CompTIA Practice Exam 1 Flashcards
The System Restore tool in Windows is used to roll back configuration changes to an earlier date or restore point. One option for creating restore points is to use Task Scheduler. What other actions will create a restore point? (Select all that apply.)
Rebooting
Installing a program
Deleting a file
Updating an application
-Installing a program
-Updating an application
Whenever an application or program is installed, a restore point is created.
A restore point is also created whenever an application or program is updated.
Deleting a file will not create a restore point. Likewise, when using System Restore to roll back to an earlier date, the user’s documents, pictures, and other data are not deleted. However, software and drivers installed after the restore point will be uninstalled.
A restore point is not created when a computer is rebooted, but Windows will create a restore point if one has not occurred in seven days.
A Windows administrator wants to learn how to use Linux by installing the Linux subsystem for Windows. What should their version of Windows have on the New Technology File System (NTFS) to support case-sensitive naming and hard links required by Linux?
Indexing
POSIX
Journaling
32-bit allocation table
POSIX
To support UNIX/Linux compatibility, Microsoft engineered NTFS to support case-sensitive naming, hard links, and other key features UNIX/Linux applications require. This is known as POSIX compliance.
When data is written to an NTFS volume, it is re-read, verified, and logged via journaling. In the event of a problem, the sector concerned is marked as bad and the data relocated.
FAT32 is a variant of FAT that uses a 32-bit allocation table, nominally supporting volumes up to 2 TB. The maximum file size is 4 GB minus 1 byte.
The Indexing Service creates a catalog of file and folder locations and properties, speeding up searches.
A user disables some of the laptops’ services, thinking it would speed up performance. After restarting the laptop, “One or more services failed to start” appears. When the IT specialist opens the Services snap-in, they identify the failed service and restart it, but that does not fix it. Which of the following scenarios best explains why the restart did not work?
The user disabled a dependent service.
The failed service was set to delayed start.
The IT specialist should have restored the failed service instead of restarting.
The failed service was deleted.
The user disabled a dependent service.
Most Windows services are dependent on other services to run. If the user disabled a service that the failed service depended on, it would fail to start.
Service is restored if it is missing or has been deleted. The failed service still exists but failed to start due to disabled dependency.
Setting a service to delayed start is a way to improve Windows boot time since these services will not start until all other services are loaded. This setting will not cause a service to fail.
If the failed service were deleted, it would not have appeared as a service that failed to start.
A user is about to join a Zoom call and plugs in USB-C headphones with a built-in microphone to the computer’s USB 3 port. A message appears that there are “not enough USB controller resources.” Evaluate the situation and select the best fix for the problem.
Run the SFC to locate and update the USB controller drivers.
Open the Resource Monitor to verify the headphone’s operating system and hardware requirements are compatible with the computer’s existing resources.
Connect the headphones to a USB 2 port.
Close all running programs to free up memory.
Connect the headphones to a USB 2 port
“Not enough USB controller resources” is a common warning with USB 3 ports and is generally caused by connecting too many devices. It also occurs when one device exceeds the controller’s allocated endpoints. A USB 2 port has more endpoints, so switching often solves the problem.
Closing programs can free up memory on the PC, but it does not address the resource allocation issue of the USB controller.
Verifying requirements and compatibility with the computer system’s resources does not resolve USB Controller problems.
System File Checker (SFC) is a Windows utility that scans and restores system files. It does not update drivers.
An attacker uses a technique against a wireless network that allows them to flood access points with too many packets. What is this called?
DoS
On-path attack
Insider threat
DDoS
DoS
A denial of service (DoS) attack causes a service at a given host to fail or become unavailable to legitimate users.
An on-path attack is a specific type of spoofing where the threat actor can covertly intercept traffic between two hosts or networks, allowing the threat actor to read and possibly modify the packets.
An insider threat is an employee or other person with immediate access to internal components of the company or organization.
Distributed DoS (DDoS) means that the attacks are launched from multiple compromised systems, referred to as botnet, to perform the attack against its target.
A video game development company is purchasing upgraded laptops to develop cutting-edge graphics for a new story they have been marketing. They want to be able to integrate persistent system RAM. What type of operating system should they use for support?
