CompTIA A+ Core 2 Practice Test Flashcards

Question

What uses a 4-way handshake to allow a station to associate with an access point, authenticate its credential, and exchange a key to use for data encryption? TKIP WPA3 WPA2 MFA

Answer 1

**WPA2** Wi-Fi protected access 2 (WPA2) was designed to fix critical vulnerabilities in the earlier WEP standard. WPA2 used the AES cipher deployed within the counter mode, blocking the changing message CCMP. Temporal key integrity protocol (TKIP) tries to mitigate the various attacks against WEP developed by producing a new 128-bit encryption key for every packet sent on the network. Multifactor authentication (MFA) allows the machine to establish a trust relationship and create a secure tunnel to transmit the user credentials or perform smart card authentication without a user password. Wi-Fi protected Access (WPA3) uses passphrase-based group authentication of stations in private mode; it changes the method this secret is used to agree with session keys.

Answer 2

**Kerberos** Kerberos allows a user account to authenticate to a domain controller (DC) over a trusted local cabled segment. Kerberos facilitates single sign-on (SSO). Terminal access controller access control system plus (TACACS+) is another way of implementing AAA. TACACS+ is often used in authenticating administrative access to routers, switches, and access points. Remote authentication dial-up user service (RADIUS) is implementing the AAA server when configuring enterprise authentication. Rather than storing and validating user credentials directly, it forwards data between the RADIUS server and the supplicant without reading it. Temporal key integrity protocol (TKIP) tries to mitigate the various attacks against WEP developed by producing a new 128-bit encryption key for every packet sent on the network.

Answer 3

**Erasing/wiping** Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a “clean” state, ready to be passed to the new owner. This overwriting method is suitable for all but the most confidential data. The standard formatting tool deletes partitions and writes a new file system that will only remove references to files and mark all sectors as useable. A low-level formatting tool resets a disk to its factory condition. Most of these tools will now incorporate some sanitize function. Incinerating is when the disk is exposed to high heat to melt its components. It is performed in a furnace designed for media sanitization. Municipal incinerators may leave remnants.

Answer 4

**Fingerprint scanner** A fingerprint is a type of bio gesture authentication that uses a sensor to scan the unique features of the user’s fingerprint. Facial recognition is the bio gesture that uses a webcam to scan the unique features of the user’s face. The camera records a 3-D image using its infrared (IR) sensor to mitigate attempts to use a photo to spoof the authentication mechanism. Security key uses a removable USB token or smart card. It can also use a trusted smartphone with a near-field communication (NFC) sensor. An organizational unit (OU) is a way of dividing a domain up into different administrative realms. OUs might be created to delegate responsibilities for administering company departments or locations.

Answer 5

**Force Stop** If an app fails to launch, first use Force Stop to quit it and try launching again. In Android, open Settings > Apps. Tap an app, then select Force Stop. In iOS, either swipe up or double-tap the physical Home button, then swipe the app up off the screen. Swiping is a mobile gesture that serves several purposes, such as bringing up the notification bar in Android (swipe down from the top of the screen) and bringing up a list of apps in iOS (swipe up from the bottom). AirDrop is an iOS feature that allows file transfer between iOS and macOS devices over Bluetooth. Software Update is an iOS option. The comparable Android option is a System Update.

Answer 6

**PCI DSS** Payment card industry data security standard (PCI DSS) regulations protect credit card transactions from fraud. There are specific cybersecurity control requirements; others mandate “best practices,” as represented by a particular industry or international framework. An open-source license makes it free to use, modify, and share and makes the program code used to design it available. An incident response plan (IRP) sets our procedures and guidelines for dealing with security incidents. A chain of custody form records who collected the evidence, who has handled it subsequently, where they stored it, and must show access to the evidence at every point.

Answer 7

**sudo** The sudo (superuser do) command allows any account listed in the /etc/sudoers file user to run specified commands with superuser privilege level. The chmod command can be used to secure files and directories, using either symbolic or octal notation. Only the owner can change permissions. The command chown allows the superuser to change the owner of a file or directory. Note that this right is reserved to superuser or sudoer. The rm command can be used to delete files. It can also be used with the -r option to delete directories.

Answer 8

**Private browsing mode** Private browsing mode disables the caching features of the browser so that no cookies, browsing history, form fields, passwords, or temp files will be stored when the session is closed. Clearing cache is used to delete browsing history. Browsers will maintain a history of pages visited, cache files to speed up browsing, and save text typed into form fields. Ad blockers use more sophisticated techniques to prevent displaying anything that does not seem to be part of the site’s main content or functionality. Pop-up blockers prevent a website from creating dialogs or additional windows. The pop-up technique was used to show fake advertisements and security warnings.

Answer 9

**BYOD** Bring your own device (BYOD) is a mobile device owned by the employee. The mobile is usually the most popular with employees but poses the most difficulties for security and network managers. A corporate-owned business only (COBO) device is the company's property and may only be used for company business. Corporate-owned, personally enabled (COPE) is when the company chooses and supplies the device and remains the company's property. The employee may use it to access personal email, social media accounts, and personal web browsing. Choose your own device (CYOD) is like COPE, but the employee can choose the device they want from a list.

Answer 10

**Acceptable use policy** Acceptable use policy (AUP) sets out what someone can use a particular service or resource for. The procurement life cycle includes approval request procedure changes, determining budgets, identifying a trusted supplier or vendor for the asset, deploying implementations for installing the asset in a secure configuration, maintenance, and disposal of implements. Assigned users are when hardware assets such as workstations, laptops, smartphones, tablets, and software licenses might be assigned to individual user accounts. The splash screen is a graphic design element that consists of a window containing an image, logo, and the current version of the software.

Answer 11

**Metered network** Updates may be blocked if a device is connected to a metered network. Additionally, if the operating system update is incompatible with the device model, it may cause the update to fail. Remote Authentication Dial-in User Service (RADIUS) is a protocol used to manage remote and wireless authentication infrastructures. Near-field communication (NFC) is mostly used for contactless payment readers, security ID tags, and shop shelf-edge labels for stock control. A wireless local area network (WLAN) uses radios and antennas for data transmission and reception. Most WLANs are based on the IEEE 802.11 series of standards, better known as Wi-Fi. Since the user verified that the phone was connected to Wi-Fi, WLAN would not be an issue.

Answer 12

**Enterprise wipe** Enterprise wipe can be performed against corporate containers only. The device must be enrolled with MDM. Remote wipe allows users to remotely erase the data on the device if the device is stolen or lost. Profile security requirements document the details of the secure implementation of a device. These policies are applied to different employees and different sites or areas within the site. A locator application finds a device if it is lost or stolen. Once set up, the phone's location can be tracked from any web browser when it is powered on.

Answer 13

**services.msc** The Services console (services.msc) starts, stops, and pauses processes running in the background. In order to make configuration changes, regedit.exe in this group of options would be used. The System Configuration Utility (msconfig.exe) is used to modify various settings and files that affect how the computer boots and loads Windows. The Certificate Manager (certmgr.msc) console shows which certificates have been installed and provides a mechanism for requesting and importing new certificates. The Windows registry provides a remotely accessible database for storing operating system, device, and software application configuration information. The administrator can use the Registry Editor (regedit.exe) to view or edit the registry.

Answer 14

**Spoofed app** A spoofed app is a malicious app that spoofs a legitimate app by using a similar name and fake reviews, and automated downloads to boost its apparent popularity. Once downloaded, it will act as spyware and may request permissions unrelated to its function. Sideloading is downloading apps from a source other than a trusted store. In this scenario, the app was downloaded from the trusted Apple store. An enterprise app is a custom corporate app. A locator app is a cloud app that uses a mobile-device location service to identify its current position on a map and enable security features to mitigate theft or loss.

Answer 15

**certmgr.msc** The Certificate Manager (certmgr.msc) console shows which certificates have been installed and provides a mechanism for requesting and importing new certificates. The Disk Management (diskmgmt.msc) console displays a summary of any fixed and removable disks, which includes hard disk drives (HDDs), solid-state drives (SSDs), and optical drives. The Task Scheduler (taskschd.msc) runs software and scripts according to calendar or event triggers which would not help diagnose and troubleshoot internet connectivity issues. The Local Users and Groups (lusrmgr.msc) console provides an advanced interface for creating, modifying, disabling, and deleting user accounts.

Answer 16

**Log off when not using the computer.** Log off when not in use is a habit that users must develop each time they leave a computer unattended. Policies can configure a screensaver that locks the desktop after a period of inactivity. Secure personal identifiable information (PII) and passwords are when paper copies of personal and confidential data must not leave where they could be read or stolen. Secure/protect critical hardware should be a must for users to be alert to the risk of physical theft of devices. Disabling guest accounts allow unauthorized access to the computer and may provide some sort of network access too. It is only enabled to facilitate password-less file sharing in a Windows workgroup.

Answer 17

**Unwanted notifications start popping up in Windows.** Malware often targets the browser, so clicking on a website pop-up is likely to deliver some type of infection, such as adware, which will deliver unwanted notifications. A drive-by download will infect a computer with malware because a user visited a malicious site. However, in this scenario, the user was not passive. They actively interacted with the pop-up to install the adware. BitLocker is an encryption tool, not an antivirus tool. User Account Controls (UACs) prevent the unauthorized use of administrative privileges. They are enabled by default but can be disabled.

Answer 18

**.ps1** .ps1 is the PowerShell script file. Microsoft provides the Windows PowerShell Integrated Scripting Environment (ISE) for rapid development. .sh is the Linux shell script extension by convention. Every shell script starts with a shebang line that designates which interpreter to use, such as Bash or Ksh. .js is the JavaScript file extension. JavaScript is a scripting language designed to implement interactive web-based content and web applications. Most web servers and browsers are configured with a JavaScript interpreter. .py is the Python file extension. Python is a general-purpose scripting and programming language that can develop both automation scripts and software applications.

Answer 19

**SSH** Secure shell (SSH) is also a remote access protocol, but it connects to a command interpreter rather than a desktop window manager. Remote desktop protocol (RDP) implement terminal server and client functionality. RDP authentication and session data are always encrypted. A virtual private network (VPN) establishes a tunneled link that joins a local computer to a remote network. Establish a VPN link and then use a remote desktop to connect to a host on the private network. Virtual network computing (VNC) is a freeware product similar to RDP. It works over TCP port 5900. Not all versions of VNC support connection security.

Answer 20

**UAC** User account control (UAC) is a Windows security feature designed to protect the system against malicious scripts and attacks that could exploit the powerful privileges assigned to members of the Administrators group. A personal identification number (PIN) can contain letters and symbols. It is a passcode used to process authentication of a user accessing a system. A fingerprint is the type of bio gesture authentication that uses a sensor to scan the unique features of the user’s fingerprint. Single sign-on (SSO) means that a user authenticates once to a device or network to access multiple applications or services.

Answer 21

**APK sideloading** APK (Android Package) is the file format for Android apps. APK sideloading refers to downloading apps from a source other than Google's Play store. Jailbreaking removes the protective seal and any operating system-specific restrictions to give users greater control over the device. iOS jailbreaking is accomplished by booting the device with a patched kernel. Rooting or gaining root access on an Android-based phone means gaining super user-level access over the device. A bootleg app is a software that illegally copies or imitates a commercial product or brand. In this scenario, the teenager used a legitimate site.

Answer 22

**Administrator** A user account from the administrator’s group can perform all management tasks and generally has very high access to all files and other objects in the system. A guest user is a group only present for a legacy reason. It has the same default permissions and rights as the user group. A standard account is a member of the users group. This group is generally only able to configure settings for its profile. The power users groups are present to support legacy applications. This group has the same permissions as the standard user group.

Answer 23

**Rotation lock is enabled.** When a screen does not autorotate, it could be that the rotation lock is enabled. In iOS, the rotation lock is found in the Control Center. In Android, the rotation lock is found in the navigation bar. If the rotation lock is disabled, the screen should autorotate. If it does not, the problem is probably hardware-related. Screen Lock is a security feature for mobile devices. If enabled, it activates if the device is unused or the user activates it. Most devices require a pin or password to unlock the screen. Screen Lock is a security feature for mobile devices. If it is disabled, no pin or password is required. Generally, some swipe gestures will unlock the screen.

Answer 24

**Safe Mode loads only the minimum amount of drivers and services to start the system.** By using only essential drivers and services to boot, Safe Mode can boot the computer when a normal boot fails, as in this scenario. The blue screen of death (BSoD) is mostly due to faulty hardware, especially at startup. CHKDSK scans the hard drive to find and repair errors, and it can be run in Safe Mode and many other analysis and recovery tools. Safe Mode allows antivirus scans to run in an environment that will not trigger viruses or malware. While Safe Mode provides a favorable environment for troubleshooting, it is not required to use the many troubleshooting tools available in Windows, such as Task Manager, Resource Manager, and Device Manager.

Answer 25

**Data-at-rest encryption** Data on persistent storage, like HDDs, SSDs, and thumb drives, is known as data-at-rest. To protect data-at-rest against these risks, the information stored on a disk can be encrypted. Disable AutoRun so that malware can not be installed automatically. Some versions of Windows require an optical disc inserted or USB drive to be attached so that the AutoRun command installs. Disabling Autoplay will make the computer unable to play new content automatically. Use timeout/screen lock is when the desktop is locked if the system detects no user-input device activity. Users should not rely on this and lock the computer manually when leaving it unattended.

Answer 26

**Selective suspend** The administrator can enable Universal Serial Bus (USB) selective suspend to turn off power to peripheral devices. The fast startup uses the hibernation file to instantly restore the previous system RAM contents and make the computer ready for input more quickly than the traditional hibernate option. Hibernate mode suspends to disk. It saves any open but unsaved file data in memory to disk (as hiberfil.sys in the root of the boot volume) and then turns the computer off, which is also referred to as ACPI mode S4. Modern standby utilizes a device's ability to function in an S0 low-power idle mode to maintain network connectivity without consuming too much energy.

Answer 27

**The share was created on a Windows desktop.** The Share tab in the folder's Properties dialog can customize permissions, change the share name, and limit the number of simultaneous connections. Windows desktop versions are limited to 20 inbound connections. If more than 20 users access the share, the data should be stored on file servers rather than local client computers. The proxy settings will not affect users' ability to access the file share in this scenario. It could cause issues accessing the internet, however. If the domain name system (DNS) were causing an issue, the users would not be limited to 20 people. It is possible that load-balanced DNS servers could cause issues if one is incorrect.

Answer 28

**Refresh** Windows supports refresh and reset options to try to repair the installation. Using refresh recopies the system files and reverts most system settings to the default but can preserve user personalization settings, data files, and more. Using the full reset option deletes the existing OS plus apps, settings, and data ready for the OS to be reinstalled. A factory recovery partition is a tool used by the original equipment manufacturers (OEMs) to restore the OS environment to its ship state. The recovery partition is created on the internal fixed drive. The OS setup media might not contain drivers for certain hardware devices, but this could be part of an unattended file.

