposes, such as bringing up the notification bar in Android (swipe down from the top of the screen) and bringing up a list of apps in iOS (swipe up from the bottom).
AirDrop is an iOS feature that allows file transfer between iOS and macOS devices over Bluetooth.
Software Update is an iOS option. The comparable Android option is a System Update.
A company is using a credit card transaction that guarantees both customer’s card data and the company’s system are safe against fraudulent purchases and identity theft. What is this?
PCI DSS
Chain of custody
IRP
Open-source license
PCI DSS
Payment card industry data security standard (PCI DSS) regulations protect credit card transactions from fraud. There are specific cybersecurity control requirements; others mandate “best practices,” as represented by a particular industry or international framework.
An open-source license makes it free to use, modify, and share and makes the program code used to design it available.
An incident response plan (IRP) sets our procedures and guidelines for dealing with security incidents.
A chain of custody form records who collected the evidence, who has handled it subsequently, where they stored it, and must show access to the evidence at every point.
A security administrator for Linux systems in their demilitarized zone wants to ensure only some administrators can perform certain commands. Which of the following is best used to lock down certain commands?
chown
sudo
chmod
rm
sudo
The sudo (superuser do) command allows any account listed in the /etc/sudoers file user to run specified commands with superuser privilege level.
The chmod command can be used to secure files and directories, using either symbolic or octal notation. Only the owner can change permissions.
The command chown allows the superuser to change the owner of a file or directory. Note that this right is reserved to superuser or sudoer.
The rm command can be used to delete files. It can also be used with the -r option to delete directories.
What will block third-party cookies and enable strict tracking protection?
Private browsing mode
Ad blockers
Clearing cache
Pop-up blockers
Private browsing mode
Private browsing mode disables the caching features of the browser so that no cookies, browsing history, form fields, passwords, or temp files will be stored when the session is closed.
Clearing cache is used to delete browsing history. Browsers will maintain a history of pages visited, cache files to speed up browsing, and save text typed into form fields.
Ad blockers use more sophisticated techniques to prevent displaying anything that does not seem to be part of the site’s main content or functionality.
Pop-up blockers prevent a website from creating dialogs or additional windows. The pop-up technique was used to show fake advertisements and security warnings.
What is a type of employee device that must meet the profile that the company requires, and the employee will have to agree on the installation of corporate apps and to some level of oversight and auditing?
COBO
BYOD
COPE
CYOD
BYOD
Bring your own device (BYOD) is a mobile device owned by the employee. The mobile is usually the most popular with employees but poses the most difficulties for security and network managers.
A corporate-owned business only (COBO) device is the company’s property and may only be used for company business.
Corporate-owned, personally enabled (COPE) is when the company chooses and supplies the device and remains the company’s property. The employee may use it to access personal email, social media accounts, and personal web browsing.
Choose your own device (CYOD) is like COPE, but the employee can choose the device they want from a list.
A company has employees sign a document that enforces the importance of protecting the organization from the security and legal implications of employees misusing its equipment. What is this document?
Assigned users
Splash screen
Acceptable use policy
Procurement life cycle
Acceptable use policy
Acceptable use policy (AUP) sets out what someone can use a particular service or resource for.
The procurement life cycle includes approval request procedure changes, determining budgets, identifying a trusted supplier or vendor for the asset, deploying implementations for installing the asset in a secure configuration, maintenance, and disposal of implements.
Assigned users are when hardware assets such as workstations, laptops, smartphones, tablets, and software licenses might be assigned to individual user accounts.
The splash screen is a graphic design element that consists of a window containing an image, logo, and the current version of the software.
The operating system update on a user’s phone fails. The user verifies the phone’s connection to a wall outlet that leads to the office Wi-Fi. Which of the following could be responsible for the update failure?
NFC
WLAN
RADIUS
Metered network
Metered network
Updates may be blocked if a device is connected to a metered network. Additionally, if the operating system update is incompatible with the device model, it may cause the update to fail.
Remote Authentication Dial-in User Service (RADIUS) is a protocol used to manage remote and wireless authentication infrastructures.
Near-field communication (NFC) is mostly used for contactless payment readers, security ID tags, and shop shelf-edge labels for stock control.
A wireless local area network (WLAN) uses radios and antennas for data transmission and reception. Most WLANs are based on the IEEE 802.11 series of standards, better known as Wi-Fi. Since the user verified that the phone was connected to Wi-Fi, WLAN would not be an issue.
A technician must remove all corporate accounts and files from an employee’s device but leave personal applications, accounts, settings, and files untouched. What is this called?
Enterprise wipe
Remote wipe
Profile security requirements
Locator application
Enterprise wipe
Enterprise wipe can be performed against corporate containers only. The device must be enrolled with MDM.
Remote wipe allows users to remotely erase the data on the device if the device is stolen or lost.
Profile security requirements document the details of the secure implementation of a device. These policies are applied to different employees and different sites or areas within the site.
A locator application finds a device if it is lost or stolen. Once set up, the phone’s location can be tracked from any web browser when it is powered on.
A server administrator receives a report that the company’s external-facing web server is unresponsive. Rebooting the server would take too long, and they are not even completely certain the server would come back up. What utility should the administrator use to restart the website?
msconfig.exe
services.msc
regedit.exe
certmgr.msc
services.msc
The Services console (services.msc) starts, stops, and pauses processes running in the background. In order to make configuration changes, regedit.exe in this group of options would be used.
The System Configuration Utility (msconfig.exe) is used to modify various settings and files that affect how the computer boots and loads Windows.
The Certificate Manager (certmgr.msc) console shows which certificates have been installed and provides a mechanism for requesting and importing new certificates.
The Windows registry provides a remotely accessible database for storing operating system, device, and software application configuration information. The administrator can use the Registry Editor (regedit.exe) to view or edit the registry.
A user downloads a dating app from the Apple store and then gets requests for permission to access their camera; which of the following is the most likely cause of the permission requests?
Sideloaded app
Spoofed app
Locator app
Enterprise app
Spoofed app
A spoofed app is a malicious app that spoofs a legitimate app by using a similar name and fake reviews, and automated downloads to boost its apparent popularity. Once downloaded, it will act as spyware and may request permissions unrelated to its function.
Sideloading is downloading apps from a source other than a trusted store. In this scenario, the app was downloaded from the trusted Apple store.
An enterprise app is a custom corporate app.
A locator app is a cloud app that uses a mobile-device location service to identify its current position on a map and enable security features to mitigate theft or loss.
An administrator assists the human resources department in testing access to their new cloud-based training site. Unfortunately, the site cannot be accessed due to the organizational security policy. Which of the following should the administrator use to assist them?
diskmgmt.msc
taskschd.msc
certmgr.msc
lusrmgr.msc
certmgr.msc
The Certificate Manager (certmgr.msc) console shows which certificates have been installed and provides a mechanism for requesting and importing new certificates.
The Disk Management (diskmgmt.msc) console displays a summary of any fixed and removable disks, which includes hard disk drives (HDDs), solid-state drives (SSDs), and optical drives.
The Task Scheduler (taskschd.msc) runs software and scripts according to calendar or event triggers which would not help diagnose and troubleshoot internet connectivity issues.