Pro
Pro for Workstations
Enterprise
Home
Pro for Workstations
Windows Pro for Workstations has many of the same features as Pro but supports more maximum RAM and advanced hardware technologies, such as persistent system RAM (NVDIMM).
Windows Pro is designed for usage in small- and medium-sized businesses and can be obtained using original equipment manufacturer (OEM), retail, or volume licensing.
The Enterprise edition has several features not available in the Pro edition, such as support for Microsoft’s DirectAccess virtual private networking technology, AppLocker, and more.
The Windows Home edition is designed for domestic consumers and possibly small office home office (SOHO) business use.
A technician uses a backup method that reflects how much lost work can be tolerated. What is this method?
Retention
Frequency
Full with differential
Full with incremental
Frequency
Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.
Retention is the period that any given backup job is kept for. Short-term retention is important for version control and for recovering from malware infection.
Full with incremental means that the chain starts with a full backup and then runs incremental jobs that select only new files and files modified since the previous job.
Full with differential means that the chain starts with a full backup and then runs differential jobs that select new files and files modified since the original full job.
Before an IT team can submit an application for change, it must include a document that includes an analysis of risks associated with performing the change and risks that might be incurred through not performing the requested change. What type of document is this?
Scope of the change
Affected systems
Purpose of the change
Date and time change
Purpose of the change
The purpose of the change is the business case for making the change and the accumulated benefits.
Scope of the change may include cost, timescales, and amount of devices involved. The scope should also include the factors by which the success or failure of the change can be judged.
Date and time change should be scheduled appropriately to minimize risks of system downtime or other negative impacts on the workflow of the business units that depend on the IT system being modified.
Affected systems must be considered in the implementation of change. Companies should first attempt to test the change for the most significant or major changes.
What uses a 4-way handshake to allow a station to associate with an access point, authenticate its credential, and exchange a key to use for data encryption?
MFA
WPA2
TKIP
WPA3
WPA2
Wi-Fi protected access 2 (WPA2) was designed to fix critical vulnerabilities in the earlier WEP standard. WPA2 used the AES cipher deployed within the counter mode, blocking the changing message CCMP.
Temporal key integrity protocol (TKIP) tries to mitigate the various attacks against WEP developed by producing a new 128-bit encryption key for every packet sent on the network.
Multifactor authentication (MFA) allows the machine to establish a trust relationship and create a secure tunnel to transmit the user credentials or perform smart card authentication without a user password.
Wi-Fi protected Access (WPA3) uses passphrase-based group authentication of stations in private mode; it changes the method this secret is used to agree with session keys.
What technique is used on hard drives that reset them to factory condition and the hard drives only contain the information necessary to interact with a file system?
Low-level formatting
Certificate of destruction
Third-party vendor
Erasing/wiping
Low-level formatting
A low-level formatting tool resets a disk to its factory condition. Most of these tools will now incorporate some sanitize function. Secure erase (SE) and instant secure erase (ISE) are two functions under this tool.
Third-party vendors may use overwriting or crypto-erase and issue a certificate of recycling rather than destruction.
A certificate of destruction shows the make, model, and the serial number of each drive that was handled, plus the date of destruction and how it was destroyed.
Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a “clean” state, ready to be passed to the new owner.
A server administrator wants to run the latest technologies. What technology should the administrator start using which will replace the New Technology File System (NTFS)?
ReFS
ext3
APFS
exFAT
ReFS
Resilient File System (ReFS) is being developed to replace NTFS. ReFS is only available for Pro for Workstations and Enterprise editions and cannot currently be used for the boot volume.
Most Linux distributions use some version of the extended (ext) file system to format partitions on mass storage devices. ext3 is a 64-bit file system with journaling support.
Where Windows uses NTFS and Linux typically uses ext3 or ext4, Apple Mac workstations and laptops use the proprietary Apple File System (APFS).
exFAT is a 64-bit version of FAT designed for use with removable hard drives and flash media.
A client uses this software that allows access to a given computer. What is this software?
File transfer
Screen-sharing
Videoconferencing
Desktop management
Screen-sharing
Screen-sharing is software that is designed to work over HTTPS across the internet. This is secure because the connection is encrypted but also easier to implement as it does not require special firewall rules.
Some web-conferencing and videoconferencing software, like Microsoft Teams and Zoom, provides a screen-sharing client that participants may control.