Answer 29

**Screen-sharing** Screen-sharing is software that is designed to work over HTTPS across the internet. This is secure because the connection is encrypted but also easier to implement as it does not require special firewall rules. Some web-conferencing and videoconferencing software, like Microsoft Teams and Zoom, provides a screen-sharing client that participants may control. With file transfer, users can choose a file-sharing protocol that can be used across all connected hosts. It allows configuring permissions on the share and provisioning user accounts that are recognized by both the server and client. Desktop management suites are designed for deployment by a single organization and focus primarily on access control and authorization.

Answer 30

**UEFI** When the disk uses GPT partitioning, the system firmware must be set to use the Unified Extensible Firmware Interface (UEFI) boot method. The disk will not be recognized as a boot device if the boot method is set to BIOS. While the scenario did not specify which OS the administrator was upgrading to, Windows 11 requires a CPU or motherboard supporting trusted platform module (TPM) version 2. The master boot record (MBR) partition style stores a partition table in the first 512-byte sector on the disk, which is different from UEFI.

Answer 31

**Accessibility** The Accessibility preference pane is used to configure assistive vision and sound options, such as VoiceOver narration of screen elements, cursor size and motion settings, zoom tools, display contrast, font sizes, and captioning. macOS has options to configure what analytics/telemetry data and personalized information can be collected. Users can adjust these options via the Security & Privacy preference pane. The Time Machine preference pane lets data back up to an external drive or partition formatted using either the Apple File System (APFS) or macOS’s older extended file system. The Mission Control feature is used for window management and enables users to set up multiple desktops.

Answer 32

**File transfer** File transfer allows users to select a file-sharing protocol that all the connecting hosts can use. Using this, both the server and client can configure permissions on the shared folders and provision user accounts. Videoconferencing or web-conferencing software, such as Microsoft Teams or Zoom, includes a screen-share client, and some also participants to be granted control of the share. Screen-sharing is software designed to work over HTTPS across the internet; this is secure because the connection is encrypted and easier to implement as it does not require special firewall rules. Desktop management suites are designed for deployment by a single organization and focus primarily on access control and authorization.

Answer 33

**.apk** An .apk file is a format for Android. The vulnerability manager only has Apple in their environment. Unknown sources enable untrusted apps to be downloaded from a website and installed using the .APK file format. DMG (disk image) format is used for simple installs where the package contents need to be copied to the Applications folder. PKG format is used where app setup needs to perform additional actions, such as running a service or writing files to multiple folders. The app is placed in a directory with a .APP extension in the Applications folder when it has been installed.

Answer 34

**Indexing options** Search is also governed by settings configured in the Indexing Options applet. A corrupted index is a common cause of search problems. A user account controls access to the computer. Each account can be assigned rights or privileges to make OS configuration changes. Accounts can also be assigned permissions on files, folders, and printers. A file or folder can be marked as "Hidden" through its file attributes. Files marked as hidden are not shown by default but can be revealed by setting the "Show hidden files, folders, and drives" option. Hide protected operating system files configures files marked with the System attribute as hidden.

Answer 35

**Web** When users reboot an Apple Mac, if the startup drive is not available for any reason and it is connected to the internet, the computer will try to boot from a web-based drive. The Terminal can be used to access the command-line environment, which uses either the Z shell (zsh) or Bash. Older macOS versions use Bash, while zsh is the default from Catalina up. If a macOS app stops responding, it should be possible to close it down and restart without restarting the computer, using Run Force Quit from the Apple menu or press COMMAND+OPTION+ESC. FileVault is a disk encryption product. Encryption protects the data stored on a disk against the possibility that a threat actor could remove it.

Answer 36

**WWAN** Wireless Wide Area Network (WWAN) uses a cellular adapter to connect to the internet via a provider's network. These networks are typically metered with a set data limit. A virtual private network (VPN) connects the components and resources of two (private) networks over another (public) network. Almost all wired network connections are based on some Ethernet. The adapter's media type must match the switch it is connected to. While WWAN could be considered wireless, wireless generally refers to a computer that connects to the 2.4 or 5 GHz spectrum with a limited physical range.

Answer 37

**A malicious browser push notification tricked the student into downloading malware.** One way to infect a host with malware is to misuse the browser push notification system that allows a website to send messages. Often these messages are designed to trick users into installing malware by disguising it as an antivirus update. While this scenario describes a malicious browser push notification, it is not a drive-by download. In a drive-by attack, the computer is infected with malware simply by visiting a malicious site; there is no user installation. Defender is a Windows built-in antivirus and firewall product, so it does not expire. Scheduled updates are irrelevant. Defender has no subscription to be renewed because it is automatically installed on all Windows computers (starting with Windows 7).

Answer 38

**MSDS** A material safety data sheet (MSDS) includes information about recycling any waste product or disposing of it safely by government regulations. Electrical fire safety ensures that equipment is properly stored and away from any flammable material and electrical wires do not start a fire. Surge suppressor devices come in the form of adapters, trailing sockets, or filter plugs, with the protection circuitry built into the unit. These devices offer low-cost protection to one or two pieces of equipment. Proper power handling is done with the correct training. PC power supply units can carry dangerously high levels of voltage. Disconnection of power should be done before repairing a PC.

Answer 39

**Circumvent security software.** Microsoft does not directly support users and would never randomly contact a user. This scenario is a scam to try to steal a user's credentials. Microsoft would not receive a malware alert because the company does not directly support users. Also, Microsoft would not contact a user. Microsoft does not directly support users and does not receive malware alerts about any user. Moreover, the company does not call users or email users. Microsoft does not call users and would not receive an antivirus alert that would cause the company to generate a notification.

Answer 40

**Change board approval** Change board approvals are when a serious change request is made, and approvals go to a change advisory board (CAB). The CAB should include stakeholders for departments, users, or customers whom the change will impact and those proposing it, technicians responsible for implementing it, and managers/directors who can authorize the budget. Sandbox testing is a computing environment designed to replicate the production environment but isolated from it. A rollback plan is when a change can be reversed if it has harmful or unforeseen consequences. Risk levels are included in the risk assignment that could be expressed as a discrete value or as a traffic light-type of indicator, where red is high, orange is moderate risk, and green is minimal risk.

Answer 41

**VPN** A virtual private network (VPN) connects the components and resources of two (private) networks over another (public) network. Wireless Wide Area Network (WWAN) uses a cellular adapter to connect to the internet via a provider's network. These networks are typically metered with a set data limit. A mapped drive is a share that has been assigned to a drive letter on a client device. To map a share as a drive, right-click it and select Map Network Drive. While it is best practice to configure DNS settings to resolve the VPN concentrator, technically, it could be done with an IP.

Answer 42

**Surge suppressor** Surge suppressors are passive protection devices that can filter out the effects of surges and spikes. A compressed air blaster can be used to dislodge dust from difficult-to-reach areas. When performing this sort of maintenance within a controlled area, wear an appropriate air-filter mask and goggles. Antistatic bags are packages that reduce the risk of ESD because it is coated with a conductive material. Anti-ESD wrist straps should fit snugly around the wrist or ankle so that the metal stud makes contact with the skin. Wearing an anti-ESD wrist strap causes the static charge to dissipate more effectively. previous

Answer 43

**UPS** An uninterruptible power supply (UPS) will provide a temporary power source in the event of complete power loss. An alternate power source can be a backup battery to a generator. Surge suppressors are passive protection devices that can filter out the effects of surges and spikes. These devices offer low-cost protection to one or two pieces of equipment. An electrical device has a fuse appropriate to its maximum current. If the current increases past the fuse capacity, the fuse will blow. However, if the fuse fitted is rated too low, the fuse will blow too easily. Voltage is the potential difference between two points measured in volts (V).

Answer 44

**CSIRT** The computer security incident response team (CSIRT) is used in some larger organizations to provide a range of decision-making and technical skills required to deal with different types of incidents. An open-source license makes it free to use, modify, and share and makes the program code used to design it available. An incident response plan (IRP) sets the procedures and guidelines that an IT team must adopt to deal with security incidents. A chain of custody form records who collected the evidence, who has handled it subsequently, where they stored it, and must show access to the evidence at every point.

Answer 45

**Installation of applications** Installation of applications is used in Windows as a setup file that can be executed in silent mode using the command switches for its installer. In Linux, scripts are often used to compile apps from source code. In Windows Power, hundreds of Get verb cmdlets gather information/data from a Windows subsystem. Bash supports numerous commands to manipulate text. The initiation of updates takes place through wusa.exe in Windows, which processes batch files to initiate a typical update. The PSWindowsUpdate module in PowerShell contains numerous cmdlets. Users can use apt.get/apt or yum from a Bash script in Linux.

Answer 46

**Problem resolution** Problem resolution sets out the plan of action and documents the successful implementation and testing of the plan and full system functionality. Problem description records the initial request with any detail that could easily be collected at the time. Progress notes record what diagnostic tools and processes have been discovered and identify and confirm a probable cause. Escalation levels occur when an agent cannot resolve the ticket. The support team can be organized into tiers to clarify the escalation levels. The ticket owner is the person responsible for managing the ticket.

Answer 47

**Check HOSTS files for malicious entries** This scenario describes a redirection when a user tries to open one page but is sent to another. Here, it appears adware is driving traffic to another site to increase clicks. Since HOSTS maps domain names to IP addresses, the HOSTS file in the registry would show malicious entries to re-route IP addresses. The Domain Name Server (DNS) is a server, not a browser. However, the nslookup command can be used to check DNS records. Any problem with a website's certificate will likely generate a message. It will not send a user to another website. The System Configuration Utility modifies various settings and files that affect how the computer boots and loads Windows.

Answer 48

**TACACS+** Terminal access control system plus (TACACS+) is one way of implementing authentication, authorization, and accounting (AAA). TACACS+ is often used in authenticating administrative access to routers, switches, and access points. Remote authentication dial-up user service (RADIUS) is implementing the AAA server when configuring enterprise authentication. Rather than storing and validating user credentials directly, it forwards data between the RADIUS server and the supplicant without reading it. Kerberos allows a user account to authenticate to a domain controller (DC) over a trusted local cabled segment. Kerberos facilitates single sign-on (SSO). Advanced encryption standard (AES) is the standard encryption used by WPA2 and the strongest encryption standard to use by Wi-Fi.

Answer 49

**Rollback plan** A rollback plan is when a change can be reversed if it has harmful or unforeseen consequences. Change board approvals are when a serious change request is made, and approvals go to a change advisory board (CAB). The CAB should include stakeholders for departments, users, or customers whom the change will impact and those proposing it, technicians responsible for implementing it, and managers/directors who can authorize the budget. Sandbox testing is a computing environment designed to replicate the production environment but isolated from it. Risk levels are included in the risk assignment that could be expressed as a discrete value or as a traffic light-type of indicator, where red is high, orange is moderate risk, and green is minimal risk.

Answer 50

**Dedicated graphics card** A demanding application, such as graphic design software or a game, will likely require a dedicated graphics card with video RAM, separate from the general system RAM. An integrated graphics card would not be enough to handle a demanding application such as graphic design software. While a 64-bit CPU would probably help in this instance, a dedicated graphics card would provide the resource chokepoint for the 3D application. An external hardware token is a smart card or USB form factor device that stores cryptographic user identification data. The user must present the token and supply a password, PIN, or fingerprint scan to authenticate.

Answer 51

**Anti-malware** Anti-malware is computer software used to avoid, identify, and eliminate malware. Anti-malware is like antivirus software but for more up-to-date malware. Recovery mode is the step-by-step processing of manual removal to disable persistence mechanisms and reconfigure the system to its secure baseline. OS reinstallation is when the antivirus software cannot recover data from infected files, and a user must complete a system restore. Security-awareness training is usually delivered to employees at all levels, including end-users, technical staff, and executives. The training includes anti-phishing, software firewalls, passwords, malware threats, and more.

Answer 52

**Frequency** Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds. Retention is the period that any given backup job is kept for. Short-term retention is important for version control and for recovering from malware infection. Full with incremental means that the chain starts with a full backup and then runs incremental jobs that select only new files and files modified since the previous job. Full with differential means that the chain starts with a full backup and then runs differential jobs that select new files and files modified since the original full job.

Answer 53

**Sandbox** Sandbox testing is a computing environment designed to replicate the production environment but isolated from it. End-user acceptance must be accounted for when a change of plan is implemented. It can be difficult for people to adapt to new processes and easy for them to magnify minor problems into major complaints. A rollback plan is when a change can be reversed if it has harmful or unforeseen consequences. Affected systems must be considered in the implementation of change. Companies should first attempt to test the change for the most significant or major changes.

Answer 54

**Content filtering** Content filtering means that the firewall downloads curated reputation databases that associate IP address ranges, Fully Qualified Domain Names (FQDNs), and URL web addresses with sites known to host various categories of content. Changing channels can be accessed by using a Wi-Fi analyzer to identify which channel within the access point’s range is least congested. Disable guest access when a user does not want a guest network. The guest network is usually isolated from the other local devices. Guests can connect to this network and access the internet without a password. Encryption settings allow users to set the authentication mode.

Answer 55

**Mapped drive** A mapped drive is a share that has been assigned to a drive letter on a client device. To map a share as a drive, right-click it and select Map Network Drive. A user may be mapping a file server, but mapped drives do not always exist on file servers. They could be on network-attached storage or shared directly from another client machine. The user is not mapping a print share with this command, but printers can be shared through various means, such as a print server. This command does not configure the proxy. The settings for proxy information can be found in internet options.

Answer 56

**UPnP** The universal plug-and-play (UPnP) framework sends instructions to the firewall with the correct configuration parameters to allow applications to work. A screened subnet establishes a more secure configuration. The idea of a screened subnet is that some hosts are placed in a separate network segment with a different IP subnet address range than the rest of the local area network (LAN). Static IP can be auto configured as a DHCP reservation, but if manual configuration is required, follow the service provider’s instructions to configure the correct address on the router’s Wide Area Network (WAN) interface. Encryption settings allow users to set the authentication mode.

Answer 57

**Healthcare data** Healthcare data refers to medical and insurance records plus associated hospital and laboratory test results. Personal government-issued information is issued to individuals by federal or state governments. Personal information may be social security numbers, passports, driving licenses, and birth/marriage certificates. Personally identifiable information (PII) is data that can be used to identify, contact, locate an individual or, in the case of identity theft, impersonate that individual. The open-source license makes it free to use, modify, and share and makes the program code used to design it available.

Answer 58

**Gain unrestricted access.** The goal of rooting and jailbreaking is to gain unrestricted access, or privilege escalation, by subverting the security controls built into iOs or Android. This also has the side effect of leaving many security measures permanently disabled. Publishing malicious apps is the purview of rogue developers. It is not the goal of rooting and jailbreaking. Bootlegging is developing software that illegally copies or imitates a commercial product or brand. Spoofing is developing a malicious app that spoofs a legitimate app by using a similar name and fake reviews, and automated downloads to boost its apparent popularity.