The Local Users and Groups (lusrmgr.msc) console provides an advanced interface for creating, modifying, disabling, and deleting user accounts.
An attacker can access a computer by executing a lunchtime attack. Which of the following principles were NOT followed that led to this attack?
Secure/protect critical hardware.
Log off when not using the computer.
Disable guest accounts.
Secure PII and passwords.
Log off when not using the computer.
Log off when not in use is a habit that users must develop each time they leave a computer unattended. Policies can configure a screensaver that locks the desktop after a period of inactivity.
Secure personal identifiable information (PII) and passwords are when paper copies of personal and confidential data must not leave where they could be read or stolen.
Secure/protect critical hardware should be a must for users to be alert to the risk of physical theft of devices.
Disabling guest accounts allow unauthorized access to the computer and may provide some sort of network access too. It is only enabled to facilitate password-less file sharing in a Windows workgroup.
While browsing the internet, a user receives a pop-up that states, “We have detected a Trojan virus. Click OK to begin the repair process.” Out of fright, the user clicks OK. Given the following choices, what is the most likely outcome of the user’s response?
Unwanted notifications start popping up in Windows.
Nothing happens because Windows BitLocker blocks the Trojan virus.
User starts experiencing drive-by downloads.
UAC will need to be enabled.
Unwanted notifications start popping up in Windows.
Malware often targets the browser, so clicking on a website pop-up is likely to deliver some type of infection, such as adware, which will deliver unwanted notifications.
A drive-by download will infect a computer with malware because a user visited a malicious site. However, in this scenario, the user was not passive. They actively interacted with the pop-up to install the adware.
BitLocker is an encryption tool, not an antivirus tool.
User Account Controls (UACs) prevent the unauthorized use of administrative privileges. They are enabled by default but can be disabled.
Which of the following extensions combines a scripting language with hundreds of prebuilt modules called cmdlets that can access and change most components and features of Windows and Active Directory components and features?
.js
.py
.ps1
.sh
.ps1
.ps1 is the PowerShell script file. Microsoft provides the Windows PowerShell Integrated Scripting Environment (ISE) for rapid development.
.sh is the Linux shell script extension by convention. Every shell script starts with a shebang line that designates which interpreter to use, such as Bash or Ksh.
.js is the JavaScript file extension. JavaScript is a scripting language designed to implement interactive web-based content and web applications. Most web servers and browsers are configured with a JavaScript interpreter.
.py is the Python file extension. Python is a general-purpose scripting and programming language that can develop both automation scripts and software applications.
A technician uses a method where each server is configured with a public/private encryption key pair and identified by a host key fingerprint. What is this method?
SSH
RDP
VNC
VPN
SSH
Secure shell (SSH) is also a remote access protocol, but it connects to a command interpreter rather than a desktop window manager.
Remote desktop protocol (RDP) implement terminal server and client functionality. RDP authentication and session data are always encrypted.
A virtual private network (VPN) establishes a tunneled link that joins a local computer to a remote network. Establish a VPN link and then use a remote desktop to connect to a host on the private network.
Virtual network computing (VNC) is a freeware product similar to RDP. It works over TCP port 5900. Not all versions of VNC support connection security.
Which of the following uses a security shield icon for tasks that are protected under them?
Fingerprint
SSO
PIN
UAC
UAC
User account control (UAC) is a Windows security feature designed to protect the system against malicious scripts and attacks that could exploit the powerful privileges assigned to members of the Administrators group.
A personal identification number (PIN) can contain letters and symbols. It is a passcode used to process authentication of a user accessing a system.
A fingerprint is the type of bio gesture authentication that uses a sensor to scan the unique features of the user’s fingerprint.
Single sign-on (SSO) means that a user authenticates once to a device or network to access multiple applications or services.
A teenager hears from friends about a legitimate website to download games to their Samsung Galaxy phone that is not in the Google Play store. The teenager goes to the site and downloads some games. What best describes the teenager’s behavior?
APK sideloading
Bootlegging
Jailbreaking
Rooting
APK sideloading
APK (Android Package) is the file format for Android apps. APK sideloading refers to downloading apps from a source other than Google’s Play store.
Jailbreaking removes the protective seal and any operating system-specific restrictions to give users greater control over the device. iOS jailbreaking is accomplished by booting the device with a patched kernel.
Rooting or gaining root access on an Android-based phone means gaining super user-level access over the device.
A bootleg app is a software that illegally copies or imitates a commercial product or brand. In this scenario, the teenager used a legitimate site.
What group has complete privilege control over a system?
Standard
Power
Administrator
Guest user
Administrator
A user account from the administrator’s group can perform all management tasks and generally has very high access to all files and other objects in the system.
A guest user is a group only present for a legacy reason. It has the same default permissions and rights as the user group.
A standard account is a member of the users group. This group is generally only able to configure settings for its profile.
The power users groups are present to support legacy applications. This group has the same permissions as the standard user group.
A user likes to watch Netflix on their phone while on the treadmill. The user turns the phone sideways for better viewing, but this time, the picture did not orient to landscape as it always has. Which of the following could cause this issue?
Screen lock is disabled.
Rotation lock is enabled.
Screen lock is enabled.
Rotation lock is disabled.
Rotation lock is enabled.
When a screen does not autorotate, it could be that the rotation lock is enabled. In iOS, the rotation lock is found in the Control Center. In Android, the rotation lock is found in the navigation bar.
If the rotation lock is disabled, the screen should autorotate. If it does not, the problem is probably hardware-related.
Screen Lock is a security feature for mobile devices. If enabled, it activates if the device is unused or the user activates it. Most devices require a pin or password to unlock the screen.
Screen Lock is a security feature for mobile devices. If it is disabled, no pin or password is required. Generally, some swipe gestures will unlock the screen.
A user calls the help desk complaining that Windows freezes to a blue screen every time it tries to boot. When the technician arrives, they boot the computer in Safe Mode. After evaluating this situation, what is the BEST reason the technician wants to enter Safe Mode to begin troubleshooting?
Safe Mode is necessary for troubleshooting.
CHKDSK can be run in Safe Mode.
Antivirus scans can be run in Safe Mode.
Safe Mode loads only the minimum amount of drivers and services to start the system.
Safe Mode loads only the minimum amount of drivers and services to start the system.
By using only essential drivers and services to boot, Safe Mode can boot the computer when a normal boot fails, as in this scenario.
The blue screen of death (BSoD) is mostly due to faulty hardware, especially at startup. CHKDSK scans the hard drive to find and repair errors, and it can be run in Safe Mode and many other analysis and recovery tools.
Safe Mode allows antivirus scans to run in an environment that will not trigger viruses or malware.
While Safe Mode provides a favorable environment for troubleshooting, it is not required to use the many troubleshooting tools available in Windows, such as Task Manager, Resource Manager, and Device Manager.
What is referred to as data on persistent storage like HDDs, SSDs, and thumb drives?
Data-at-rest encryption
Use timeout/screen lock
Disable Autoplay
Disable AutoRun
Data-at-rest encryption
Data on persistent storage, like HDDs, SSDs, and thumb drives, is known as data-at-rest. To protect data-at-rest against these risks, the information stored on a disk can be encrypted.