With file transfer, users can choose a file-sharing protocol that can be used across all connected hosts. It allows configuring permissions on the share and provisioning user accounts that are recognized by both the server and client.
Desktop management suites are designed for deployment by a single organization and focus primarily on access control and authorization.
A server administrator experiences performance issues on a server and needs to narrow down the source of the problem. The server is an externally facing website with high visibility for the company. The longer the site is having issues, the more customers might notice and possibly damage the company’s reputation. What can the administrator use to view and log performance statistics? (Select all that apply.)
msinfo32.exe
perfmon.msc
resmon.exe
devmgmt.msc
perfmon.msc
resmon.exe
Resource Monitor (resmon.exe) is used to view and log performance statistics. A Microsoft Management Console (MMC) contains one or more snap-ins used to modify advanced settings for a subsystem.
Performance Monitoring (perfmon.msc) is also used to view and log performance statistics. The administrator can use this to identify the source of the issue.
Device Manager (devmgmt.msc) allows the administrator to view and edit the properties of installed hardware. Users can change hardware configuration settings, update drivers, or remove/disable devices.
The System Information (msinfo32.exe) tool produces a comprehensive report about the system’s hardware and software components.
An administrator is backup chaining a database with the type of backup that utilizes a moderate time and storage requirement. What type of backup is this?
Frequency
Retention
Full with differential
Full with incremental
Full with differential
Full with differential means that the chain starts with a full backup and then runs differential jobs that select new files and files modified since the original full job.
Full with incremental means that the chain starts with a full backup and then runs incremental jobs that select only new files and files modified since the previous job.
Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.
Retention is the period that any given backup job is kept for. Short-term retention is important for version control and for recovering from malware infection.
A manager for a large corporation is in charge of client machines and is currently undergoing a lifecycle hardware refresh. They want to optimize the machines to be powerful enough to run applications. The manager also wants to be sure that they are not underpowered either. What can the manager use to determine CPU optimization?
Privileged time
Pages/sec
Disk queue length
User time
Privileged time
If privileged time is much higher than user time, the central processing unit (CPU) is likely underpowered (it can barely run Windows core processes efficiently).
If overall processor time is very high (over 85% for sustained periods), it can be helpful to compare these. Privileged time represents system processes, whereas user time is software applications.
If the disk queue length increases and disk time is high, then the manager has a disk problem.
Pages per second are the number of pages read from or written to disk to resolve hard page faults, which means memory moves processes to the page file.
A company needs to set up perimeter security to control and monitor who can approach the building. Which of the following should the company use? (Select all that apply.)
Access control vestibule
Folder redirection
Guard
Fencing
-Access control vestibule
-Guard
-Fencing
Fencing is generally effective and needs to be transparent, so guards can see any attempt to penetrate it.
Access control vestibule is where one gateway leads to an enclosed space protected by another barrier that restricts access to one person at a time. Bollards are barricades that prevent vehicles from crashing into the building or exploding a bomb near it.
Guards can be placed in front of and around a location to protect it. They can monitor critical checkpoints and verify identification, allow, or disallow access, and log physical entry occurrences.
Folder redirection changes the target of a personal folder, such as the Documents folder, Pictures folder, or Start Menu folder, to a file share.
Advanced malware infection may require manual removal. Which of the following tools assists in manual malware removal? (Select all that apply.)
msconfig
cleanmgr
WinPE
regedit
-msconfig
-WinPE
-regedit
The Registry Editor (regedit) is a tool for making direct edits to the registry database, such as manually removing registry items.
The System Configuration Utility (msconfig) can be used to perform a safe boot to prevent any infected code from running at startup.
The Windows Preinstallation Environment (WinPE) can be used to run commands from a clean command environment after booting the computer with a recovery disc.
Disk Clean-up (cleanmgr) is a Windows utility tool that tracks files that can be safely erased, such as temporary files, to reclaim disk space.
A network administrator troubleshoots domain name system (DNS) issues that a particular user is having. Which of the following utilities will help the administrator troubleshoot DNS specifically?
gpupdate
nslookup
pathping
tracert
nslookup
If the administrator identifies or suspects a problem with name resolution, they can troubleshoot DNS with the nslookup command, either interactively or from the command prompt.
The gpupdate command is used to immediately apply a new or changed policy to a computer and account profile.
The tracert command-line utility is used to trace the path a packet of information takes to get to its target.