Answer 59

**An image** A backup of everything on the computer, including the installation, settings, apps, and files, is also called an image. Reimaging is not a backup. It removes system files and resets all PC settings to default, usually done when the hard disk or operating system is damaged or malware-infected. An update fixes or improves the computer's operating system, drivers, or software. Nothing else is changed, and nothing on the computer is backed up. If an update to Windows or an application/program causes problems with the computer, it can be rolled back (uninstalled).

Answer 60

**sfc** Historically, most attended installations and upgrades were run by booting from optical media (CD-ROM or DVD). The optical drive must be set as the priority boot device. Another problem with disc-based installs is that the setup disc quickly becomes out-of-date. USBs became more popular later on for the ability to load the latest install. A computer that supports network boot could also be configured to boot to set up over the internet. Once the OS has been installed, the user will usually want to set the internal hard drive as the default (highest priority) boot device and disable any other boot devices.

Answer 61

**Configuration** Since the technician knew the problem based on the phone model, the most likely cause would involve configuration issues between the device and the wireless access point related to the 802.11 standard or the GHz band. Signal strength can be affected by distance but not likely by the phone model. The phone model would not impact interference from other devices or thick walls or metal. Concerning smartphones, throttling refers to a purposeful reduction in phone performance by a manufacturer's update to the device that instructs it not to perform at its maximum capabilities.

Answer 62

**Pattern** Pattern requires the user to swipe a “join-the-dots” pattern. The pattern method has numerous weaknesses. Swipe is a gesture that means that access to the device is unauthenticated. Simply swiping across the screen will unlock the device. Facial recognition is a method that creates a template computer from a 3-D image of the user’s face. A facial bio gesture has the advantage of using the camera rather than a special sensor. Personal identification numbers (PINs) are used on most devices to enable screen lock authentication and generate an encryption key. The PIN can act as a primary or backup authentication method.

Answer 63

**Change default passwords.** Change the default password to secure the administrator account. Choose a new strong password of 12 characters or more. Physical placement of any router or network appliance should be made to a secure location. A non-malicious threat actor could damage or power off an appliance by accident. Firmware updates are important because it allows the user to fix security holes and support the latest security standards. Service set ID (SSID) is a simple, case-sensitive name that users identify the WLAN. The factory configuration uses a default SSID that is typically based on the device brand or model, which should be changed so users will recognize the network.

Answer 64

**SSO** Single sign-on (SSO) means that a user authenticates once to a device or network to access multiple applications or services. User account control (UAC) is a Windows security feature designed to protect the system against malicious scripts and attacks that could exploit the powerful privileges assigned to members of the Administrators group. A personal identification number (PIN) can contain letters and symbols. It is a passcode used to process authentication of a user accessing a system. A fingerprint is the type of bio gesture authentication that uses a sensor to scan the unique features of the user’s fingerprint.

Answer 65

**Secure connection** A secure connection validates the host's identity running a site and encrypts communications to protect against snooping. An untrusted source is when an installer cannot be verified through a digital signature or has been a security risk and is likely to expose the user to unwanted adverts. Some untrusted sources do not block ads or have pop-up blockers. Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices. Pop-up blockers prevent a website from creating dialogs or additional windows. The pop-up technique was used to show fake advertisements and security warnings.

Answer 66

**Antistatic bags** Antistatic bags are packages that reduce the risk of ESD because it is coated with a conductive material. Anti-electrostatic discharge (ESD) straps are worn to dissipate static charges effectively. The band should fit snugly around the wrist or ankle so that the metal stud contacts the skin. Electrostatic discharge (ESD) mats are used to organize sensitive components. The mats contain a snap connected to the wrist or leg strap. Dissipative packaging is light pink or blue packaging that reduces the buildup of static in the general vicinity of the contents by being slightly more conductive than normal.

Answer 67

**Gaming** Game mode suspends Windows Update and dedicates resources to supporting the active game app's 3D performance and frame rate rather than other software or background services. The System Settings page in the Settings app presents options for configuring input and output devices, power, remote desktop, notifications, and clipboard (data copying). The Devices settings pages contain options for input devices (mice, keyboards, and touch), print/scan devices, and adding and managing other peripherals attached over Bluetooth or USB. In the Settings app, the Apps group is used to view and remove installed apps and Windows Features.

Answer 68

**Android** Android is a smartphone/tablet OS developed by the Open Handset Alliance, primarily driven by Google. Unlike iOS, it is an open-source OS based on Linux. iOS is the operating system for Apple's iPhone smartphone and original models of the iPad tablet. Like macOS, iOS is also derived from UNIX and developed as a closed-source operating system. The iPadOS has been developed from iOS to support the functionality of the latest iPad models (2019 and up). The macOS is a closed-source operating system that does not allow users to make changes.

Answer 69

**Refresh** Windows supports refresh and reset options to try to repair the installation. Using refresh recopies the system files and reverts most system settings to the default but can preserve user personalization settings, data files, and more. Using the full reset option deletes the existing OS plus apps, settings, and data ready for the OS to be reinstalled. A factory recovery partition is a tool used by the original equipment manufacturers (OEMs) to restore the OS environment to its ship state. The recovery partition is created on the internal fixed drive. The OS setup media might not contain drivers for certain hardware devices, but this could be part of an unattended file.

Answer 70

**Change default administrator account.** These default accounts have practical limitations and consequently are the ultimate target for threat actors. Any use of the default administrator account must be logged and accounted for. Disabling guest accounts allow unauthorized access to the computer and may provide some sort of network access too. It is only enabled to facilitate password-less file sharing in a Windows workgroup. Restrict user permission means some networks have complex requirements for assigning rights. However, the basic principle is that the number of accounts with administrator privileges should be as few as possible. Restrict login times are typically used to prevent an account from logging in at an unusual time of the day or night or during the weekend.

Answer 71

**The share was created on a Windows desktop.** The Share tab in the folder's Properties dialog can customize permissions, change the share name, and limit the number of simultaneous connections. Windows desktop versions are limited to 20 inbound connections. If more than 20 users access the share, the data should be stored on file servers rather than local client computers. The proxy settings will not affect users' ability to access the file share in this scenario. It could cause issues accessing the internet, however. If the domain name system (DNS) were causing an issue, the users would not be limited to 20 people. It is possible that load-balanced DNS servers could cause issues if one is incorrect.

Answer 72

**netstat** The netstat command can investigate open ports and connections on the localhost, which will help to investigate potential command and control connections established by malware on the localhost. The hostname command returns the name configured on the local machine. The DNS server can also contain records to point machines to the host. Several net and net use command utilities can be used to view and configure shared resources on a Windows network. Accounts can be managed at the command line using net users, which must be executed in an administrative command prompt.

Answer 73

**Extended support** During the extended support phase, the product is no longer commercially available, but the vendor issues critical patches. An end-of-life (EOL) system is one that its developer or vendor no longer supports. EOL systems no longer receive security updates and therefore represent a critical vulnerability. A public beta phase might be used to gather user feedback. Microsoft operates a Windows Insider Program where users can sign up to use early release Windows versions and feature updates. When the product is being actively marketed during the supported phase, the vendor releases regular patches to fix critical security and operational issues and feature upgrades to expand OS functionality.

Answer 74

**Anti-malware** Anti-malware applications designed for mobile devices tend to work more like content filters to block access to known phishing sites and block adware/spyware activity by apps. Failed login attempts mean that the device locks for a set period if an incorrect passcode or bio gesture is used; this deters attempts to guess the passcode or use a spoofed biometric. OS updates are as critical as it is for a desktop computer. The install base of the iOS is generally better at applying updates because of the consistent hardware and software platform. Firewall applications for mobile devices can monitor app activity and prevent connections to ports or IP addresses.

Answer 75

**User training** Different desktop styles introduced by a new OS version or changing from one OS to another can generate issues as users struggle to navigate the new desktop and file system. An upgrade project must take account of this and prepare training programs. While the scenario did not specify which OS the administrator was upgrading to, Windows 11 requires a CPU or motherboard supporting trusted platform module (TPM) version 2. When data is written to an NTFS volume, it is re-read, verified, and logged via journaling. In the event of a problem, the sector concerned is marked as bad and the data relocated. The Dynamic Disks feature allows multiple physical disks to be combined into volumes.

Answer 76

**Device encryption** Device encryption is enabled automatically when a user configures a passcode lock on the device. A remote backup application is the backup of data, apps, and settings to the cloud. A user may choose to use a different backup provider or a third-party provider like Dropbox. Profile security requirements document the details of the secure implementation of a device. These policies are applied to different employees and different sites or areas within the site. A locator application finds a device if it is lost or stolen. Once set up, the phone's location can be tracked from any web browser when it is powered on.

Answer 77

**Password manager** Password managers suggest a strong password at each new account sign-up or credential reset and autofill this value when the user needs to authenticate to the site. Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices. Secure connection validates the host's identity running a site and encrypts communications to protect against snooping. Ad blockers use more sophisticated techniques to prevent displaying anything that does not seem to be part of the site's main content or functionality. Many sites detect ad blockers and do not display any content while enabling filtering.

Answer 78

**PII** Personally identifiable information (PII) is data that can be used to identify, contact, or locate an individual or impersonate that individual in the case of identity theft. PII is any representation of information that authorizes the identity of an individual. The open-source license makes it free to use, modify, and share and makes the program code used to design it available. Healthcare data refers to medical and insurance records plus associated hospital and laboratory test results. The chain of custody form records where, when, and who collected the evidence, handled it subsequently, and stored it.

Answer 79

**Windows 7 Home to Windows 10 Enterprise** Users cannot upgrade from a Home to an Enterprise edition. If users consider an in-place upgrade, they must check that the current OS version is supported as an upgrade path to the intended version. Users can upgrade from Windows 7 Home Premium to Windows 10 Home or Pro. With Windows, users have to consider the edition when upgrading. Users can upgrade from Windows 10 Home to Windows 10 Pro. Downgrading the edition is supported in some circumstances (Windows 7 Professional to Windows 10 Home, for instance), but this only retains documents and other data, not apps and settings.

Answer 80

**A malicious browser push notification tricked the student into downloading malware.** One way to infect a host with malware is to misuse the browser push notification system that allows a website to send messages. Often these messages are designed to trick users into installing malware by disguising it as an antivirus update. While this scenario describes a malicious browser push notification, it is not a drive-by download. In a drive-by attack, the computer is infected with malware simply by visiting a malicious site; there is no user installation. Defender is a Windows built-in antivirus and firewall product, so it does not expire. Scheduled updates are irrelevant. Defender has no subscription to be renewed because it is automatically installed on all Windows computers (starting with Windows 7).

Answer 81

**Ask an open-ended question.** An open-ended question that invites the other person to compose a response. Closed questions can only be answered with a “yes” or “no” or require some other fixed response. Hang up and be guided by whatever policy an organization has in place, but in general, if a customer is abusive or threatening, issue a caution to warn them about this behavior. Being judgmental is not one that will help in this situation. Do not assume that the customer lacks knowledge about the system. Not understanding their point of view may frustrate them more.

Answer 82

**Proper language** Proper language is not being overly familiar with customers. Do not use slang phrases and any language that may cause offense. When active listening, the employee makes a conscious effort to focus on what the other person is saying. Cultural sensitivity means being aware of customs and habits used by other people. Formal attire means matching suit clothes in sober color and minimal accessories or jewelry. This is used for business meetings. Business casual means smart clothes. Jeans, shorts and short skirts, and T-shirts are not smart workwear. Business casual is typically sufficient for troubleshooting appointments.

Answer 83

**ChromeOS** Google develops Chrome OS to run on a specific laptop (Chromebook) and PC (Chromebox) hardware. This hardware is designed for the budget and education markets. Originally developed by Linus Torvalds, Linux is a fully open-source OS kernel derived from UNIX. There are many different Linux distributions (distros), with each maintaining its own set of packages. macOS is only supplied with Apple-built workstations (Apple Mac desktops and Apple iMac all-in-ones) and laptops (Apple MacBooks). While Microsoft has special discounts and deals for education, Chrome is specifically tailored towards budget and education markets.

Answer 84

**Phishing** Phishing uses social engineering techniques to make spoofed electronic communications seem authentic to the victim. A phishing message might convince the user to perform actions, such as installing malware disguised as an antivirus program. Tailgating is when entering a secure area without authorization by following closely behind the person who has been allowed to open the door or checkpoint. Whaling is an attack directed specifically against levels of management in the organization. Upper management may also be more vulnerable to common phishing attacks because of their reluctance to learn basic security procedures. Shoulder surfing attacks are when the attacker learns a password, PIN, or any secure information by watching the user type it.

Answer 85

**Terminal** The shell provides a command environment by which a user can operate the OS and applications. Many shell programs are available with Linux, notably Bash, zsh, and ksh (Korn shell). Products such as Clam AntiVirus (ClamAV) and the Snort Intrusion Prevention System (IPS) can be used to block varied malware threats and attempts to counteract security systems. apt-get is a command interface for the Advanced Packaging Tool (APT). APT is used by Debian distributions and works with .deb format packages. Linux does not have an "official" backup tool. There are plenty of commercial and open-source backup products for Linux, however. Some examples include Amanda, Bacula, Fwbackups, and Rsync.

Answer 86

**GFS** Grandfather-father-son (GFS) is a backup rotation scheme that uses son tapes to store the most recent data and have the shortest retention period. Grandfather tapes are the oldest and have the longest retention period. 3-2-1 backup rule is a best-practice maxim that users can apply to their backup procedures to verify that they are implementing a solution to mitigate the widest possible range of disaster scenarios. The synthetic full backup is not generated directly from the original data but instead assembled from other backup jobs. Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.

Answer 87

**Windows Firewall** Windows Defender Firewall determines which processes, protocols, and hosts can communicate with the local computer over the network. In account settings, email & accounts are where sign-in credentials for other accounts can be added, such as email or social networking, which allows quick access. The System Settings page in the Settings app presents options for configuring input and output devices, power, remote desktop, notifications, and clipboard (data copying). Device Manager allows users to view and edit the properties of installed hardware. They can change hardware configuration settings, update drivers, or remove/disable devices.

Answer 88

**Circumvent security software.** Microsoft does not directly support users and would never randomly contact a user. This scenario is a scam to try to steal a user's credentials. Microsoft would not receive a malware alert because the company does not directly support users. Also, Microsoft would not contact a user. Microsoft does not directly support users and does not receive malware alerts about any user. Moreover, the company does not call users or email users. Microsoft does not call users and would not receive an antivirus alert that would cause the company to generate a notification.

Answer 89

**Rootkit** A rootkit is a malware that uses an exploit to escalate privileges after installation. The malware runs as a root with unrestricted access to everything from the root of the file system. Ransomware is malware that tries to extort money from the victim. Keylogger is spyware that actively attempts to steal confidential information by recording keystrokes. The attacker will usually hope to discover passwords or credit card data. Cryptominer hijacks the resources of the host to perform cryptocurrency mining. Cryptomining is often performed across botnets which are also referred to as cryptojacking.