Disable AutoRun so that malware can not be installed automatically. Some versions of Windows require an optical disc inserted or USB drive to be attached so that the AutoRun command installs.
Disabling Autoplay will make the computer unable to play new content automatically.
Use timeout/screen lock is when the desktop is locked if the system detects no user-input device activity. Users should not rely on this and lock the computer manually when leaving it unattended.
A security administrator for a defense contracting company wants to disable external devices. The administrator pushes out a group policy setting to disable such devices but worries that attackers might elevate privileges and reenable them. What other setting will help the administrator accomplish the objective?
Modern standby
Selective suspend
Fast startup
Hibernate
Selective suspend
The administrator can enable Universal Serial Bus (USB) selective suspend to turn off power to peripheral devices.
The fast startup uses the hibernation file to instantly restore the previous system RAM contents and make the computer ready for input more quickly than the traditional hibernate option.
Hibernate mode suspends to disk. It saves any open but unsaved file data in memory to disk (as hiberfil.sys in the root of the boot volume) and then turns the computer off, which is also referred to as ACPI mode S4.
Modern standby utilizes a device’s ability to function in an S0 low-power idle mode to maintain network connectivity without consuming too much energy.
A marketing professional normally sends large files to other team members. The IT department recommended using a shared drive and assisted them in setting it up. The project was a very high priority, so the professional collaborated with several members but started receiving reports that some users could not access it sometimes and others could. They eventually figured out that only 20 people at a time seemed to be able to access it. What is causing the issue?
DNS settings are intermittent.
The file server was not properly configured.
The proxy settings are not properly configured on client machines.
The share was created on a Windows desktop.
The share was created on a Windows desktop.
The Share tab in the folder’s Properties dialog can customize permissions, change the share name, and limit the number of simultaneous connections. Windows desktop versions are limited to 20 inbound connections.
If more than 20 users access the share, the data should be stored on file servers rather than local client computers.
The proxy settings will not affect users’ ability to access the file share in this scenario. It could cause issues accessing the internet, however.
If the domain name system (DNS) were causing an issue, the users would not be limited to 20 people. It is possible that load-balanced DNS servers could cause issues if one is incorrect.
A server administrator was called in to help a VIP whose computer was accidentally infected with a virus. The administrator wants to revert the computer but still preserve user personalization settings. What should the administrator use?
Factory partition
Refresh
Reset
Third-party drivers
Refresh
Windows supports refresh and reset options to try to repair the installation. Using refresh recopies the system files and reverts most system settings to the default but can preserve user personalization settings, data files, and more.
Using the full reset option deletes the existing OS plus apps, settings, and data ready for the OS to be reinstalled.
A factory recovery partition is a tool used by the original equipment manufacturers (OEMs) to restore the OS environment to its ship state. The recovery partition is created on the internal fixed drive.
The OS setup media might not contain drivers for certain hardware devices, but this could be part of an unattended file.
A client uses this software that allows access to a given computer. What is this software?
Desktop management
Videoconferencing
Screen-sharing
File transfer
Screen-sharing
Screen-sharing is software that is designed to work over HTTPS across the internet. This is secure because the connection is encrypted but also easier to implement as it does not require special firewall rules.
Some web-conferencing and videoconferencing software, like Microsoft Teams and Zoom, provides a screen-sharing client that participants may control.
With file transfer, users can choose a file-sharing protocol that can be used across all connected hosts. It allows configuring permissions on the share and provisioning user accounts that are recognized by both the server and client.
Desktop management suites are designed for deployment by a single organization and focus primarily on access control and authorization.
A client administrator sets up a new system for GUID partition table (GPT) partitioning. What dependency will the administrator need to set?
BIOS
MBR
TPM 2.0
UEFI
UEFI
When the disk uses GPT partitioning, the system firmware must be set to use the Unified Extensible Firmware Interface (UEFI) boot method.
The disk will not be recognized as a boot device if the boot method is set to BIOS.
While the scenario did not specify which OS the administrator was upgrading to, Windows 11 requires a CPU or motherboard supporting trusted platform module (TPM) version 2.
The master boot record (MBR) partition style stores a partition table in the first 512-byte sector on the disk, which is different from UEFI.
An endpoint machine administrator configures specific Apple computers designated for users with disability. Where should the administrator look to configure these settings?
Mission Control
Time Machine
Accessibility
Security & Privacy
Accessibility
The Accessibility preference pane is used to configure assistive vision and sound options, such as VoiceOver narration of screen elements, cursor size and motion settings, zoom tools, display contrast, font sizes, and captioning.
macOS has options to configure what analytics/telemetry data and personalized information can be collected. Users can adjust these options via the Security & Privacy preference pane.
The Time Machine preference pane lets data back up to an external drive or partition formatted using either the Apple File System (APFS) or macOS’s older extended file system.
The Mission Control feature is used for window management and enables users to set up multiple desktops.
A user is using AirDrop to send information to another device. What type of software is this?
Videoconferencing
File transfer
Screen-sharing
Desktop management
File transfer
File transfer allows users to select a file-sharing protocol that all the connecting hosts can use. Using this, both the server and client can configure permissions on the shared folders and provision user accounts.
Videoconferencing or web-conferencing software, such as Microsoft Teams or Zoom, includes a screen-share client, and some also participants to be granted control of the share.
Screen-sharing is software designed to work over HTTPS across the internet; this is secure because the connection is encrypted and easier to implement as it does not require special firewall rules.
Desktop management suites are designed for deployment by a single organization and focus primarily on access control and authorization.
A vulnerability manager is brainstorming different ways to enhance security for their cell phone devices. The company only uses Apple, and so one of the ideas the manager comes up with is to look for anomalistic files that do not belong with Apple for signs of possible malware which did not profile the device and instead just blasted malware out, hoping the operating system would be right. Which of the following would be anomalistic?
.pkg
.apk
.dmg
.app
.apk
An .apk file is a format for Android. The vulnerability manager only has Apple in their environment. Unknown sources enable untrusted apps to be downloaded from a website and installed using the .APK file format.
DMG (disk image) format is used for simple installs where the package contents need to be copied to the Applications folder.
PKG format is used where app setup needs to perform additional actions, such as running a service or writing files to multiple folders.
The app is placed in a directory with a .APP extension in the Applications folder when it has been installed.
A user experiences issues searching their local computer for files. What is a common issue that the user should check?
User accounts
Hide extensions
Show hidden files
Indexing options
Indexing options
Search is also governed by settings configured in the Indexing Options applet. A corrupted index is a common cause of search problems.
A user account controls access to the computer. Each account can be assigned rights or privileges to make OS configuration changes. Accounts can also be assigned permissions on files, folders, and printers.
A file or folder can be marked as “Hidden” through its file attributes. Files marked as hidden are not shown by default but can be revealed by setting the “Show hidden files, folders, and drives” option.
Hide protected operating system files configures files marked with the System attribute as hidden.
A helpdesk professional assists a user with issues booting up their Mac computer. The user reports that there is no drive to boot from. Where will the computer boot from?