As an alternative to tracert, the pathping command performs a trace and then pings each hop router a given number of times for a given period.
A curious user looks through their local logs and sees errors in region-coding copy-protection mechanisms. What type of device is generating these logs?
External drive
Optical media
SSD
USB
Optical media
Consumer DVDs and Blu-rays feature digital rights management (DRM) and region-coding copy-protection mechanisms.
A flash drive is also called a USB drive, thumb drive, or pen drive. It is simply a flash memory board with a USB connector and protective cover.
A solid-state drive (SSD) uses flash memory technology to implement persistent mass storage. Flash memory performs much better than the mechanical components used in hard disk drives.
External storage devices are also used for backup and data transfer or provide a drive type not available as an internal unit.
An administrator automates the creation of folders during a Windows install process. Which command should they use in their script?
cd
dir
md
rmdir
md
To create a directory, use the MD command. For example, to create a directory called Data in the current directory, type MD Data.
To delete an empty directory, enter rd Directory or rmdirDirectory. If the directory is not empty, users can remove files and subdirectories using the /s switch.
The cd command sets the focus to a different working directory. Users can change to any directory by entering the full path.
Use the dir command to list the files and subdirectories from the working drive and directory or a specified path.
A telltale sign of a malware infection is when changes occur to system files. Which of the following is likely the result of malware-induced changes to system files? (Select all that apply.)
Files that are missing or renamed
Known-good files with expired certificates
Files with date stamps and file sizes that are different from known-good versions
Additional files with names similar to authentic system files, such as scvhost.docx or ta5kmgr.xlsx
-Files that are missing or renamed
-Files with date stamps and file sizes that are different from known-good versions
System files are an attractive target for malware because renaming or deleting them can wreak havoc on the operating system.
Hackers will alter the size of system files to hide malware or change the date stamp to cover their tracks.
While malware will add additional files with names almost the same as authentic system files, the extensions .docx and.xlsx represent Word and Excel files, respectively. These are data files, not system files. System files have extensions such as .dll and .sys.
System files do not have certificates. Certificates are a security tool used by websites to prove the server is trusted.
A technician configures a method to run some server application from a network and make it accessible to the internet. What is this method?
UPnP
Port forwarding
Disabling unused ports
DHCP reservation
Port forwarding
Port forwarding means that the router requests an internet host for a particular service and sends the request to a designated host on the LAN.
The Dynamic Host Configuration Protocol (DHCP) reservation means that the DHCP server always assigns the same IP address to the host. A user can usually choose which IP address this should be.
Disabling unused ports so that only the enabled services will be enabled. If a service is unused, then it should be accessible. If a port-forwarding rule is no longer required, it should be disabled or deleted completely.
The universal plug-and-play (UPnP) framework sends instructions to the firewall with the correct configuration parameters to allow applications to work.
A server administrator looks at which Linux supports file systems to show all available options. Which of the following are supported by Linux? (Select all that apply.)
APFS
FAT32
ext4
NTFS
-FAT32
-ext4
Most Linux distributions use some version of the extended (ext) file system. ext4 delivers better performance than ext3 and would usually represent the best choice for new systems.
Linux can also support FAT/FAT32 (designated as VFAT). Additional protocols such as the Network File System (NFS) can mount remote storage devices into the local file system.
Where Windows uses NTFS and Linux typically uses ext3 or ext4, Apple Mac workstations and laptops use the proprietary Apple File System (APFS).
The New Technology File System (NTFS) is a proprietary file system developed by Microsoft for use with Windows.
Which of the following extensions combines a scripting language with hundreds of prebuilt modules called cmdlets that can access and change most components and features of Windows and Active Directory components and features?
.sh
.js
.py
.ps1
.ps1
.ps1 is the PowerShell script file. Microsoft provides the Windows PowerShell Integrated Scripting Environment (ISE) for rapid development.
.sh is the Linux shell script extension by convention. Every shell script starts with a shebang line that designates which interpreter to use, such as Bash or Ksh.
.js is the JavaScript file extension. JavaScript is a scripting language designed to implement interactive web-based content and web applications. Most web servers and browsers are configured with a JavaScript interpreter.
.py is the Python file extension. Python is a general-purpose scripting and programming language that can develop both automation scripts and software applications.