Answer 90

**Microsoft account** Microsoft accounts are managed via an online portal and identified by an email address. Configuring access to an account creates a profile associated with a local account. A local account is defined on that computer only and stored in a database known as the security account manager (SAM). A local account cannot log on to a different computer or access a file over the network. A user account from the administrator’s group can perform all management tasks and generally has very high access to all files and other objects in the system. A guest user is a group only present for a legacy reason. It has the same default permissions and rights as the user group.

Answer 91

**Log off when not using the computer.** Log off when not in use is a habit that users must develop each time they leave a computer unattended. Policies can configure a screensaver that locks the desktop after a period of inactivity. Secure personal identifiable information (PII) and passwords are when paper copies of personal and confidential data must not leave where they could be read or stolen. Secure/protect critical hardware should be a must for users to be alert to the risk of physical theft of devices. Disabling guest accounts allow unauthorized access to the computer and may provide some sort of network access too. It is only enabled to facilitate password-less file sharing in a Windows workgroup.

Answer 92

**Incident report** An incident report is the summary of opinions from users/customers, technicians, managers, and stakeholders with some business or ownership in response to an incident. Asset tags can be affixed to a device as a barcode label or radio frequency ID (RFID) sticker. An RFID tag is a chip programmed with asset data. The network topology diagram shows how assets are linked as nodes. A topology diagram can model physical and logical relationships at different levels of scale and detail. Asset-management database systems can be configured to store details such as type, model, serial number, asset ID, location, user(s), value, and service information.

Answer 93

**Lifting techniques** Lifting techniques are included in site safety handbooks and guidance sets out in jobs to show employees that lifting a heavy object in the wrong way can damage their back or cause muscle strains and damage the object. Safety goggles are used to minimize the risk of burns from corrosive materials such as broken batteries, cellphones, tablets, or irritation from particles such as toner or dust. An air filter mask that fits over the mouth and nose is a recommended face covering when working with compressed air, toner spills, or working in a dusty environment. An air filter mask will not protect the eyes. Trip hazards are caused by putting any object in pathways where people walk.

Answer 94

**DoS** A denial of service (DoS) attack causes a service at a given host to fail or become unavailable to legitimate users. An on-path attack is a specific type of spoofing where the threat actor can covertly intercept traffic between two hosts or networks, allowing the threat actor to read and possibly modify the packets. An insider threat is an employee or other person with immediate access to internal components of the company or organization. Distributed DoS (DDoS) means that the attacks are launched from multiple compromised systems, referred to as botnet, to perform the attack against its target.

Answer 95

**Firewall** In this scenario, one place to troubleshoot is the host-based firewall. Select "Allow an app through the firewall" to allow or block programs (configure exceptions) from the Windows Firewall status page. While proxy settings could be an issue, if the user is working fine beforehand, proxy settings are not likely to be an issue. If the user has been using the machine without any previous problems it is unlikely that the domain name system (DNS) is the issue. The Personalization settings allow the users to select and customize themes, which set the appearance of the desktop environment.

Answer 96

**Optical media** Historically, most attended installations and upgrades were run by booting from optical media (CD-ROM or DVD). The optical drive must be set as the priority boot device. Another problem with disc-based installs is that the setup disc quickly becomes out-of-date. USBs became a more popular installation mechanism for the ability to load the latest install files. A computer that supports network boot could also be configured to boot to set up over the internet. Once the OS has been installed, the user will usually want to set the internal hard drive as the default (highest priority) boot device and disable any other boot devices.

Answer 97

**Uninstall and reinstall the application.** Since the most recent update to the application has been applied, uninstalling then reinstalling the software is the best option of the available choices. While preserving data is always a priority, there is no need to do so in this scenario since the application backs up in real-time. Additionally, it will not fix the problem. Applications/software do not have drivers. Drivers are software that tells the operating system how to interact with their particular device/hardware. Drivers are updated to fix bugs and security holes or optimize the hardware. Applications/software do not have drivers. Drivers are software that tells the operating system how to interact with their particular device/hardware. Uninstalling and reinstalling drivers is usually done when a device is malfunctioning.

Answer 98

**Connect the headphones to a USB 2 port.** "Not enough USB controller resources" is a common warning with USB 3 ports and is generally caused by connecting too many devices. It also occurs when one device exceeds the controller's allocated endpoints. A USB 2 port has more endpoints, so switching often solves the problem. Closing programs can free up memory on the PC, but it does not address the resource allocation issue of the USB controller. Verifying requirements and compatibility with the computer system's resources does not resolve USB Controller problems. System File Checker (SFC) is a Windows utility that scans and restores system files. It does not update drivers.

Answer 99

**iCloud keychain** The keychain feature is also available as an iCloud keychain, making the same passwords securely available across all macOS and iOS devices. The keychain feature helps users manage passwords for these accounts, other websites, and Wi-Fi networks. The regular keychain is just local. Spotlight Search can be used to find almost anything on macOS. To start a new search, click the magnifying glass in the menu bar. Macs do not support touch screen interfaces, but they support gesture-enabled Magic Mouse and Magic Trackpad peripherals. To see what gestures are available on the Mac or change any settings, open the Trackpad preference pane.

Answer 100

**RDP** Remote Desktop Protocol (RDP) allows users to connect to the machine and operate it over a network. While the Home edition has the RDP client software, it does not support an RDP server. Group Policy Editor (gpedit.msc) is used to create and apply OS and software application settings. The editor is not available in the Home edition. BitLocker enables the user to encrypt all the information on a disk drive. BitLocker is not supported in Windows Home edition. Pro/Enterprise editions support Hyper-V, and the Home edition does not.

Answer 101

**Automated backups** Automated backups are a simple type of backup that can be performed using standard file-copy tools, or the script could call functions of a proper backup utility. The script can be set to run automatically using Windows Task Scheduler or via cron in Linux. Installation of applications is used in Windows as a setup file that can be executed in silent mode using the command switches for its installer. In Linux, scripts are often used to compile apps from source code. Restarting machines, many types of installation or updates still require a reboot. Remapping network devices demonstrates the need for error handling. Windows batch file uses the command “net use” to perform drive mapping.

Answer 102

**New-user setup checklist** The new-user setup checklist is part of the onboarding process for new employees and employees changing job roles. The end-user termination checklist is part of the offboarding process for employees who are retiring, changing job roles, or fired. Typical tasks include returning and sanitizing devices, releasing software licenses, and disabling account permissions/access. Procedures for custom installation of software packages include verifying system requirements, validating download/installation source, confirming license validity, adding the software to change control/monitoring processes, and developing support/training documentation. Assigned users are when hardware assets such as workstations, laptops, smartphones, tablets, and software licenses might be assigned to an individual user account, including an inventory list of all products that the user may be using.

Answer 103

**sh** .sh is the Linux shell script extension by convention. Every shell script starts with a shebang line designating which interpreter to use, such as Bash or Ksh. It includes a series of commands that run consecutively to carry out tasks. .ps1 is the PowerShell script file. Microsoft provides the Windows PowerShell Integrated Scripting Environment (ISE) for rapid development. .vbs is the VBScript file extension. VBScript predates Powershell. The wscript.exe interpreter executes VBScript by default. .bat is the Windows batch file extension. A shell script for the basic Windows CMD interpreter is often described as a batch file.

Answer 104

**Rogue** Rogue antivirus is when a website displays a pop-up disguised as a normal Windows dialog box with a fake security alert. The spoofed notification and browser ad is designed to alarm users and promote the installation of Trojan malware. Rogue antivirus is a popular way to disguise a Trojan. Windows Defender Antivirus is a core component of all Windows editions. It will not generate pop-up messages to purchase the full version. On-access is a scanning technique where the antivirus software scans the file before opening or prevents it from opening. Execution control refers to logical security technologies designed to prevent malicious software from running on a host regardless of user account privileges.

Answer 105

**cleanmgr.exe** The Disk Cleanup utility (cleanmgr.exe) regains disk capacity by deleting unwanted files, which can help to free up disk space when running low. Device Manager (devmgmt.msc) allows the administrator to view and edit the properties of installed hardware. Users can change hardware configuration settings, update drivers, or remove/disable devices. If the disk queue length increases and disk time is high, then the administrator has a disk problem; this will not help free up space. The Defragment and Optimize Drives utility (dfrgui.exe) maintains disk performance by optimizing file storage patterns and can help read and write speeds with hard drives.

Answer 106

**samba** samba enables the integration of Linux and Windows systems. When added to a Linux workstation, that workstation can use the Windows file and print sharing protocol to access shared resources on a Windows host. As part of the iproute2 package, the ip command has options for managing routes and the local interface configuration. The command ip addr replicates the basic reporting functionality of ifconfig (show the current address configuration). The chmod command can secure files and directories using symbolic or octal notation. Only the owner can change permissions. The mv command is used to move files from one directory to another or rename a file.

Answer 107

**Impersonation** Impersonation means that the attacker develops a pretext scenario to allow themselves to interact with an employee. Dumpster diving refers to combing through an organization's or individual's garbage to try to find useful documents. Attackers may even find files stored on discarded removable media. Shoulder surfing attacks are when the attacker learns a password, PIN, or any secure information by watching the user type it. Tailgating is when entering a secure area without authorization by following closely behind the person who has been allowed to open the door or checkpoint.

Answer 108

**Soft token** A soft token is a piece of a two-factor security token that generates a single-use login PIN to authorize computer services. Hard tokens require the user to physically possess their authentication device to gain access to a specific network. The hard token is first registered with the service or network. When the user needs to authenticate, they connect the token and authorize it via a password, PIN, fingerprint reader, or voice recognition. Short message service (SMS) is a text messaging service between mobile phones. The short messaging service allows up to 160 characters between phones. Authenticator applications can be used for password-less access used as two-factor authentication (2FA) mechanisms.

Answer 109

**Off-site backup storage** Off-site backup storage is more affordable and easier to implement because of the high-bandwidth internet and high-capacity cloud storage providers. Transporting media offsite can be an onerous task. A synthetic full backup is not generated directly from the original data but instead assembled from other backup jobs. Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds. On-site backup storage means that the production system and backup media are in the same location. Having storage in the same location risks losing both the production and backup copies of the data.

Answer 110

**Duplicates the function of core OS apps.** A mobile app that duplicates the function of core operating system (OS) apps would be at risk of not receiving trusted app status. A virtual private network (VPN) is a secure tunnel created between two endpoints connected via an unsecured transport network. VPNs are not proprietary. Mobile-device management (MDM) is a software tool for tracking, controlling, and securing an organization's mobile infrastructure. MDMs are not proprietary. Internet of Things (IoT) is a global network of personal devices, home appliances and control systems, and other items with network connectivity. An app could not duplicate IoT.

Answer 111

**Access work or school** Access work or school under the Account settings app joins the computer to a centrally managed domain network. Configure sign-in options under Account settings using a fingerprint reader or PIN to access the computer rather than a password. The computer can also be set to lock automatically from here. The Update & Security settings provide a single interface to manage a secure and reliable computing environment. The Apps group is used to view and remove installed apps and Windows Features in the Settings app. Users can also configure which app should act as the default for opening, editing, and printing particular file types and manage which apps run at startup.

Answer 112

**Internet download** When downloading an installer from an internet location, it is imperative to verify the package's authenticity and integrity and scan it for malware. Setup files can be distributed on physical media, such as CD/DVD or a USB thumb drive. USBs might be a secondary medium after it was downloaded from the internet first, however. If an administrator was pulling a file from a local share, it probably first came from the internet and should have been scanned during the initial download. ISO files stored on removable media or a host system are often used to install virtual machine operating systems. The file itself might be an ISO, but they would have had to get it from somewhere.

Answer 113

**Password manager** Password managers suggest a strong password at each new account sign-up or credential reset and autofill this value when the user needs to authenticate to the site. Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices. Secure connection validates the host's identity running a site and encrypts communications to protect against snooping. Ad blockers use more sophisticated techniques to prevent displaying anything that does not seem to be part of the site's main content or functionality. Many sites detect ad blockers and do not display any content while enabling filtering.

Answer 114

**FileVault** FileVault is a disk encryption product. Encryption protects the data stored on a disk against the possibility that a threat actor could remove it. macOS has options to configure what analytics/telemetry data and personalized information can be collected. Users can adjust these options via the Security & Privacy preference pane. The Time Machine preference pane lets data back up to an external drive or partition formatted using either the Apple File System (APFS) or macOS’s older extended file system. The keychain feature helps users manage passwords for these accounts, other websites, and Wi-Fi networks. The regular keychain is just local.

Answer 115

**DDoS** **Cryptomining** Even with an unlimited data plan, setting data usage limits allows a user to be alerted to unusually high data usage like that associated with cryptomining. Even with an unlimited data plan, setting data usage limits allows a user to be alerted to unusually high data usage associated with being used as part of a distributed denial of service (DDoS) attack. Phishing is when an attacker sends an email from a supposedly reputable source to elicit private information from the victim. Jailbreaking removes the protective seal and any operating system-specific restrictions to give users greater control over the device.

Answer 116

**Repair Windows.** **Update the graphics adapter driver.** A blank screen following a Windows installation could be caused by several factors, including an interruption to the installation process and an incomplete install. Repairing Windows could address this. Updating the graphics driver is another possible remedy since the driver may be outdated and incompatible with Windows 10. IDLE is the Python Integrated Development and Learning Environment. While IDLE does have a debugger, it is for Python scripts, not Windows issues. Defragging the hard drive is done to optimize file storage and improve sluggish performance. It would not fix a blank screen.

Answer 117

**Redirection** **Fake security warnings** Fake security warnings are a common symptom of malware infection. Scareware uses these to persuade users to install an app or give a Trojan app additional permissions. Redirection attacks are a common symptom, where malware corrupts the Domain Name System (DNS) and search provider to force users to spoofed sites. This might disrupt access to legitimate sites, generate certificate warnings, and cause slow network performance. APK (Android Package) sideloading refers to downloading apps for Android phones from a source other than Google's Play store. A lockout occurs after a maximum number of failed sign-in attempts.

Answer 118

**They are documentation of known malware.** **They provide information about the type, symptoms, purpose, and removal of malware.** Malware encyclopedias from antivirus vendors, also called "bestiaries," maintain information about the malware that IT professionals can use to verify and remediate malware. Information includes the type of malware, the symptoms, and the purpose. Antivirus companies document known malware by maintaining encyclopedias, including information about the makeup, behavior, and removal process. Malware encyclopedias do not troubleshoot known or unknown malware; they are a verification and remediation reference for known malware. Pricing or a pricing model for malware remediation is out of the purview of an antivirus vendor's malware encyclopedia.

Answer 119

**Files with date stamps and file sizes that are different from known-good versions** **Files that are missing or renamed** System files are an attractive target for malware because renaming or deleting them can wreak havoc on the operating system. Hackers will alter the size of system files to hide malware or change the date stamp to cover their tracks. While malware will add additional files with names almost the same as authentic system files, the extensions .docx and.xlsx represent Word and Excel files, respectively. These are data files, not system files. System files have extensions such as .dll and .sys. System files do not have certificates. Certificates are a security tool used by websites to prove the server is trusted.