Force Quit
Terminal
Web
FileVault
Web
When users reboot an Apple Mac, if the startup drive is not available for any reason and it is connected to the internet, the computer will try to boot from a web-based drive.
The Terminal can be used to access the command-line environment, which uses either the Z shell (zsh) or Bash. Older macOS versions use Bash, while zsh is the default from Catalina up.
If a macOS app stops responding, it should be possible to close it down and restart without restarting the computer, using Run Force Quit from the Apple menu or press COMMAND+OPTION+ESC.
FileVault is a disk encryption product. Encryption protects the data stored on a disk against the possibility that a threat actor could remove it.
A transportation company wants to set up software that gathers statistics from the controller area network for trailers hauling loads, enabling them to adjust processes to optimize cost savings. What type of adapter will the company need to send the statistics back to their cloud network?
Wired
Wireless
WWAN
VPN
WWAN
Wireless Wide Area Network (WWAN) uses a cellular adapter to connect to the internet via a provider’s network. These networks are typically metered with a set data limit.
A virtual private network (VPN) connects the components and resources of two (private) networks over another (public) network.
Almost all wired network connections are based on some Ethernet. The adapter’s media type must match the switch it is connected to.
While WWAN could be considered wireless, wireless generally refers to a computer that connects to the 2.4 or 5 GHz spectrum with a limited physical range.
While researching and writing a paper on their home computer, a student notices an alert in the notification area that Windows Defender has expired and needs to be updated. The student is annoyed by the interruption but clicks on the alert and follows the update instructions. Later, the student told their parents that Defender expired, and they installed the update. The student’s parents are panic-stricken. Determine the best reason for the parents’ reaction from the information provided.
The parents know the Windows Defender subscription was recently renewed.
The parents have scheduled all updates to occur during the automatic maintenance window at 2:00am.
A malicious browser push notification tricked the student into a drive-by download.
A malicious browser push notification tricked the student into downloading malware.
A malicious browser push notification tricked the student into downloading malware.
One way to infect a host with malware is to misuse the browser push notification system that allows a website to send messages. Often these messages are designed to trick users into installing malware by disguising it as an antivirus update.
While this scenario describes a malicious browser push notification, it is not a drive-by download. In a drive-by attack, the computer is infected with malware simply by visiting a malicious site; there is no user installation.
Defender is a Windows built-in antivirus and firewall product, so it does not expire. Scheduled updates are irrelevant.
Defender has no subscription to be renewed because it is automatically installed on all Windows computers (starting with Windows 7).
Which of the following contains information about ingredients, health hazards, precautions, and first aid information and what to do if the material is spilled or leaks?
MSDS
Surge suppressor device
Proper power handling
Electrical fire safety
MSDS
A material safety data sheet (MSDS) includes information about recycling any waste product or disposing of it safely by government regulations.
Electrical fire safety ensures that equipment is properly stored and away from any flammable material and electrical wires do not start a fire.
Surge suppressor devices come in the form of adapters, trailing sockets, or filter plugs, with the protection circuitry built into the unit. These devices offer low-cost protection to one or two pieces of equipment.
Proper power handling is done with the correct training. PC power supply units can carry dangerously high levels of voltage. Disconnection of power should be done before repairing a PC.
A user receives an unsolicited call from a Microsoft support technician during a normal workday. The technician says the antivirus software on the user’s computer alerted Microsoft of a new malware infection. The technician needs to remote into the user’s computer to fix the problem. What is the technician trying to do?
Address the problem faster with a call rather than a pop-up notification alert.
Proactively respond to a virus alert.
Circumvent security software.
Address the problem faster with a call rather than an email.
Circumvent security software.
Microsoft does not directly support users and would never randomly contact a user. This scenario is a scam to try to steal a user’s credentials.
Microsoft would not receive a malware alert because the company does not directly support users. Also, Microsoft would not contact a user.
Microsoft does not directly support users and does not receive malware alerts about any user. Moreover, the company does not call users or email users.
Microsoft does not call users and would not receive an antivirus alert that would cause the company to generate a notification.
When making major adjustments to a project, a security technician will have to assess the business and technical merits as well as the risks of the adjustment plan. What documentation will need to be submitted?
Sandbox testing
Risk levels
Change board approval
Rollback plan
Change board approval
Change board approvals are when a serious change request is made, and approvals go to a change advisory board (CAB). The CAB should include stakeholders for departments, users, or customers whom the change will impact and those proposing it, technicians responsible for implementing it, and managers/directors who can authorize the budget.
Sandbox testing is a computing environment designed to replicate the production environment but isolated from it.
A rollback plan is when a change can be reversed if it has harmful or unforeseen consequences.
Risk levels are included in the risk assignment that could be expressed as a discrete value or as a traffic light-type of indicator, where red is high, orange is moderate risk, and green is minimal risk.
A security administrator moves their proxy from on-premise to the cloud and wants to establish a client tunnel to the cloud proxy tunnel for web traffic. This way, the users are protected even while out in public and not connected to the domain. What should the administrator set up?
Mapped drive
DNS settings
WWAN
VPN
VPN
A virtual private network (VPN) connects the components and resources of two (private) networks over another (public) network.
Wireless Wide Area Network (WWAN) uses a cellular adapter to connect to the internet via a provider’s network. These networks are typically metered with a set data limit.
A mapped drive is a share that has been assigned to a drive letter on a client device. To map a share as a drive, right-click it and select Map Network Drive.
While it is best practice to configure DNS settings to resolve the VPN concentrator, technically, it could be done with an IP.
Which of the following devices come in the form of adapters, trailing sockets, or filter plugs, with the protection circuitry built into the unit?
Compressed air blaster
Anti-ESD strap
Surge suppressor
Antistatic bags
Surge suppressor
Surge suppressors are passive protection devices that can filter out the effects of surges and spikes.
A compressed air blaster can be used to dislodge dust from difficult-to-reach areas. When performing this sort of maintenance within a controlled area, wear an appropriate air-filter mask and goggles.
Antistatic bags are packages that reduce the risk of ESD because it is coated with a conductive material.
Anti-ESD wrist straps should fit snugly around the wrist or ankle so that the metal stud makes contact with the skin. Wearing an anti-ESD wrist strap causes the static charge to dissipate more effectively.
previous
A company has experienced a power outage, but activation of an alternative source has kicked in. What is this alternative source called?
Fuse
Surge suppressor
Voltage
UPS
UPS
An uninterruptible power supply (UPS) will provide a temporary power source in the event of complete power loss. An alternate power source can be a backup battery to a generator.
Surge suppressors are passive protection devices that can filter out the effects of surges and spikes. These devices offer low-cost protection to one or two pieces of equipment.
An electrical device has a fuse appropriate to its maximum current. If the current increases past the fuse capacity, the fuse will blow. However, if the fuse fitted is rated too low, the fuse will blow too easily.
Voltage is the potential difference between two points measured in volts (V).
A technician detected and reported an incident, resulting in the appropriate unit being notified and tasked with acting as first responders, taking charge of the situation, and formulating the appropriate response. What is this unit called?
CSIRT
Chain of custody
Open-source
IRP
CSIRT
The computer security incident response team (CSIRT) is used in some larger organizations to provide a range of decision-making and technical skills required to deal with different types of incidents.