Answer 120

**Access control vestibule** **Fencing** **Guard** Fencing is generally effective and needs to be transparent, so guards can see any attempt to penetrate it. Access control vestibule is where one gateway leads to an enclosed space protected by another barrier that restricts access to one person at a time. Bollards are barricades that prevent vehicles from crashing into the building or exploding a bomb near it. Guards can be placed in front of and around a location to protect it. They can monitor critical checkpoints and verify identification, allow, or disallow access, and log physical entry occurrences. Folder redirection changes the target of a personal folder, such as the Documents folder, Pictures folder, or Start Menu folder, to a file share.

Answer 121

**Installing a program** **Updating an application** Whenever an application or program is installed, a restore point is created. A restore point is also created whenever an application or program is updated. Deleting a file will not create a restore point. Likewise, when using System Restore to roll back to an earlier date, the user's documents, pictures, and other data are not deleted. However, software and drivers installed after the restore point will be uninstalled. A restore point is not created when a computer is rebooted, but Windows will create a restore point if one has not occurred in seven days.

Answer 122

**Battery** **Toner** **Device** Recycling used toner cartridges is offered at most vendors. The products in toner powder are not classified as hazardous to health. Batteries must be disposed of through an approved waste facility. Swollen or leaking batteries from devices must be handled carefully and stored within appropriate containers. Gloves and safety goggles may be used to minimize the risk of burns from the corrosive material. Device disposal can be donated, and if it can not be reused, it must be disposed of through the approved waste facility. Voltage is the potential difference between two points measured in volts (V).

Answer 123

**The user thinks they have a secure connection.** **An on-path attack** **Malware is in the middle of the session.** An on-path attack is when a threat actor, such as an evil twin, intercepts traffic between two hosts. In this case, it was via a spoofed digital certificate. In the middle of the session, the evil twin intercepts traffic between two hosts; this was known as a "Man-in-the-Middle" attack in a former time. Since the user's browser has accepted the spoofed digital certificate, the user believes they have a secure session, even though they do not. A rootkit is a malware that modifies system files, often at the kernel (root) level.

Answer 124

**Misconfigured firewall** **Overheating** **Failing CPU** Excessive heat can damage computer circuitry and induce shutdowns, freezing, and reboots. A common cause of overheating is fans clogged with dust. A failing CPU can lead to crashes, freezing, and reboots. Overheating and power surges are often to blame for damage to the CPU. A misconfigured firewall introduces the risk of a malware infection that could cause some of these instability symptoms. However, in and of itself, it does not. Too many connected devices will generate a warning message that there are not enough USB resources. This situation will not shut down the computer or make it freeze or reboot.

Answer 125

**ESD mats** **ESD straps** Anti-electrostatic discharge (ESD) straps are worn to dissipate static charges effectively. The band should fit snugly around the wrist or ankle so that the metal stud contacts the skin. Electrostatic discharge (ESD) mats are used to organize sensitive components. The mats contain a snap connected to the wrist or leg strap. Safety goggles are used to minimize the risk of burns from corrosive materials such as broken batteries, cellphones, tablets, or irritation from particles such as toner or dust. An air filter mask that fits over the mouth and nose is a recommended face covering when working with compressed air, toner spills, or working in a dusty environment. An air filter mask will not protect the eyes.

Answer 126

**Redirection** **Windows update fails** One of the key indicators of malware infection is that security-related applications, such as antivirus, firewall, and Windows Update, stop working. Other applications or Windows tools, such as Task Manager, may also stop working or crash frequently. Malware often targets the web browser. An example is a redirection, where the user tries to open one page but gets sent to another. User Account Control (UAC) is a system to prevent unauthorized use of administrator privileges. Malware may try to disable UAC, but it would not enable it. Roaming profiles copies the whole profile from a share at logon and copies the updated profile back at logoff.

Answer 127

**Backup files** **Application support** **Hardware compatibility** Hardware compatibility is a consideration. The user must make sure that the central processing unit (CPU), chipset, and RAM components are sufficient to run the OS. Application and driver support and backward compatibility are other considerations. Most version upgrades try to maintain support for applications and device drivers developed for older versions. Backup files and user preferences are a consideration. If the user is installing a new operating system or doing a clean install, the user should back up any necessary data and settings. Most computers now come with a Preboot eXecution Environment (PXE)–compliant firmware and network adapter to support this boot option and is not necessarily a consideration.

Answer 128

**Active listening** Active listening is the skill of listening to an individual giving that person the full attention and not arguing with, commenting on, or misinterpreting what they have said. Proper language is not being overly familiar with customers. Do not use slang phrases and any language that may cause offense. When active listening, the employee makes a conscious effort to focus on what the other person is saying. Cultural sensitivity means being aware of other people's customs and habits, not judging the customer. Open-ended questions invite the other person to compose a response.

Answer 129

**msconfig.exe** The System Configuration Utility (msconfig.exe) is used to modify various settings and files that affect the way the computer boots and loads Windows. The Group Policy Editor (gpedit.msc) provides a more robust means of configuring many Windows settings than editing the registry directly. The Disk Cleanup utility (cleanmgr.exe) regains disk capacity by deleting unwanted files and can help to free up disk space when running low. The Defragment and Optimize Drives utility (dfrgui.exe) maintains disk performance by optimizing file storage patterns which can help read and write speeds with hard drives.

Answer 130

**Developer mode** The developer's phone is in developer mode. The company's Mobile Device Management (MDM) system blocks access to the network because developer mode can be used to install bootleg apps. High network traffic is a bandwidth utilization issue; it would not cause access to the network to be denied. App spoofing is when a malicious app will typically spoof a legitimate app by using a similar name and fake reviews and automated downloads to boost its apparent popularity. Sluggish response time on a mobile device could be caused by malware, too many open apps, and a low battery charge, among other things. It would not cause the device to be denied network access.

Answer 131

**Personal license** A personal license allows the product to be used by a single person at a time, though it might permit installation on multiple personal devices. A corporate-use license is for multiple users, which means the company can install the software on an agreed-upon number of computers for its employees to use simultaneously. The company will offer a valid license with the product key. These can be non-expired licenses as well. Data retention requirements are regulations that set a maximum period for data retention. The regulation might also demand that information be retained for a minimum period. Digital music and video are often subject to copy protection and digital rights management (DRM).

Answer 132

**resmon.exe** **perfmon.msc** Resource Monitor (resmon.exe) is used to view and log performance statistics. A Microsoft Management Console (MMC) contains one or more snap-ins used to modify advanced settings for a subsystem. Performance Monitoring (perfmon.msc) is also used to view and log performance statistics. The administrator can use this to identify the source of the issue. Device Manager (devmgmt.msc) allows the administrator to view and edit the properties of installed hardware. Users can change hardware configuration settings, update drivers, or remove/disable devices. The System Information (msinfo32.exe) tool produces a comprehensive report about the system’s hardware and software components.

Answer 133

**Drilling** Drilling is when a disk needs to be destroyed; IT uses a drill or hammer. The goal is to execute the drive unusable. Degaussing is when a hard disk is exposed to a powerful electromagnet that disrupts the magnetic pattern that stores the data on the disk surface. Incinerating is when the disk is exposed to high heat to melt its components. It is performed in a furnace designed for media sanitization. Municipal incinerators may leave remnants. Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a “clean” state, ready to be passed to the new owner.

Answer 134

**Inconsistent sender and reply to addresses** **Urgency** **Disguised links** Many phishing emails have a sense of urgency so that the recipient will act now or else it will be too late. In business, this could be an email that appears to be from the boss, who needs something right away. The email sender's address (the FROM address) should be consistent with the REPLY-TO address. Links in phishing emails can be disguised. For example, a link that appears to be www.microsoft.com, reveals a very different URL, such as www.maliciouslink.com, when the cursor hovers over the link. An email with no signature is not an indicator of phishing.

Answer 135

**Microsoft Knowledge Base** Windows Knowledge Base can be used to obtain additional information about threats discovered by Windows Defender Antivirus. The Knowledge Base has more than 150,000 articles created by support professionals about topics such as indicators for manual verification, the impact of infection, and the likelihood of other systems being compromised. Microsoft 365 is an office productivity and data storage suite operated by Microsoft. Windows Hello is a feature that supports passwordless sign-in for Windows. Windows Recovery Environment (WinRE) is a troubleshooting feature that installs a command shell environment to a recovery partition to remediate boot issues.

Answer 136

**MSRA** Microsoft Remote Assistance (MSRA) allows a user to ask for help from a technician or co-worker by an invitation file protected by a passcode. The helper opens the invitation file to connect to the remote system. Remote Monitoring and Management (RMM) tools are principally designed for use by managed service providers (MSPs). Remote Desktop Protocol (RDP) implements terminal server and client functionality. RDP authentication and session data are always encrypted. A virtual private network (VPN) establishes a tunneled link that joins a local computer to a remote network. Establish a VPN link and then use a remote desktop to connect to a host on the private network.

Answer 137

**Device Manager** Device Manager allows users to view and edit the properties of installed hardware. They can change hardware configuration settings, update drivers, or remove/disable devices. The Programs and Features Control Panel applet is the legacy software management interface. Users can use it to install and modify desktop applications and Windows Features. Network and Sharing Center is a Control Panel applet that shows status information. Printer drivers will not be located here. Search is also governed by settings configured in the Indexing Options applet. A corrupted index is a common cause of search problems.

Answer 138

**App Store** The App Store checks daily for new updates/patches and releases of installed apps in macOS. If a new version is available, a notification will be shown against the App Store icon in the dock. The Displays preference pane allows users to scale the desktop, set the brightness level, calibrate to a given color profile, and configure Night Shift settings to make the display adapt to ambient light conditions. Use the Printers & Scanners preference pane to add and manage print and scan devices. Users can manage network settings either from the Status menu on the right-hand side of the menu bar or via System Preferences.

Answer 139

**ReFS** Resilient File System (ReFS) is being developed to replace NTFS. ReFS is only available for Pro for Workstations and Enterprise editions and cannot currently be used for the boot volume. Most Linux distributions use some version of the extended (ext) file system to format partitions on mass storage devices. ext3 is a 64-bit file system with journaling support. Where Windows uses NTFS and Linux typically uses ext3 or ext4, Apple Mac workstations and laptops use the proprietary Apple File System (APFS). exFAT is a 64-bit version of FAT designed for use with removable hard drives and flash media.

Answer 140

**.vbs** .vbs is the VBScript file extension. VBScript predates PowerShell. The wscript.exe interpreter executes VBScript by default. .bat is the Windows batch file extension. A shell script for the basic Windows CMD interpreter is often described as a batch file. .js is the JavaScript file extension. JavaScript is a scripting language designed to implement interactive web-based content and web applications. Most web servers and browsers are configured with a JavaScript interpreter. .py is the Python file extension. Python is a general-purpose scripting and programming language that can develop both automation scripts and software applications.

Answer 141

**regedit.exe** The Windows registry provides a remotely accessible database for storing operating system, device, and software application configuration information. The administrator can use the Registry Editor (regedit.exe) to view or edit the registry. The Group Policy Editor (gpedit.msc) provides a more robust means of configuring many Windows settings than editing the registry directly. The Services console (services.msc) starts, stops, and pauses processes running in the background. In order to make configuration changes, regedit.exe in this group of options would be used. The Startup tab lets administrators disable programs added to the Startup folder (type shell: startup at the Run dialog to access this).

Answer 142

**Firmware updates** Firmware updates are important because it allows the user to fix security holes and support the latest security standards. Change the default password to secure the administrator account. Choose a new strong password of 12 characters or more. This is more secure than leaving the default where someone may be able to easily access. Physical placement of any type of router or network appliance should be made to a secure location. A non-malicious threat actor could damage or power off an appliance by accident. Encryption settings allow users to set the authentication mode.

Answer 143

**Anti-malware** Anti-malware applications designed for mobile devices tend to work more like content filters to block access to known phishing sites and block adware/spyware activity by apps. Failed login attempts mean that the device locks for a set period if an incorrect passcode or bio gesture is used; this deters attempts to guess the passcode or use a spoofed biometric. OS updates are as critical as it is for a desktop computer. The install base of the iOS is generally better at applying updates because of the consistent hardware and software platform. Firewall applications for mobile devices can monitor app activity and prevent connections to ports or IP addresses.

Answer 144

**Devices** The Devices settings pages contain options for input devices (mice, keyboards, and touch), print/scan devices, and adding and managing other peripherals attached over Bluetooth or USB. The System Settings page in the Settings app presents options for configuring input and output devices, power, remote desktop, notifications, and clipboard (data copying). Network & Internet is the modern settings app used to view network status, change the IP address properties of each adapter, and access other tools. The Personalization settings allow users to select and customize themes, which set the appearance of the desktop environment.

Answer 145

**On-access scanning** On-access scanning is when the antivirus software intercepts an operating system call to open a file and scans the file before allowing or preventing it from being opened. Most security software is now configured to scan on-access. A scheduled scan is run at a determined time and frequency. All security software supports scheduled scans. A smart scan scans a computer's critical areas, like system memory, hidden services, boot sectors, auto-run entries, registry keys, and important operating system files and folders. A quick scan looks at all the locations where there could be malware, such as registry keys and known Windows startup folders.

Answer 146

**Battery** Batteries must be disposed of through an approved waste facility. Swollen or leaking batteries from devices must be handled carefully and stored within appropriate containers. Gloves and safety goggles may minimize the risk of burns from the corrosive material. Recycling used toner cartridges is offered at most vendors. The products in toner powder are not classified as hazardous to health. Device disposal can be donated, and if it can not be reused, it must be disposed of through the approved waste facility. An electrical device has a fuse appropriate to its maximum current. If the current increases past the fuse capacity, the fuse will blow. However, if the fuse fitted is rated too low, the fuse will blow too easily.

Answer 147

**Videoconferencing** Some web-conferencing and videoconferencing software, like Microsoft Teams and Zoom, provides a screen-sharing client that participants may control. Screen-sharing is software that is designed to work over HTTPS across the internet. This is secure because the connection is encrypted but also easier to implement as it does not require special firewall rules. Desktop management suites are designed for deployment by a single organization and focus primarily on access control and authorization. With file transfer, users can choose a file-sharing protocol that can be used across all connected hosts. It allows configuring permissions on the share and provisioning user accounts that are recognized by both the server and client.

Answer 148

**Full with differential** Full with differential means that the chain starts with a full backup and then runs differential jobs that select new files and files modified since the original full job. Full with incremental means that the chain starts with a full backup and then runs incremental jobs that select only new files and files modified since the previous job. Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds. Retention is the period that any given backup job is kept for. Short-term retention is important for version control and for recovering from malware infection.

Answer 149

**Storage** If an app fails to update, there may be insufficient storage space (Gmail uses a lot of storage). It could also be that the update is incompatible with the existing operating system version, or there is no internet connection. An accelerometer is a technology that detects when a device changes position and adjusts the screen orientation appropriately. Bluetooth is used to connect peripheral devices to PCs and mobiles and to share data between two systems. Global Positioning System (GPS) is a means of determining a receiver's position based on information received from satellites.

Answer 150

**RMM** Remote Monitoring and Management (RMM) tools are principally designed for use by managed service providers (MSPs). Remote Desktop Protocol (RDP) implements terminal server and client functionality. RDP authentication and session data are always encrypted. A virtual private network (VPN) establishes a tunneled link that joins a local computer to a remote network. Establish a VPN link and then use a remote desktop to connect to a host on the private network. Virtual network computing (VNC) is a freeware product with similar functionality to RDP. It works over TCP port 5900. Not all versions of VNC support connection security.

Answer 151

**DNS settings** Because the servers are on different domains, DNS should be checked first. The administrator probably uses the hostname instead of the fully qualified domain name (FQDN). If not specified, the host will likely try to resolve to the same domain. The IP addressing scheme would not be part of the troubleshooting process because the administrator relies on DNS resolution. The subnet mask could be an issue, but the most likely issue is the different domains. The gateway could also be configured improperly, although if that were the case, they would not be able to reach out at all, not just the one other server.

Answer 152

**Add RAM.** Running multiple programs and having a lot of browser tabs open consumes a lot of RAM. Since the researcher needs to continue this practice to do their job, adding more RAM should improve performance. System Restore is mostly used to roll back a configuration change, such as installing or updating. It does not help with memory-constrained performance. Safe Mode is a troubleshooting environment that loads only the basic drivers and services required to start the system. While running Safe Mode with Networking allows internet access, the environment is not conducive to resource-consuming programs. Resetting Windows using Reset this PC restores the computer's factory default settings and removes all applications.

Answer 153

**Antivirus scan** Before removing a computer system from quarantine, the final step is to run another antivirus scan to make sure the system is clean. Creating a new restore point (or system image) is one component of recommissioning and is done after re-enabling the System Restore but before running a final antivirus scan. Re-enabling the System Restore is the beginning of the recommissioning process, along with re-enabling any disabled automatic backups. Verifying Domain Name System (DNS) configuration to prevent reinfection is part of recommissioning, but it comes before the final antivirus scan.

Answer 154

**Restrict user permission.** Restrict user permission means some networks have complex requirements for assigning rights. However, the basic principle is that the number of accounts with administrator privileges should be as few as possible. These default accounts have practical limitations and consequently are the ultimate target for threat actors. Any use of the default administrator account must be logged and accounted for. Disabling guest accounts allow unauthorized access to the computer and may provide some sort of network access too. It is only enabled to facilitate password-less file sharing in a Windows workgroup. Restrict login times are typically used to prevent an account from logging in at an unusual time of the day or night or during the weekend.

Answer 155

**Desktop** The top level of the user interface is the desktop displayed when Windows starts and the user logs on. Windows 11 makes several changes to the desktop style. Notably, it center-aligns the taskbar and introduces another design for the Start menu. The desktop contains the Start menu, taskbar, and shortcut icons. These are all used to launch and switch between applications. File management is a critical part of using a computer. As a computer support professional, users will often have to assist users with locating files. Device Manager provides an advanced management console interface for managing system and peripheral devices.

Answer 156

**Degaussing** Degaussing is when a hard disk is exposed to a powerful electromagnet that disrupts the magnetic pattern that stores the data on the disk surface. Incinerating is when the disk is exposed to high heat to melt its components. This should be performed in a furnace designed for media sanitization. Municipal incinerators may leave remnants. Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a “clean” state, ready to be passed to the new owner. A certificate of destruction shows the make, model, and the serial number of each drive that was handled, plus the date of destruction and how it was destroyed.

Answer 157

**Run an antivirus scan.** The symptoms in this scenario are consistent with a malware infection, even though it could be other causes. As such, running an antivirus scan is the appropriate first step. CHKDSK is a command-line tool that checks for hard disk errors and can repair them. Problems with the hard disk could cause all of the listed symptoms, except internet access. Moreso, CHKDSK takes a long time to run, so it would not be the best first step in this case. SMART (Self-Monitoring, Analysis, and Reporting Technology) is a hard disk monitoring program. It is an alerting tool, not a diagnostic tool. Disconnected Wi-Fi could explain the inability to access the internet, but nothing else in this scenario.

Answer 158

**Security-awareness training** Security-awareness training is usually delivered to employees at all levels, including end-users, technical staff, and executives. The training includes anti-phishing, software firewalls, passwords, malware threats, and more. Anti-malware is computer software used to avoid, identify, and eliminate malware. Anti-malware is like antivirus software but for more up-to-date malware. Recovery mode is the step-by-step processing of manual removal to disable persistence mechanisms and reconfigure the system to its secure baseline. OS reinstallation is when antivirus software is not able to recover data from infected files, and a user must complete a system restore.

Answer 159

**Badge reader** Badge readers are a type of electronic lock that works with a hardware token rather than a PIN. A magnetometer is a type of metal detector often deployed at airports and in public buildings to identify concealed weapons or other items. Alarm systems are designed to detect intrusion into a building or home. Alarms systems include motion sensors, video surveillance, and lighting. A palmprint scanner is a contactless-type of camera-based scanner that uses visible and infrared light to record and validate the unique pattern of veins and other features in a person’s hand. Unlike facial recognition, the user must make an intentional gesture to authenticate.

Answer 160

**1. Investigate and verify malware symptoms. 2. Quarantine infected systems. 3. Disable System Restore.** In order to remedy the issue, the first few steps in the correct order are: 1. Investigate and verify malware symptoms, 2. Quarantine infected systems, 3. Disable System Restore. Steps 1 and 2 are incorrect: Quarantine infected systems is step 2 and Update anti-malware software is step 4. Steps 1 and 3 are incorrect: Disable System Restore is step 3 and Create a restore point is step 6. All steps are incorrect: Update anti-malware software is step 4, Disable System Restore is step 3, and Quarantine infected systems is step 2.

Answer 161

**pwd** pwd "prints" the working directory, though "printing" will typically mean "display on the terminal," unless stdout is redirected. The working directory is important because commands will default to the working directory without specifying a path. ls lists the contents of a directory similar to dir at the Windows command prompt. Popular parameters include -l to display a detailed (long) list and -a to display all files, including hidden or system files. The mv command is used to move files from one directory to another or rename a file. cp is used to create a copy of files either in the same or different directory with the same or different name.

Answer 162

**Electrical fire safety** Electrical fire safety ensures that equipment is properly stored and away from any flammable material and electrical wires do not start a fire. Electrical equipment must be grounded. The power plug connects devices such as PCs and printers to the building ground. Proper power handling is done with the correct training. PC power supply units can carry dangerously high levels of voltage. Disconnection of power should be done before repairing a PC. An electrical device has a fuse appropriate to its maximum current. If the current increases past the fuse capacity, the fuse will blow. However, if the fuse fitted is rated too low, the fuse will blow too easily.

Answer 163

**/?** The command prompt includes a rudimentary help system. If the administrator types help at the command prompt and then press ENTER, a list of available commands is displayed. They can also display help on a particular command by using the /? switch. The winver command reports version information. Users will often need to use this for support. Used without switches, ipconfig displays the IP address, subnet mask, and default gateway (router) for all network adapters to which TCP/IP is bound. The ping command utility is a command-line diagnostic tool used to test whether a host can communicate with another host on the same network or on a remote network.

Answer 164

**Splash screen** The splash screen is a graphic design element consisting of a window containing an image, logo, and the current software version. Knowledge base (KB) is a repository for articles that answer frequently asked questions (FAQs) and document common or significant troubleshooting scenarios and examples. Each inventory record could be tagged with a cross-reference to an internal knowledge base to implement self-service support and assist technicians. Assigned users are when hardware assets such as workstations, laptops, smartphones, tablets, and software licenses might be assigned to individual user accounts. Acceptable use policy (AUP) sets out what someone can use a particular service or resource for.

Answer 165

**md** To create a directory, use the MD command. For example, to create a directory called Data in the current directory, type MD Data. To delete an empty directory, enter rd Directory or rmdirDirectory. If the directory is not empty, users can remove files and subdirectories using the /s switch. The cd command sets the focus to a different working directory. Users can change to any directory by entering the full path. Use the dir command to list the files and subdirectories from the working drive and directory or a specified path.

Answer 166

**Privileged time** If privileged time is much higher than user time, the central processing unit (CPU) is likely underpowered (it can barely run Windows core processes efficiently). If overall processor time is very high (over 85% for sustained periods), it can be helpful to compare these. Privileged time represents system processes, whereas user time is software applications. If the disk queue length increases and disk time is high, then the manager has a disk problem. Pages per second are the number of pages read from or written to disk to resolve hard page faults, which means memory moves processes to the page file.

Answer 167

**Weak Bluetooth signal** **Weak Wi-Fi signal** Searching for wireless signals, such as Wi-Fi, consumes a lot of battery power, so if the device's battery is low, it may not have enough power to search for a strong signal. Searching for wireless signals, such as Bluetooth, consumes a lot of battery power, so if the device's battery is low, it may not have enough power to search for a strong signal. A lockout occurs after a maximum number of failed sign-in attempts. A low battery charge would not cause autorotation to stop. When a mobile device screen stops autorotating, either the rotation lock is enabled or there is a hardware issue.

Answer 168

**Network** Network boot setup means connecting to a shared folder containing the installation files, which could be slipstreamed or use image deployment. A computer that supports network boot could also be configured to boot to set up over the internet. To set that up the local network’s DHCP server must be configured to supply the DNS name of the installation server. Historically, most attended installations and upgrades were run by booting from optical media (CD-ROM or DVD). Once the OS has been installed, the administrator will usually want to set the internal hard drive as the default (highest priority) boot device and disable any other boot devices.

Answer 169

**Applications** When selecting applications for installation on desktops, proper security considerations need to be made regarding potential impacts to the device (computer) and the network. With support, the software might be available with paid-for support to obtain updates, monitor and fix security issues, and provide technical assistance. With training, complex apps can have a substantial and expensive user-training requirement which can be an ongoing cost as new versions can introduce interface or feature changes. With licensing, commercial software must be used within the constraints of its license but is likely to restrict the number of devices on which the software can be installed.

Answer 170

**AES** **TKIP** Advanced encryption standard (AES) is the standard encryption used by WPA2 and the strongest encryption standard to use by Wi-Fi. Temporal key integrity protocol (TKIP) tries to mitigate the various attacks against WEP developed by producing a new 128-bit encryption key for every packet sent on the network. Wi-Fi protected Access (WPA3) uses passphrase-based group authentication of stations in private mode, and it changes the method by which this secret is used to agree with session keys. The simultaneous authentication of equals (SAE) protocol replaces the 4-way handshake. Multifactor authentication (MFA) allows the machine to establish a trust relationship and create a secure tunnel to transmit the user credentials or perform smart card authentication without a user password.

Answer 171

**Facial recognition** Facial recognition is the bio gesture that uses a webcam to scan the unique features of the user’s face. A fingerprint is the type of bio gesture authentication that uses a sensor to scan the unique features of the user’s fingerprint. Single sign-on (SSO) means that a user authenticates once to a device or network to access multiple applications or services. The advantage of SSO is that each user does not have to manage multiple digital identities and passwords. Gpupdate is a policy applied at sign-in and refreshed periodically, which is normally every 90 minutes. The gpupdate command is used to immediately apply a new or changed policy to a computer and account profile.

Answer 172

**Trusted source** As the browser is a security-critical type of software, it is particularly important to use a trusted source, such as an app store. Likewise, if installed as a desktop application, the user should ensure using a reputable vendor. An untrusted source is when an installer cannot be verified through a digital signature or has been a security risk and is likely to expose the user to unwanted adverts. A secure connection validates the host's identity running a site and encrypts communications to protect against snooping. Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices.

Answer 173

**Pop-ups** Pop-ups can be used by malicious actors to scare a user with fake antivirus or security warnings. An untrusted source is when an installer cannot be verified through a digital signature or has been a security risk and is likely to expose the user to unwanted adverts. Some untrusted sources do not block ads or have pop-up blockers. As the browser is a security-critical type of software, it is particularly important to use a trusted source, such as an app store. Likewise, if installed as a desktop application, the user should ensure using a reputable vendor. Private browsing mode disables the caching features of the browser so that no cookies, browsing history, form fields, passwords, or temp files will be stored when the session is closed.

Answer 174

**nslookup** If the administrator identifies or suspects a problem with name resolution, they can troubleshoot DNS with the nslookup command, either interactively or from the command prompt. The gpupdate command is used to immediately apply a new or changed policy to a computer and account profile. The tracert command-line utility is used to trace the path a packet of information takes to get to its target. As an alternative to tracert, the pathping command performs a trace and then pings each hop router a given number of times for a given period.

Answer 175

**Files that are missing or renamed** **Files with date stamps and file sizes that are different from known-good versions** System files are an attractive target for malware because renaming or deleting them can wreak havoc on the operating system. Hackers will alter the size of system files to hide malware or change the date stamp to cover their tracks. While malware will add additional files with names almost the same as authentic system files, the extensions .docx and.xlsx represent Word and Excel files, respectively. These are data files, not system files. System files have extensions such as .dll and .sys. System files do not have certificates. Certificates are a security tool used by websites to prove the server is trusted.

Answer 176

**Fake security warnings** **Redirection** Fake security warnings are a common symptom of malware infection. Scareware uses these to persuade users to install an app or give a Trojan app additional permissions. Redirection attacks are a common symptom, where malware corrupts the Domain Name System (DNS) and search provider to force users to spoofed sites. This might disrupt access to legitimate sites, generate certificate warnings, and cause slow network performance. APK (Android Package) sideloading refers to downloading apps for Android phones from a source other than Google's Play store. A lockout occurs after a maximum number of failed sign-in attempts.

Answer 177

**Low-level formatting** A low-level formatting tool resets a disk to its factory condition. Most of these tools will now incorporate some sanitize function. Secure erase (SE) and instant secure erase (ISE) are two functions under this tool. Third-party vendors may use overwriting or crypto-erase and issue a certificate of recycling rather than destruction. A certificate of destruction shows the make, model, and the serial number of each drive that was handled, plus the date of destruction and how it was destroyed. Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a “clean” state, ready to be passed to the new owner.

Answer 178

**Trojan** Trojans are malware concealed within an installer package for software that appears to be legitimate. Viruses are concealed within the code of an executable process image stored as a file on a disk. Boot sector viruses can infect the boot sector code or partition table on a disk drive. When the disk is attached to a computer, the virus hijacks the bootloader process to load itself into memory. Spyware is malware that can perform browser reconfigurations, such as allowing tracking cookies, changing default search providers, opening arbitrary pages at startup, adding bookmarks, and more.

Answer 179

**Quarantine all devices that could be connected to the leak.** If any personal or corporate data is leaked from a mobile device, each device that could have been a source for the files must be quarantined and investigated as a possible source of the breach. Rebooting a phone generally solves an unresponsive or frozen system, malfunctioning app, or slow performance. An antivirus scan would not be the next step in this scenario, as quarantining and investing in the source of the breach is the priority. Wiping the phone will remove all data from the device, which is counterproductive to investigating the source of the breach.