An open-source license makes it free to use, modify, and share and makes the program code used to design it available.
An incident response plan (IRP) sets the procedures and guidelines that an IT team must adopt to deal with security incidents.
A chain of custody form records who collected the evidence, who has handled it subsequently, where they stored it, and must show access to the evidence at every point.
An installer is implemented using. EXE file. What is this technique performing?
Gathering of information
Initiating updates
Introducing malware
Installation of applications
Installation of applications
Installation of applications is used in Windows as a setup file that can be executed in silent mode using the command switches for its installer. In Linux, scripts are often used to compile apps from source code.
In Windows Power, hundreds of Get verb cmdlets gather information/data from a Windows subsystem. Bash supports numerous commands to manipulate text.
The initiation of updates takes place through wusa.exe in Windows, which
processes batch files to initiate a typical update. The PSWindowsUpdate module in PowerShell contains numerous cmdlets. Users can use apt.get/apt or yum from a Bash script in Linux.
A technician helps a customer with a ticket request and needs to record that the customer has accepted that the ticket can be closed. Which of the following fields reflect this part of the ticket life cycle?
Progress notes
Escalation levels
Problem description
Problem resolution
Problem resolution
Problem resolution sets out the plan of action and documents the successful implementation and testing of the plan and full system functionality.
Problem description records the initial request with any detail that could easily be collected at the time.
Progress notes record what diagnostic tools and processes have been discovered and identify and confirm a probable cause.
Escalation levels occur when an agent cannot resolve the ticket. The support team can be organized into tiers to clarify the escalation levels. The ticket owner is the person responsible for managing the ticket.
An employee enters the web address of their local newspaper to check for news on the company, and a site pops up with many click-bait celebrity stories. The employee re-enters the address assuming a misspelling but returns to the same page. When the help desk technician arrives, which of the following troubleshooting steps would be appropriate?
Check to see if the DNS browser is configured correctly.
Check HOSTS files for malicious entries.
Check the System Configuration Utility.
Check to see if the newspaper website’s certificate is expired.
Check HOSTS files for malicious entries
This scenario describes a redirection when a user tries to open one page but is sent to another. Here, it appears adware is driving traffic to another site to increase clicks. Since HOSTS maps domain names to IP addresses, the HOSTS file in the registry would show malicious entries to re-route IP addresses.
The Domain Name Server (DNS) is a server, not a browser. However, the nslookup command can be used to check DNS records.
Any problem with a website’s certificate will likely generate a message. It will not send a user to another website.
The System Configuration Utility modifies various settings and files that affect how the computer boots and loads Windows.
An administrator uses an access control system to shuttle authentication and authorization traffic between the supplicant and the AAA that encrypts an entire authentication rather than just the password. What is this method?
Kerberos
AES
TACACS+
RADIUS
TACACS+
Terminal access control system plus (TACACS+) is one way of implementing authentication, authorization, and accounting (AAA). TACACS+ is often used in authenticating administrative access to routers, switches, and access points.
Remote authentication dial-up user service (RADIUS) is implementing the AAA server when configuring enterprise authentication. Rather than storing and validating user credentials directly, it forwards data between the RADIUS server and the supplicant without reading it.
Kerberos allows a user account to authenticate to a domain controller (DC) over a trusted local cabled segment. Kerberos facilitates single sign-on (SSO).
Advanced encryption standard (AES) is the standard encryption used by WPA2 and the strongest encryption standard to use by Wi-Fi.
What method gets a system back up and running before the recommended amount of time elapses?
Sandbox testing
Change board approval
Rollback plan
Risk levels
Rollback plan
A rollback plan is when a change can be reversed if it has harmful or unforeseen consequences.
Change board approvals are when a serious change request is made, and approvals go to a change advisory board (CAB). The CAB should include stakeholders for departments, users, or customers whom the change will impact and those proposing it, technicians responsible for implementing it, and managers/directors who can authorize the budget.
Sandbox testing is a computing environment designed to replicate the production environment but isolated from it.
Risk levels are included in the risk assignment that could be expressed as a discrete value or as a traffic light-type of indicator, where red is high, orange is moderate risk, and green is minimal risk.
A 3D animations expert is searching for a new computer. What should they ensure it has to handle their demanding software?
Integrated graphics card
Dedicated graphics card
64-bit CPU
Hardware token
Dedicated graphics card
A demanding application, such as graphic design software or a game, will likely require a dedicated graphics card with video RAM, separate from the general system RAM.
An integrated graphics card would not be enough to handle a demanding application such as graphic design software.
While a 64-bit CPU would probably help in this instance, a dedicated graphics card would provide the resource chokepoint for the 3D application.
An external hardware token is a smart card or USB form factor device that stores cryptographic user identification data. The user must present the token and supply a password, PIN, or fingerprint scan to authenticate.
Which of the following can prevent, detect, and remove software threats that consist of ransomware, Trojans, spyware, and rootkits?
OS reinstallation
Security-awareness training
Recovery mode
Anti-malware
Anti-malware
Anti-malware is computer software used to avoid, identify, and eliminate malware. Anti-malware is like antivirus software but for more up-to-date malware.
Recovery mode is the step-by-step processing of manual removal to disable persistence mechanisms and reconfigure the system to its secure baseline.
OS reinstallation is when the antivirus software cannot recover data from infected files, and a user must complete a system restore.
Security-awareness training is usually delivered to employees at all levels, including end-users, technical staff, and executives. The training includes anti-phishing, software firewalls, passwords, malware threats, and more.
A technician uses a backup method that reflects how much lost work can be tolerated. What is this method?
Frequency
Full with incremental
Full with differential
Retention
Frequency
Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.
Retention is the period that any given backup job is kept for. Short-term retention is important for version control and for recovering from malware infection.
Full with incremental means that the chain starts with a full backup and then runs incremental jobs that select only new files and files modified since the previous job.
Full with differential means that the chain starts with a full backup and then runs differential jobs that select new files and files modified since the original full job.
A technician runs an isolated test that allows them to run the program without impacting the system. What is this called?
Sandbox
Rollback plan
End-user acceptance
Affected systems
Sandbox
Sandbox testing is a computing environment designed to replicate the production environment but isolated from it.
End-user acceptance must be accounted for when a change of plan is implemented. It can be difficult for people to adapt to new processes and easy for them to magnify minor problems into major complaints.
A rollback plan is when a change can be reversed if it has harmful or unforeseen consequences.
Affected systems must be considered in the implementation of change. Companies should first attempt to test the change for the most significant or major changes.
A technician needs to set up a method that blocks URLs or search terms using keywords and phrases. What is this method?
Encryption setting
Disable guest access
Changing channels
Content filtering
Content filtering
Content filtering means that the firewall downloads curated reputation databases that associate IP address ranges, Fully Qualified Domain Names (FQDNs), and URL web addresses with sites known to host various categories of content.
Changing channels can be accessed by using a Wi-Fi analyzer to identify which channel within the access point’s range is least congested.
Disable guest access when a user does not want a guest network. The guest network is usually isolated from the other local devices.
Guests can connect to this network and access the internet without a password. Encryption settings allow users to set the authentication mode.
Users are curious about what is run on startup, so they dig into the startup script. The users find the command “net use M: \sharedrive\data /persistent:yes”. What is the startup script invoking?
Print share
Mapped drive
Proxy
File server
Mapped drive
A mapped drive is a share that has been assigned to a drive letter on a client device. To map a share as a drive, right-click it and select Map Network Drive.
A user may be mapping a file server, but mapped drives do not always exist on file servers. They could be on network-attached storage or shared directly from another client machine.
The user is not mapping a print share with this command, but printers can be shared through various means, such as a print server.
This command does not configure the proxy. The settings for proxy information can be found in internet options.
A user performs a technique that allows them to connect their PlayStation to their network. What is this technique?
Screened subnet
UPnP
Static IP
Encryption setting
UPnP
The universal plug-and-play (UPnP) framework sends instructions to the firewall with the correct configuration parameters to allow applications to work.
A screened subnet establishes a more secure configuration. The idea of a screened subnet is that some hosts are placed in a separate network segment with a different IP subnet address range than the rest of the local area network (LAN).
Static IP can be auto configured as a DHCP reservation, but if manual configuration is required, follow the service provider’s instructions to configure the correct address on the router’s Wide Area Network (WAN) interface.
Encryption settings allow users to set the authentication mode.
What type of data breach can be associated with a specific person or use an anonymized or de-identified data set for analysis and research?
Personal government-issued information
Healthcare data
Open-source license
PII
Healthcare data
Healthcare data refers to medical and insurance records plus associated hospital and laboratory test results.
Personal government-issued information is issued to individuals by federal or state governments. Personal information may be social security numbers, passports, driving licenses, and birth/marriage certificates.
Personally identifiable information (PII) is data that can be used to identify, contact, locate an individual or, in the case of identity theft, impersonate that individual.
The open-source license makes it free to use, modify, and share and makes the program code used to design it available.
Rooting is typically an action related to Android, while jailbreaking is associated with iOS. They are both trying to do the same thing. What is that?
Publish malicious apps.
Spoofing
Bootlegging
Gain unrestricted access.
Gain unrestricted access.
The goal of rooting and jailbreaking is to gain unrestricted access, or privilege escalation, by subverting the security controls built into iOs or Android. This also has the side effect of leaving many security measures permanently disabled.
Publishing malicious apps is the purview of rogue developers. It is not the goal of rooting and jailbreaking.
Bootlegging is developing software that illegally copies or imitates a commercial product or brand.
Spoofing is developing a malicious app that spoofs a legitimate app by using a similar name and fake reviews, and automated downloads to boost its apparent popularity.
Worried about a crash, a user creates a complete backup of the system configuration and data files on their computer. Identify what the user has created.
An update rollback
A reimage
An image
A update
An image
A backup of everything on the computer, including the installation, settings, apps, and files, is also called an image.
Reimaging is not a backup. It removes system files and resets all PC settings to default, usually done when the hard disk or operating system is damaged or malware-infected.
An update fixes or improves the computer’s operating system, drivers, or software. Nothing else is changed, and nothing on the computer is backed up.
If an update to Windows or an application/program causes problems with the computer, it can be rolled back (uninstalled).
A remote computer administrator is managing clients in rigorous conditions. The clients keep overheating and often have issues. The administrator wants to run regular checks for damage or corruption. Which of the following will help them accomplish this?
shutdown
gpresult
winver
sfc
sfc
Historically, most attended installations and upgrades were run by booting from optical media (CD-ROM or DVD). The optical drive must be set as the priority boot device.
Another problem with disc-based installs is that the setup disc quickly becomes out-of-date. USBs became more popular later on for the ability to load the latest install.
A computer that supports network boot could also be configured to boot to set up over the internet.
Once the OS has been installed, the user will usually want to set the internal hard drive as the default (highest priority) boot device and disable any other boot devices.
A new employee calls the help desk because their phone will not connect to the office Wi-Fi. When the technician asks about the phone model, the employee says it is an iPhone 5. The technician immediately knows the problem. Which of the following could be the problem?
Configuration
Signal strength
Interference
Throttling
Configuration
Since the technician knew the problem based on the phone model, the most likely cause would involve configuration issues between the device and the wireless access point related to the 802.11 standard or the GHz band.
Signal strength can be affected by distance but not likely by the phone model.
The phone model would not impact interference from other devices or thick walls or metal.
Concerning smartphones, throttling refers to a purposeful reduction in phone performance by a manufacturer’s update to the device that instructs it not to perform at its maximum capabilities.
Users perform a technique that tends to select C, M, N, O, and S shapes. Which of the following is this?
Facial recognition
Swipe
PIN
Pattern
Pattern
Pattern requires the user to swipe a “join-the-dots” pattern. The pattern method has numerous weaknesses.
Swipe is a gesture that means that access to the device is unauthenticated. Simply swiping across the screen will unlock the device.
Facial recognition is a method that creates a template computer from a 3-D image of the user’s face. A facial bio gesture has the advantage of using the camera rather than a special sensor.
Personal identification numbers (PINs) are used on most devices to enable screen lock authentication and generate an encryption key. The PIN can act as a primary or backup authentication method.
A user has just set up their network and needs to make sure that their network is secure, and no one can log in to the network. Which of the following should the user do?
Perform firmware updates.
Change default passwords.
Consider the physical placement.
Locate the SSID.
Change default passwords.
Change the default password to secure the administrator account. Choose a new strong password of 12 characters or more.
Physical placement of any router or network appliance should be made to a secure location. A non-malicious threat actor could damage or power off an appliance by accident.
Firmware updates are important because it allows the user to fix security holes and support the latest security standards.
Service set ID (SSID) is a simple, case-sensitive name that users identify the WLAN. The factory configuration uses a default SSID that is typically based on the device brand or model, which should be changed so users will recognize the network.
A user wants to connect to multiple systems after a single login at only one of the devices. What is this called?
Fingerprint
PIN
SSO
UAC
SSO
Single sign-on (SSO) means that a user authenticates once to a device or network to access multiple applications or services.
User account control (UAC) is a Windows security feature designed to protect the system against malicious scripts and attacks that could exploit the powerful privileges assigned to members of the Administrators group.
A personal identification number (PIN) can contain letters and symbols. It is a passcode used to process authentication of a user accessing a system.
A fingerprint is the type of bio gesture authentication that uses a sensor to scan the unique features of the user’s fingerprint.
A user is on a website using an HTTPS URL; the browser displays the information about the certificate in the address bar. What does this certificate validate?
Pop-up blocker
Browser sign-in
Secure connection
Untrusted source
Secure connection
A secure connection validates the host’s identity running a site and encrypts communications to protect against snooping.
An untrusted source is when an installer cannot be verified through a digital signature or has been a security risk and is likely to expose the user to unwanted adverts. Some untrusted sources do not block ads or have pop-up blockers.
Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices.
Pop-up blockers prevent a website from creating dialogs or additional windows. The pop-up technique was used to show fake advertisements and security warnings.
What component storage prevents static electricity from discharging?