Answer 180

**Hibernate** Hibernate mode suspends to disk. It saves any open but unsaved file data in memory to disk (as hiberfil.sys in the root of the boot volume) and then turns the computer off, which is also referred to as ACPI mode S4. A computer creates a hibernation file in the hybrid sleep mode and then goes into the standby state, referred to as hybrid sleep mode. Modern standby utilizes a device's ability to function in an S0 low-power idle mode to maintain network connectivity without consuming too much energy. Standby suspends to RAM, which cuts power to most devices but maintains power to the memory, also called ACPI modes S1–S3.

Answer 181

**SSID** Service set ID (SSID) is a simple, case-sensitive name that users identify the WLAN. The factory configuration uses a default SSID that is typically based on the device brand or model, which should be changed so users will recognize the network. The universal plug-and-play (UPnP) framework sends instructions to the firewall with the correct configuration parameters to allow applications to work. The Dynamic Host Configuration Protocol (DHCP) reservation means that the DHCP server always assigns the same IP address to the host. A user can usually choose which IP address this should be. Firmware updates are important because it allows the user to fix security holes and support the latest security standards.

Answer 182

**ext4** **FAT32** Most Linux distributions use some version of the extended (ext) file system. ext4 delivers better performance than ext3 and would usually represent the best choice for new systems. Linux can also support FAT/FAT32 (designated as VFAT). Additional protocols such as the Network File System (NFS) can mount remote storage devices into the local file system. Where Windows uses NTFS and Linux typically uses ext3 or ext4, Apple Mac workstations and laptops use the proprietary Apple File System (APFS). The New Technology File System (NTFS) is a proprietary file system developed by Microsoft for use with Windows.

Answer 183

**Severity levels** The severity level is a way of classifying tickets into priority order. Severity levels are not over-complex. There are three severity levels based on impact: critical incidents, major incidents, and minor incidents. Categories and subcategories group related tickets together, useful for assigning tickets to the relevant support section or technician and for reporting and analysis. Escalation levels occur when an agent cannot resolve the ticket. The support team can be organized into tiers to clarify escalation levels. Problem resolution sets out the plan of action and documents the successful implementation and testing of the plan and full system functionality.

Answer 184

**Air filter mask** **Safety goggles** Safety goggles are used to minimize the risk of burns from corrosive materials such as broken batteries, cellphones, tablets, or irritation from particles such as toner or dust. An air filter mask that fits over the mouth and nose is a recommended face covering when working with compressed air, toner spills, or working in a dusty environment. An air filter mask will not protect the eyes. Lifting techniques are included in safety handbooks; the guidance sets out to show employees lifting heavy objects incorrectly can cause muscle strains, back injuries, and damage the object. An electrical device has a fuse appropriate to its maximum current. If the current increases past the fuse capacity, the fuse will blow. However, if the fuse fitted is rated too low, the fuse will blow too easily.

Answer 185

**Damaged hard drive** The hard drive stores the files for the operating system, so a damaged hard drive will generate the "no operating system found" message. Applications do not load until after login, and the operating system would have to be found to load and display a login screen. It is unlikely that a faulty motherboard would lead to a "no operating system found" error. It is more likely to cause the system not to boot, not recognize peripherals, or suffer the blue screen of death (BSOD). Unified Extensible Firmware Interface (UEFI) generally does not interact with the Master Boot Record (MBR). The MBR is part of the legacy BIOS boot process.

Answer 186

**The user disabled a dependent service.** Most Windows services are dependent on other services to run. If the user disabled a service that the failed service depended on, it would fail to start. Service is restored if it is missing or has been deleted. The failed service still exists but failed to start due to disabled dependency. Setting a service to delayed start is a way to improve Windows boot time since these services will not start until all other services are loaded. This setting will not cause a service to fail. If the failed service were deleted, it would not have appeared as a service that failed to start.

Answer 187

**The certificate is issued by an untrusted CA.** **Malware is trying to redirect the browser to a spoofed page.** Suppose a certificate was issued by a Certificate Authority (CA) untrusted. In that case, the URL is displayed with strikethrough formatting, and the site content is likely to be blocked by a warning message. If a certificate is expired, the site content is likely blocked by a warning message. A warning message could indicate that malware on the computer is attempting to redirect the browser to a spoofed page. Even if the cleaning service went out of business and shut down their website, it would not generate a security message.

Answer 188

**The certificate is revoked.** **The certificate is self-signed.** **The certificate has expired.** Certificate warnings occur when a certificate is untrusted, such as a self-signed certificate, the padlock icon is replaced by an alert icon, the URL is displayed with strikethrough formatting, and the site content is likely to be blocked by a warning message. Certificate warnings occur with an invalid certificate, such as an expired certificate. Certificate warnings occur when a certificate is invalid, such as a revoked certificate. A certificate could be revoked because the site is misconfigured or malware attempts to direct the browser to a spoofed page. Certificate warnings occur when a certificate is untrusted. A certificate issued by a trusted Certificate Authority (CA) would be a trusted certificate.

Answer 189

**The second friend has Bluetooth disabled.** AirDrop is an iOs feature that allows file transfer between iOs devices and macOS devices over a Bluetooth connection. If the second friend had Bluetooth disabled, the first friend's iPhone would not discover it when trying to share the photos. AirDrop uses Bluetooth to transfer files, not Wi-Fi. Disabled Wi-Fi would not affect a Bluetooth connection. Nearby Share is the Android version of AirDrop. It is used for simple file sharing via Bluetooth. If the first friend had Bluetooth disabled, they would be alerted to turn Bluetooth on before sharing files.

Answer 190

**Provide proper documentation.** **Deal appropriately with confidential and private materials.** **Be on time.** The employee should be on time for each in-person appointment. If running late, call the customer as soon as possible to let them know. A distraction is anything that interrupts an employee from the task of resolving the ticket. Avoid any personal calls while helping the customer. Deal appropriately with confidential and private materials, showing the customer that privacy is respected by not opening files, emails, contacts, or web pages. Proper documentation should be provided so that the customer knows what to expect in terms of supported items, how long incidents may take to resolve, and so on.

Answer 191

**Scope of the change** Scope of the change may include cost, timescales, and amount of devices involved. The scope should also include the factors by which the success or failure of the change can be judged. The purpose of the change is the business case for making the change and the accumulated benefits. End-user acceptance must be accounted for when a change of plan is implemented. It can be difficult for people to adapt to new processes and easy for them to magnify minor problems into major complaints. A rollback plan is when a change can be reversed if it has harmful or unforeseen consequences.

Answer 192

**WinPE** **regedit** **msconfig** The Registry Editor (regedit) is a tool for making direct edits to the registry database, such as manually removing registry items. The System Configuration Utility (msconfig) can be used to perform a safe boot to prevent any infected code from running at startup. The Windows Preinstallation Environment (WinPE) can be used to run commands from a clean command environment after booting the computer with a recovery disc. Disk Clean-up (cleanmgr) is a Windows utility tool that tracks files that can be safely erased, such as temporary files, to reclaim disk space.

Answer 193

**Pro** **Enterprise** **Education** The principal distinguishing feature of the Pro, Enterprise, and Education editions is joining a domain network. The Enterprise edition can also join a domain network. Windows Enterprise has the full feature set but is only available via volume licensing. The Education edition can also join a domain network. Windows Education/Pro Education are variants of the Enterprise and Pro editions designed for licensing by schools and colleges. Home is the only edition that cannot join a domain network. The Windows Home edition is designed for domestic consumers and possibly small office home office (SOHO) business use.

Answer 194

**Low-level formatting** A low-level formatting tool resets a disk to its factory condition. Most of these tools will incorporate some sanitize function. The standard formatting tool deletes partitions and writes a new file system that will only remove references to files and mark all sectors as useable. Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a “clean” state, ready to be passed to the new owner. This overwriting method is suitable for all but the most confidential data. Shredding is when the disk is ground into little pieces. A mechanical shredder works in much the same way as a paper shredder.

Answer 195

**BIOS** Basic input/output (BIOS) password is a piece of authentication information that may sometimes require logging into a computer’s basic input/output system (BIOS) before the machine can boot up. Expiration requirement means that the user must change the password after a set period. Secure personal identifiable information (PII) and passwords are when paper copies of personal and confidential data must not leave where they could be read or stolen. This type of information should not be entered into unprotected plain text files, word processing documents, or spreadsheets. Disabling guest accounts allow unauthorized access to the computer and may provide some network access. It is only enabled to facilitate password-less file sharing in a Windows workgroup.

Answer 196

**Problem resolution** Problem resolution sets out the plan of action and documents the successful implementation and testing of the plan and full system functionality. Problem description records the initial request with any detail that could easily be collected at the time. Progress notes record what diagnostic tools and processes have been discovered and identify and confirm a probable cause. Escalation levels occur when an agent cannot resolve the ticket. The support team can be organized into tiers to clarify the escalation levels. The ticket owner is the person responsible for managing the ticket.

Answer 197

**Procurement life cycle** The procurement life cycle includes approval request procedure changes, determining budgets, identifying a trusted supplier or vendor for the asset, deploying implementations for installing the asset in a secure configuration, maintenance, and disposal of implements. Warranty is the asset record that includes the appropriate procurement documentation. Assigned users are when hardware assets such as workstations, laptops, smartphones, tablets, and software licenses might be assigned to individual user accounts. Knowledge base (KB) is a repository for articles that answer frequently asked questions (FAQs) and document common or significant troubleshooting scenarios and examples. Each inventory record could be tagged with a cross-reference to an internal knowledge base to implement self-service support and assist technicians.

Answer 198

**Purpose of the change** The purpose of the change is the business case for making the change and the accumulated benefits. Scope of the change may include cost, timescales, and amount of devices involved. The scope should also include the factors by which the success or failure of the change can be judged. Date and time change should be scheduled appropriately to minimize risks of system downtime or other negative impacts on the workflow of the business units that depend on the IT system being modified. Affected systems must be considered in the implementation of change. Companies should first attempt to test the change for the most significant or major changes.

Answer 199

**taskschd.msc** The Task Scheduler (taskschd.msc) runs software and scripts according to calendar or event triggers which would not help diagnose and troubleshoot internet connectivity issues. The Local Users and Groups (lusrmgr.msc) console provides an advanced interface for creating, modifying, disabling, and deleting user accounts. Privileged time is used to compare against user time. If it is much higher, the central processing unit (CPU) is likely underpowered (it can barely run Windows core processes efficiently). The System Configuration Utility (msconfig.exe) is used to modify various settings and files that affect how the computer boots and loads Windows.

Answer 200

**top** **ps** The ps command invokes the process table, a record that summarizes the currently running processes on a system. The top command lists all processes running on a Linux system like ps. It acts as a process management tool by enabling users to prioritize, sort, or terminate processes interactively. The grep (globally search a regular expression and print) command is used to search and filter the contents of files. Linux users can use man to view the help pages for a particular command. For example, use man to view the help pages for the man command.

Answer 201

**Hardware token** An external hardware token is a smart card or USB form factor device that stores cryptographic user identification data. The user must present the token and supply a password, PIN, or fingerprint scan to authenticate. Central processing unit (CPU) requirements refer to the performance and features of the computer’s main processor. A demanding application, such as graphic design software or a game, will not help the company to use a more secure authentication method. An integrated graphics card would also not help the company to use a more secure authentication method.

Answer 202

**Corporate-use license** A corporate-use license is for multiple users, which means the company can install the software on an agreed-upon number of computers for its employees to use simultaneously. The company will offer a valid license with the product key. These can be non-expired licenses as well. A personal license allows the product to be used by a single person at a time, though it might permit installation on multiple personal devices. Data retention requirements are regulations that set a maximum period for data retention. The regulation might also demand that information be retained for a minimum period. Digital music and video are often subject to copy protection and digital rights management (DRM).

Answer 203

.apk An .apk file is a format for Android. The vulnerability manager only has Apple in their environment. Unknown sources enable untrusted apps to be downloaded from a website and installed using the .APK file format. DMG (disk image) format is used for simple installs where the package contents need to be copied to the Applications folder. PKG format is used where app setup needs to perform additional actions, such as running a service or writing files to multiple folders. The app is placed in a directory with a .APP extension in the Applications folder when it has been installed.

Answer 204

chkdsk chkdsk scans the file system and disk sectors for faults and can attempt to repair any problems detected. The format command writes a new file system to a drive. This process deletes any data existing on the drive. This could be catastrophic if used in the wrong way. The xcopy command is a utility that allows administrators to copy the contents of more than one directory at a time and retain the directory structure. Diskpart is the command interface underlying the Disk Management tool. Diskpart deals with partitions and management.

Answer 205

**Disguised links** **Inconsistent sender and reply to addresses** **Urgency** Many phishing emails have a sense of urgency so that the recipient will act now or else it will be too late. In business, this could be an email that appears to be from the boss, who needs something right away. The email sender's address (the FROM address) should be consistent with the REPLY-TO address. Links in phishing emails can be disguised. For example, a link that appears to be www.microsoft.com, reveals a very different URL, such as www.maliciouslink.com, when the cursor hovers over the link. An email with no signature is not an indicator of phishing.

Answer 206

**Additional drivers** Use the additional drivers' button to make drivers available for different client operating systems. For example, if the print server is Windows 10 64-bit, it can make 32-bit Windows 7 drivers available. Configuring the proxy settings will not help with printer functionality. The settings for proxy information can be found in internet options. A mapped drive is a share that has been assigned to a drive letter on a client device. To map a share as a drive, right-click it and select Map Network Drive. A file server would not help with printer functionality, although a printer server could assist with this endeavor.

Answer 207

**Adware or spyware infection** All of the symptoms listed in this scenario are common to adware and spyware. Another symptom is redirection, where a user tries to open one page but gets sent to another. The goal of ransomware is extortion. Ransomware encrypts files to shut down access to data until payment is made. A DNS server mapping domain names to the wrong IP addresses is an example of a redirection attack, where a user is redirected to a malicious site. It does not generate the other symptoms. HOSTS is a legacy means of mapping domain names and IP addresses. If corrupted and incorrectly mapped, it is a redirection attack, and the other symptoms do not occur.

Answer 208

**Updating an application** **Installing a program** Whenever an application or program is installed, a restore point is created. A restore point is also created whenever an application or program is updated. Deleting a file will not create a restore point. Likewise, when using System Restore to roll back to an earlier date, the user's documents, pictures, and other data are not deleted. However, software and drivers installed after the restore point will be uninstalled. A restore point is not created when a computer is rebooted, but Windows will create a restore point if one has not occurred in seven days.

Answer 209

**Risk levels** Risk levels are included in the risk assignment that could be expressed as a discrete value or as a traffic light-type of indicator, where red is high, orange is moderate risk, and green is minimal risk. Sandbox testing is a computing environment designed to replicate the production environment but isolated from it. A rollback plan is when a change can be reversed if it has harmful or unforeseen consequences. End-user acceptance must be accounted for when a change of plan is implemented. It can be difficult for people to adapt to new processes and easy for them to magnify minor problems into major complaints.

Answer 210

**Login script** Login script performs configuration or process activity when the user signs in. A login script can be defined via the user profile or assigned to an account via group policy. Group policy configures computer settings and user profile settings. A group policy can also be used to deploy software automatically. Mobile device management (MDM) is a class of software designed to apply security policies to mobile devices in the enterprise. A home folder is a private drive mapped to a network share to store personal files. The home folder location is configured via the account properties on the Profile tab using the connect to box.

Answer 211

**Hold the mobile device closer to the reader and wait.** Contactless card readers use near-field communication (NFC). NFC normally works at up to two inches (6 cm), so moving the device closer to the reader could solve the problem. Turning on airplane mode will disconnect NFC. Biometric authentication allows a user to perform a biometric scan to operate an entry or access a system. Typical features used include facial pattern, iris, retina, fingerprint pattern, and signature recognition. Radio Frequency ID (RFID) is a means of identifying and tracking objects, such as parcels, equipment, or access badges, using specially encoded tags.

Answer 212

**Pro for Workstations** Windows Pro for Workstations has many of the same features as Pro but supports more maximum RAM and advanced hardware technologies, such as persistent system RAM (NVDIMM). Windows Pro is designed for usage in small- and medium-sized businesses and can be obtained using original equipment manufacturer (OEM), retail, or volume licensing. The Enterprise edition has several features not available in the Pro edition, such as support for Microsoft’s DirectAccess virtual private networking technology, AppLocker, and more. The Windows Home edition is designed for domestic consumers and possibly small office home office (SOHO) business use.

Answer 213

**Phishing** **Social engineering** Social engineering uses deception and trickery to convince users to provide sensitive data or violate security guidelines. People are susceptible to social engineering as part of the human condition, so training is necessary to overcome that instinct. Phishing is when an attacker sends an email from a supposedly reputable source, such as a bank, to elicit private information from the victim. It is easy to be duped by phishing emails, so training is necessary so users can identify these scams. Hashing is an encryption process that takes any amount of data as input and produces a fixed-length value as output. Jailbreaking subverts the security controls built into the operating system to gain unrestricted system-level access.

Answer 214

**.sh** .sh is the Linux shell script extension by convention. Every shell script starts with a shebang line designating which interpreter to use, such as Bash or Ksh. It includes a series of commands that run consecutively to carry out tasks. .ps1 is the PowerShell script file. Microsoft provides the Windows PowerShell Integrated Scripting Environment (ISE) for rapid development. .vbs is the VBScript file extension. VBScript predates Powershell. The wscript.exe interpreter executes VBScript by default. .bat is the Windows batch file extension. A shell script for the basic Windows CMD interpreter is often described as a batch file.

Answer 215

**Evil twin** Evil twin attack is like phishing, but instead of an email, the attacker uses a rogue wireless access point to try to harvest credentials. Whaling is an attack directed specifically against levels of management in the organization. Upper management may also be more vulnerable to common phishing attacks because of their reluctance to learn basic security procedures. An insider threat is an employee or other person with immediate access to internal components of the company or organization. A spoofing threat is any attack where the threat actor can masquerade as a trusted user or computer.

Answer 216

**yum** **apt-get** apt-get is a command interface for the Advanced Packaging Tool (APT). APT is used by Debian distributions and works with .deb format packages. yum is the command interface for YUM. Yum install PackageName installs a new application. As part of the iproute2 package, the ip command has options for managing routes and the local interface configuration. The command ip addr replicates the basic reporting functionality of ifconfig (show the current address configuration). df ("disk free") lets the user view the device's free space, file system, total size, space used, percentage value, and mount point.

Answer 217

**BitLocker** BitLocker is a disk encryption product available with all Windows editions except for the Home edition. Full disk encryption carries a processing overhead, but modern computers usually have the processing capacity to spare. It can also be used with removable drives in its BitLocker To Go form. Port security triggers are based on the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP) port number used by the application protocol. Application security triggers are based on the process that listens for connections. Inheritance permission assigned to a folder is automatically inherited by the file and subfolder created under the folder.

Answer 218

**Year** **Time of year** The number 16 in build 1607 corresponds to the year (2016) of release. The 07 portion of build 1607 represents the month (07/July) of release. The current version of Windows 10 at the time of writing is 21H2, released in the second half of 2021. Versioning is not part of it. Windows 10 and Windows 11 represent the currently supported versions of the Windows client OS. The architecture is not part of it either. Each version and edition of Windows 10 was originally available as 32-bit (x86) or 64-bit (x64) software. A 32-bit CPU can only run the 32-bit editions. A 64-bit CPU can run either.

Answer 219

**Application support** **Hardware compatibility** **Backup files** Hardware compatibility is a consideration. The user must make sure that the central processing unit (CPU), chipset, and RAM components are sufficient to run the OS. Application and driver support and backward compatibility are other considerations. Most version upgrades try to maintain support for applications and device drivers developed for older versions. Backup files and user preferences are a consideration. If the user is installing a new operating system or doing a clean install, the user should back up any necessary data and settings. Most computers now come with a Preboot eXecution Environment (PXE)–compliant firmware and network adapter to support this boot option and is not necessarily a consideration.

Answer 220

**Natural bristle brush** **Compressed air blaster** **PC vacuum cleaner** A compressed air blaster can be used to dislodge dust from difficult-to-reach areas. When performing this sort of maintenance within a controlled area, wear an appropriate air-filter mask and goggles. The PC vacuum cleaner can be used to blow air and suction to replace the need for the compressed air canister. Such vacuums should be labeled as toner safe. Natural bristle brushes remove dust from inside the system unit, especially from the motherboard, adapter cards, and fan assemblies. Domestic vacuum appliances should not be used as they can produce high levels of static electricity.

Answer 221

**C&C network connection was detected.** The IT specialist did not inspect the firewall configuration and therefore failed to find the changes that allowed a command and control (C&C) network to establish a connection. Domain Name System (DNS) spoofing is when an attacker directs a victim away from a legitimate site and towards a fake site. Port forwarding is the process in which a router takes requests from the internet for a particular application and sends them to a designated host on the LAN. Cross-site scripting (XSS) is when a malicious script is hosted on the attacker's site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser's security model of trusted zones.

Answer 222

**Targeted advertising** Legitimate apps are interested in tracking a user's location for targeted advertising. For example, Facebook tracks the location of its users for that very reason, although it is facing scrutiny over privacy issues. Geotagging is adding geographic data and location to photos. An app would not track a user's location to tag their pictures. Redirection is a malware attack, where the malware corrupts the Domain Name System (DNS) and search provider to force users to spoofed sites. The pursuit of clicks typically is the area of interest for adware since developers are paid when users click on the advertisements.

Answer 223

**PIN** Personal identification numbers (PINs) are used on most devices to enable screen lock authentication and generate an encryption key. The PIN can act as a primary or backup authentication method. Swipe is a gesture that means that access to the device is unauthenticated. Simply swiping across the screen will unlock the device. Pattern requires the user to swipe a “join-the-dots” pattern. The pattern method has numerous weaknesses. Facial recognition is a method that creates a template computer from a 3-D image of the user’s face. A facial bio gesture has the advantage of using the camera rather than a special sensor.

Answer 224

**Scan the system using different antivirus software.** **Update the antivirus software.** Since the installed antivirus software did not pick up the malware infection, scanning the system with a different antivirus product is a good option since some products pick up what others do not. The antivirus software may not have detected the malware infection because it was not updated. Updating antivirus software before running scans is a best practice. Logging on to a malware-infected system as an administrator exposes their privileged account access credentials for the malware to exploit. Removing the malware is a few steps ahead of the current scenario.

Answer 225

**File Explorer View tab** On the File Explorer View tab, among many other options, users can configure hidden extensions, hidden files, and hide operating system files. On the File Explorer General tab, users can set options for the layout of Explorer windows and switch between the single-click and double-click styles of opening shortcuts. Ease of Access settings configures input and output options to best suit each user. There are three main settings groups. The Internet Options Control Panel applet exposes the configuration settings for Microsoft’s Internet Explorer (IE) browser. The Security tab restricts what types of potentially risky active content are allowed to run.

Answer 226

**Low battery charge** **OS update** **Too many apps open** If a battery is almost out of charge, it could cause slowness, as will a faulty battery or other faulty hardware. If too many apps are open, a phone could become slow because the open apps are consuming most of the phone's resources. An operating system (OS) update on an older phone can severely impact performance. A mesh network provides communication between devices or nodes using some type of mesh networking, such as Z-Wave or Zigbee, which uses less power and makes it easier for smart devices to forward data between nodes.

Answer 227

**Potentially Unwanted Application (PUA)** An untrusted source is when an installer cannot be verified through a digital signature or has been a security risk and is likely to expose the user to unwanted adverts. Some untrusted sources do not block ads or have pop-up blockers. As the browser is a security-critical type of software, it is particularly important to use a trusted source, such as an app store. Likewise, if installed as a desktop application, the user should ensure using a reputable vendor. Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices. A secure connection validates the host's identity running a site and encrypts communications to protect against snooping.

Answer 228

**Zero-day attack** A zero-day attack is a vulnerability exploited before the developer knows about it or can release a patch. These can be extremely destructive, as it can take the vendor a lot of time to develop a patch, leaving systems vulnerable for days, weeks, or even years. End of life (EOL) system is where the software vendor no longer provides support or fixes problems. Bring your own device (BYOD) provides modeling that allows employees to use personal mobile devices to access corporate systems and data. Impersonation means that the social engineer develops a pretext scenario to interact with an employee.

Answer 229

**ISOs** ISO files stored on removable media or a host system are often used to install virtual machine operating systems. A mountable ISO is often used to install complex apps, such as databases, where there are many separate components and large file sizes to install. An ISO file could be distributed on physical media, such as CD/DVD or a USB thumb drive, but typically is done through file sharing on an enterprise network. An ISO can be downloaded, although the administrator should check to ensure that the file hash matches the official hash. While the administrator is probably routing through a proxy at their company, most proxies have a file size limit that they do not scan if over a certain size.

Answer 230

**Spyware** Spyware is malware that can perform browser reconfigurations, such as allowing tracking cookies, changing default search providers, opening arbitrary pages at startup, adding bookmarks, and many more. Viruses are concealed within the code of an executable process image stored as a file on a disk. Trojans are malware concealed within an installer package for software that appears to be legitimate. The malware will be installed alongside the program and executed with the same privileges. Boot sector viruses can infect the boot sector code or partition table on a disk drive.

Answer 231

**3-2-1 backup rule** 3-2-1 backup rule is a best-practice maxim that users can apply to their backup procedures to verify that they are implementing a solution to mitigate the widest possible range of disaster scenarios. Grandfather-father-son (GFS) is a backup rotation scheme that uses son tapes to store the most recent data and have the shortest retention period. Grandfather tapes are the oldest and have the longest retention period. Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds. The synthetic full backup is not generated directly from the original data but instead assembled from other backup jobs.

Answer 232

**Support** Given the unpredictable state of IT staffing, the software might be available with paid-for support to obtain updates, monitor and fix security issues, and provide technical assistance. With licensing, commercial software must be used within the constraints of its license but is likely to restrict the number of devices on which the software can be installed. Complex apps can have a substantial and expensive user-training requirement, which can be an ongoing cost as new versions can introduce interface or feature changes. When selecting applications for installation on desktops, proper security considerations need to be made regarding potential impacts to the device (computer) and the network.

Answer 233

**Failed attempts lockout** Failed attempts lockout is when a maximum number of incorrect sign-in attempts occur within a certain period. Once the maximum number of incorrect attempts has been reached, the account will be disabled. Concurrent logins limit the number of simultaneous sessions a user can open. Most users should only need to sign in to one computer at a time. Use timeout/screen lock is when the desktop is locked if the system detects no user-input device activity. Users should not rely on this and lock the computer manually when leaving it unattended. Disable AutoRun so that malware can not be installed automatically. Some versions of Windows require an optical disc inserted or USB drive to be attached so that the AutoRun command installs.

Answer 234

**Synthetic** A synthetic full backup is not generated directly from the original data but instead assembled from other backup jobs. Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds. Retention is the period that any given backup job is kept for. Short-term retention is important for version control and for recovering from malware infection. On-site backup storage means that the production system and backup media are in the same location. Having storage in the same location risks losing both the production and backup copies of the data.

Answer 235

**.ps1** .ps1 is the PowerShell script file. Microsoft provides the Windows PowerShell Integrated Scripting Environment (ISE) for rapid development. .sh is the Linux shell script extension by convention. Every shell script starts with a shebang line that designates which interpreter to use, such as Bash or Ksh. .js is the JavaScript file extension. JavaScript is a scripting language designed to implement interactive web-based content and web applications. Most web servers and browsers are configured with a JavaScript interpreter. .py is the Python file extension. Python is a general-purpose scripting and programming language that can develop both automation scripts and software applications.

Answer 236

**64-bit only** A 64-bit application requires a 64-bit CPU and OS platform. Like operating systems, software applications can be developed as 32-bit or 64-bit software. 64-bit applications cannot be installed on a 32-bit platform. Some apps may have both 32-bit and 64-bit versions. 32-bit software applications can usually be installed on 64-bit platforms, however. 32-bit applications can run on 64-bit software, although if there is a 64-bit version available, it is probably better to run the 64-bit version if possible. 64-bit applications for personal computers cannot run on Advanced RISC Machines (ARM) architecture. ARM is an architecture for smartphones and tablets.

Answer 237

**Managed Google Play** **Apple Business Manager** Apple operates enterprise developer and distribution programs to allow private app distribution via Apple Business Manager. Google's Play Store has a private channel option for enterprise app distribution called Managed Google Play. Developer mode is a mobile-device feature designed for testing apps during development. It has no connection to how an app is delivered, whether publicly or privately. A bootleg app store is where users can find bootleg apps that closely mimic legitimate apps; this is a way of pirating apps without paying for them. It is not a private distribution channel.

Answer 238

**Hang up.** **Do not take complaints personally.** **Identify early that the customer is angry.** Identifying early that the customer is angry and trying to calm the situation down by using a low voice and soothing language and focusing on positive actions. Do not take complaints personally and do not express any anger toward the customer. Hang up and be guided by whatever policy an organization has in place, but in general, if a customer is abusive or threatening, issue a caution to warn them about this behavior. Being judgmental is not one that will help in this situation. Do not assume that the customer lacks knowledge about the system.

Answer 239

**Disk Utility** The Disk Utility app can be used to verify or repair a disk or file system. It can also be used to erase a disk with security options if users are selling or passing on a Mac. The Finder is the macOS equivalent of File Explorer in Windows. It lets the user navigate all the files and folders on a Mac. Since 2016, no Apple Mac has been sold with an inThe Remote Disc app, which lets users access a CD/DVD drive on another Mac or Windows computer. The Dock at the bottom of the screen gives one-click access to users' favorite apps and files, similar to the taskbar in Windows.