Antistatic bags
ESD mats
Dissipative packaging
ESD straps
Antistatic bags
Antistatic bags are packages that reduce the risk of ESD because it is coated with a conductive material.
Anti-electrostatic discharge (ESD) straps are worn to dissipate static charges effectively. The band should fit snugly around the wrist or ankle so that the metal stud contacts the skin.
Electrostatic discharge (ESD) mats are used to organize sensitive components. The mats contain a snap connected to the wrist or leg strap.
Dissipative packaging is light pink or blue packaging that reduces the buildup of static in the general vicinity of the contents by being slightly more conductive than normal.
A user wants to maximize resource dedication to 3D performance and frame rate. Where should the user go to do this?
Apps
Devices
System
Gaming
Gaming
Game mode suspends Windows Update and dedicates resources to supporting the active game app’s 3D performance and frame rate rather than other software or background services.
The System Settings page in the Settings app presents options for configuring input and output devices, power, remote desktop, notifications, and clipboard (data copying).
The Devices settings pages contain options for input devices (mice, keyboards, and touch), print/scan devices, and adding and managing other peripherals attached over Bluetooth or USB.
In the Settings app, the Apps group is used to view and remove installed apps and Windows Features.
A curious IT administrator notices issues with certain applications invoking the kernel. Which operating system would allow the administrator to change the underlying operating system?
iOS
Android
macOS
iPadOS
Android
Android is a smartphone/tablet OS developed by the Open Handset Alliance, primarily driven by Google. Unlike iOS, it is an open-source OS based on Linux.
iOS is the operating system for Apple’s iPhone smartphone and original models of the iPad tablet. Like macOS, iOS is also derived from UNIX and developed as a closed-source operating system.
The iPadOS has been developed from iOS to support the functionality of the latest iPad models (2019 and up).
The macOS is a closed-source operating system that does not allow users to make changes.
A server administrator was called in to help a VIP whose computer was accidentally infected with a virus. The administrator wants to revert the computer but still preserve user personalization settings. What should the administrator use?
Third-party drivers
Refresh
Factory partition
Reset
Refresh
Windows supports refresh and reset options to try to repair the installation. Using refresh recopies the system files and reverts most system settings to the default but can preserve user personalization settings, data files, and more.
Using the full reset option deletes the existing OS plus apps, settings, and data ready for the OS to be reinstalled.
A factory recovery partition is a tool used by the original equipment manufacturers (OEMs) to restore the OS environment to its ship state. The recovery partition is created on the internal fixed drive.
The OS setup media might not contain drivers for certain hardware devices, but this could be part of an unattended file.
Which of the following should generate an alert when the account is disabled or altered?
Restrict login times.
Change default administrator account.
Restrict user permission.
Disable guest account.
Change default administrator account.
These default accounts have practical limitations and consequently are the ultimate target for threat actors. Any use of the default administrator account must be logged and accounted for.
Disabling guest accounts allow unauthorized access to the computer and may provide some sort of network access too. It is only enabled to facilitate password-less file sharing in a Windows workgroup.
Restrict user permission means some networks have complex requirements for assigning rights. However, the basic principle is that the number of accounts with administrator privileges should be as few as possible.
Restrict login times are typically used to prevent an account from logging in at an unusual time of the day or night or during the weekend.
A marketing professional normally sends large files to other team members. The IT department recommended using a shared drive and assisted them in setting it up. The project was a very high priority, so the professional collaborated with several members but started receiving reports that some users could not access it sometimes and others could. They eventually figured out that only 20 people at a time seemed to be able to access it. What is causing the issue?
DNS settings are intermittent.
The share was created on a Windows desktop.
The proxy settings are not properly configured on client machines.
The file server was not properly configured.
The share was created on a Windows desktop.
The Share tab in the folder’s Properties dialog can customize permissions, change the share name, and limit the number of simultaneous connections. Windows desktop versions are limited to 20 inbound connections.
If more than 20 users access the share, the data should be stored on file servers rather than local client computers.
The proxy settings will not affect users’ ability to access the file share in this scenario. It could cause issues accessing the internet, however.
If the domain name system (DNS) were causing an issue, the users would not be limited to 20 people. It is possible that load-balanced DNS servers could cause issues if one is incorrect.
A security analyst conducts an incident response investigation against suspected malware on a userbox. The analyst suspects a certain variant of malware known to beacon out to a command and control server. What command will help them investigate this?
hostname
net use
net user
netstat
netstat
The netstat command can investigate open ports and connections on the localhost, which will help to investigate potential command and control connections established by malware on the localhost.
The hostname command returns the name configured on the local machine. The DNS server can also contain records to point machines to the host.
Several net and net use command utilities can be used to view and configure shared resources on a Windows network.
Accounts can be managed at the command line using net users, which must be executed in an administrative command prompt.
A vulnerability and risk manager reviews older systems that can only receive critical patches. What are these systems classified as?
Extended support
Beta
End of life
Supported
Extended support
During the extended support phase, the product is no longer commercially available, but the vendor issues critical patches.
An end-of-life (EOL) system is one that its developer or vendor no longer supports. EOL systems no longer receive security updates and therefore represent a critical vulnerability.
A public beta phase might be used to gather user feedback. Microsoft operates a Windows Insider Program where users can sign up to use early release Windows versions and feature updates.
When the product is being actively marketed during the supported phase, the vendor releases regular patches to fix critical security and operational issues and feature upgrades to expand OS functionality.
Which of the following will block untrusted application sources from running?
Firewall
Failed login attempts
Anti-malware
OS updates
Anti-malware
Anti-malware applications designed for mobile devices tend to work more like content filters to block access to known phishing sites and block adware/spyware activity by apps.
Failed login attempts mean that the device locks for a set period if an incorrect passcode or bio gesture is used; this deters attempts to guess the passcode or use a spoofed biometric.
OS updates are as critical as it is for a desktop computer. The install base of the iOS is generally better at applying updates because of the consistent hardware and software platform.
Firewall applications for mobile devices can monitor app activity and prevent connections to ports or IP addresses.
A Windows client administrator plans to upgrade their OS in the current environment. What is one of the most important considerations for the upgrade?
Journaling
User training
TPM 2.0
Dynamic Disks
User training
Different desktop styles introduced by a new OS version or changing from one OS to another can generate issues as users struggle to navigate the new desktop and file system. An upgrade project must take account of this and prepare training programs.
While the scenario did not specify which OS the administrator was upgrading to, Windows 11 requires a CPU or motherboard supporting trusted platform module (TPM) version 2.
When data is written to an NTFS volume, it is re-read, verified, and logged via journaling. In the event of a problem, the sector concerned is marked as bad and the data relocated.
The Dynamic Disks feature allows multiple physical disks to be combined into volumes.
A software engineer uses the “data protection” option for the apps on their mobile device. This option is subject to the second round of encoding using a key derived from and protected by the user’s credentials. What is this method?
Device encryption
Profile security requirements
Remote backup application
Locator application
Device encryption
Device encryption is enabled automatically when a user configures a passcode lock on the device.
A remote backup application is the backup of data, apps, and settings to the cloud. A user may choose to use a different backup provider or a third-party provider like Dropbox.
Profile security requirements document the details of the secure implementation of a device. These policies are applied to different employees and different sites or areas within the site.
A locator application finds a device if it is lost or stolen. Once set up, the phone’s location can be tracked from any web browser when it is powered on.
If an individual is creating an account and unable to think of a strong key code word, the browser can suggest strong keycodes to use. What is this called?
Ad-blocker
Browser sign-in
Password manager
Secure connection
Password manager
Password managers suggest a strong password at each new account sign-up or credential reset and autofill this value when the user needs to authenticate to the site.
Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices.
Secure connection validates the host’s identity running a site and encrypts communications to protect against snooping.
Ad blockers use more sophisticated techniques to prevent displaying anything that does not seem to be part of the site’s main content or functionality. Many sites detect ad blockers and do not display any content while enabling filtering.
A security analyst notices an unauthorized disclosure of customers’ data at the company. What type of data is breached?
PII
Open-source license
Healthcare data
Chain of custody
PII
Personally identifiable information (PII) is data that can be used to identify, contact, or locate an individual or impersonate that individual in the case of identity theft. PII is any representation of information that authorizes the identity of an individual.
The open-source license makes it free to use, modify, and share and makes the program code used to design it available.
Healthcare data refers to medical and insurance records plus associated hospital and laboratory test results.
The chain of custody form records where, when, and who collected the evidence, handled it subsequently, and stored it.
A helpdesk manager assesses older Windows 7 computers their company owns and tries to determine available upgrade paths. Which of the following can NOT be upgraded?
Windows 7 Pro to Windows 10 Home
Windows Home to Windows 10 Pro
Windows 7 Home Premium to Windows 10 Pro
Windows 7 Home to Windows 10 Enterprise
Windows 7 Home to Windows 10 Enterprise
Users cannot upgrade from a Home to an Enterprise edition. If users consider an in-place upgrade, they must check that the current OS version is supported as an upgrade path to the intended version.
Users can upgrade from Windows 7 Home Premium to Windows 10 Home or Pro. With Windows, users have to consider the edition when upgrading.
Users can upgrade from Windows 10 Home to Windows 10 Pro.
Downgrading the edition is supported in some circumstances (Windows 7 Professional to Windows 10 Home, for instance), but this only retains documents and other data, not apps and settings.
While researching and writing a paper on their home computer, a student notices an alert in the notification area that Windows Defender has expired and needs to be updated. The student is annoyed by the interruption but clicks on the alert and follows the update instructions. Later, the student told their parents that Defender expired, and they installed the update. The student’s parents are panic-stricken. Determine the best reason for the parents’ reaction from the information provided.
A malicious browser push notification tricked the student into a drive-by download.
A malicious browser push notification tricked the student into downloading malware.
The parents know the Windows Defender subscription was recently renewed.
The parents have scheduled all updates to occur during the automatic maintenance window at 2:00am.
A malicious browser push notification tricked the student into downloading malware.
One way to infect a host with malware is to misuse the browser push notification system that allows a website to send messages. Often these messages are designed to trick users into installing malware by disguising it as an antivirus update.
While this scenario describes a malicious browser push notification, it is not a drive-by download. In a drive-by attack, the computer is infected with malware simply by visiting a malicious site; there is no user installation.
Defender is a Windows built-in antivirus and firewall product, so it does not expire. Scheduled updates are irrelevant.
Defender has no subscription to be renewed because it is automatically installed on all Windows computers (starting with Windows 7).
A technician is talking to a customer about an issue, but the customer is not sure how to locate the issue on their computer, so the technician has the customer tell them step by step to figure out the issue. What type of technique is this?
Be judgemental.
Ask a closed question.
Hang up.
Ask an open-ended question.
Ask an open-ended question.
An open-ended question that invites the other person to compose a response.
Closed questions can only be answered with a “yes” or “no” or require some other fixed response.
Hang up and be guided by whatever policy an organization has in place, but in general, if a customer is abusive or threatening, issue a caution to warn them about this behavior.
Being judgmental is not one that will help in this situation. Do not assume that the customer lacks knowledge about the system. Not understanding their point of view may frustrate them more.
Which of the following is to use clear and concise statements that avoid jargon, abbreviations, acronyms that a user might not understand?
Cultural sensitivity
Business attire
Formal attire
Proper language
Proper language
Proper language is not being overly familiar with customers. Do not use slang phrases and any language that may cause offense. When active listening, the employee makes a conscious effort to focus on what the other person is saying.
Cultural sensitivity means being aware of customs and habits used by other people.
Formal attire means matching suit clothes in sober color and minimal accessories or jewelry. This is used for business meetings.
Business casual means smart clothes. Jeans, shorts and short skirts, and T-shirts are not smart workwear. Business casual is typically sufficient for troubleshooting appointments.
A teacher wishes to reform education in their school system. They are looking for low-cost operating systems to support education. Which one is best geared towards accomplishing their goal?
Windows
ChromeOS
Linux
macOS
ChromeOS
Google develops Chrome OS to run on a specific laptop (Chromebook) and PC (Chromebox) hardware. This hardware is designed for the budget and education markets.
Originally developed by Linus Torvalds, Linux is a fully open-source OS kernel derived from UNIX. There are many different Linux distributions (distros), with each maintaining its own set of packages.
macOS is only supplied with Apple-built workstations (Apple Mac desktops and Apple iMac all-in-ones) and laptops (Apple MacBooks).
While Microsoft has special discounts and deals for education, Chrome is specifically tailored towards budget and education markets.
A threat actor poses as a hiring manager for a company and asks a user for their personal credentials and to log in to a spoofed website that looks genuine. When the user confirms log-in with the spoofed website, their information is obtained. Which of the following is this attack?
Phishing
Shoulder surfing
Whaling
Tailgating
Phishing
Phishing uses social engineering techniques to make spoofed electronic communications seem authentic to the victim. A phishing message might convince the user to perform actions, such as installing malware disguised as an antivirus program.
Tailgating is when entering a secure area without authorization by following closely behind the person who has been allowed to open the door or checkpoint.
Whaling is an attack directed specifically against levels of management in the organization. Upper management may also be more vulnerable to common phishing attacks because of their reluctance to learn basic security procedures.
Shoulder surfing attacks are when the attacker learns a password, PIN, or any secure information by watching the user type it.
A Linux server administrator notices a service they do not recognize, although the environment is quite big. They look at the help file for the ksh process, but the documentation seems poor. It does seem to indicate that it provides interactivity, however. What type of program is this?
Backup
Terminal
Antivirus
Updates
Terminal
The shell provides a command environment by which a user can operate the OS and applications. Many shell programs are available with Linux, notably Bash, zsh, and ksh (Korn shell).
Products such as Clam AntiVirus (ClamAV) and the Snort Intrusion Prevention System (IPS) can be used to block varied malware threats and attempts to counteract security systems.
apt-get is a command interface for the Advanced Packaging Tool (APT). APT is used by Debian distributions and works with .deb format packages.
Linux does not have an “official” backup tool. There are plenty of commercial and open-source backup products for Linux, however. Some examples include Amanda, Bacula, Fwbackups, and Rsync.
