COMPTIA Questions Flashcards
What licensing options are available for Microsoft Windows Enterprise editions?
-Volume licensing
-Full packaged product (FPP) license
-Original equipment manufacturer (OEM) licensing
-Personal license
Volume Licensing
In Microsoft 10 and 11, Windows Enterprise and Education editions are only available via volume licensing. Volume licensing allows customers to obtain discounts for bulk devices or user licenses.
Windows Home and Windows Pro are available as an OEM license. Users can also obtain it via a volume licensing program.
Windows Home and Windows Pro are available as a full packaged product (FPP) license. Users can also obtain it via a volume licensing program.
Intended for products used by one person at a time, personal licenses may also allow installation on multiple devices for that single user.
What Microsoft Windows tool provides a more robust means of configuring hundreds of networked Windows computer settings, and is a much more efficient way of implementing settings across a domain than manually configuring each networked client?
-BitLocker
-Services Console (services.msc)
-Robocopy
-Group Policy Editor(gpedit.msc)
Group Policy Editor (gpedit.msc)
The Group Policy Editor (gpedit.msc) is a Microsoft Windows tool, providing a more robust means of configuring hundreds of networked Windows computer settings and policies in a Windows Domain.
BitLocker is a full-disk encryption (FDE) feature. It is available with all editions of Windows except for the Home edition and is an alternative to file encryption.
The robocopy command is a file copy utility designed to work with long file names and New Technology File System (NTFS) attributes.
The Services Console (services.msc) tool enables control over essential and nonessential Windows services by offering manual and disable options for Windows services, improving performance and security.
What do Microsoft Windows 10 Pro and Education editions have a 2 terabytes (TB) support limitation for?
-File allocation table (FAT)
-Random access memory
-Bluetooth transfer rate
-Microprocessor
RAM
Windows 10 Pro and Education editions have a 2 TB RAM support limitation, while there is a 6 TB RAM limitation for Pro for Workstations and Enterprise editions.
Windows 10 Pro, Enterprise, and Education editions support computers with multiple processors. For example, Pro and Education editions support up to 128 cores, and Pro for Workstations and Enterprise support 256 cores.
The file allocation table (FAT) is an early iteration file system. FAT provides links from one data location to another.
Bluetooth supports transfer speeds up to 24 Megabits per second (Mbps) using adapters supporting version 3 or 4 of the Bluetooth standard.
User policies and security require administration on each machine in a workgroup network. What feature will a domain network offer over a workgroup to solve the time-consuming administration of networked systems?
-Comprehensive component reports
-Centralized management
-Full-disk encryption (FDE)
-Peer-to-peer networking
Centralized management
It is necessary to centrally manage user accounts and system policies in some environments due to the number of systems to administer and security requirements. Centralized management is a feature of a domain network not offered in workgroup networking.
BitLocker is a full-disk encryption (FDE) feature providing security and is available with all Windows editions except for Windows Home.
A peer-to-peer network model is an example of a workgroup where computers share resources. However, managing each resource on the individual computers is necessary.
The System Information (msinfo32.exe) tool provides comprehensive hardware and software component reports. Running the msinfo32.exe tool will produce an inventory of system information.
Windows Pro edition comes with a host of management features designed to allow network administrators more control over each client device, and there is also a Pro for Workstations edition. What additional feature will it provide?
-Advanced hardware support
-Microsoft Desktop Optimization Pack
-Microsoft’s DirectAccess virtual private networking technology
-AppLocker software execution control
Advanced hardware support
While the Windows Pro editions come with a host of management features, the Windows Pro for Workstations edition supports more advanced hardware and hardware optimization.
The Enterprise edition has several features that are not available in the Pro edition, and support for Microsoft’s DirectAccess virtual private networking technology is one.
AppLocker software execution control is one of several features offered in the Enterprise edition. However, it does not come with Pro editions of Windows.
The Microsoft Desktop Optimization Pack is available in the Windows Enterprise edition and does not come with Windows Pro editions.
A system administrator establishes Windows domain user accounts in a Windows-only environment. After working through the administrative tools and adding the appropriate snap-ins for the Computer Management Console (MMC), what security groups could the sysadmin expect to maintain? (Select all that apply.)
-GUEST
-ADMINISTRATORS
-USERS
-ROOT
GUEST
ADMIN
USERS
Windows default security groups include Administrators. Adding a user account as a member of the Administrators group gives the account full privileges.
Windows standard accounts are members of the Users group and can shut down the computer, install, and run desktop applications. The administrator should create Accounts as a standard user unless there is a compelling reason for additional privileges.
The Guest group is one of the default security groups and is only present for legacy reasons to implement file sharing without passwords and is locked by default. Users should not use the Guest group.
The Root account is the superuser and administrative account in Linux operating systems. It can do anything on the system, so use it only when necessary.
In the Windows File Explorer Options applet, which tab allows administrators to configure settings, such as hiding extensions, hiding protected operating system files, and managing hidden fields and folders?
-VIEW
-SEARCH
-INDEXING
-GENERAL
VIEW
The View tab in the File Explorer Options applet in the Control Panel governs how Explorer shows folders and files, providing options to hide extensions, hide operating system files, and manage file attributes.
The General tab in the File Explorer Options applet, found in the Control Panel, provides a means to set options for the layout of Explorer windows and the single or double-click opening options for shortcuts.
The Search tab in the File Explorer Options applet of the Control Panel enables the configuration of the file search behavior. Indexing Options settings govern how it operates.
The Indexing Options applet is not within the File Explorer Options applet. However, it relates to searching and cataloging databases, including files and folders.
Microsoft recommends fast start-up for Windows computers. An administrator can enable it via the Power Options applet. Once enabled, how does fast start-up decrease boot times?
-By determining what to do when the laptop lid closes
-By Universal Serial BUs (USB) selective suspend
-By adjusting search and indexing behavior
-By hibernating file utilization
By hibernation file utilization
The fast start-up power saving option uses the hibernation file to instantly restore the previous system memory contents and swiftly resume computer operations.
The USB selective suspend option powers off peripheral devices to preserve energy when enabled. It is not a part of the Windows fast start-up option.
The search and indexing behavior, an advanced power option for MS Windows power plans, determines the resources allocated to folders, files, and database search and indexing. Therefore, it is not part of a fast start-up.
The Windows power plan determines what to do when the laptop lid closes. It can affect the time it takes to become operational. However, it is not part of a fast start-up option.
The Administrative Tools shortcut, located within the Control Panel, is home to what?
-Indexing Options applet
-Network and Sharing Center console
-Devices and Printers console
-Devices and Printers console
-Advanced Windows configuration consoles
Advanced Windows configuration consoles
The Administrative Tools shortcut, found within the Control Panel, is home to folder shortcuts to several Windows advanced configuration consoles, such as the Windows Defender Firewall.
The Network and Sharing Center, located within the Control Panel applet, shows network status information and is not in the administrative tool’s shortcut.
The Devices and Printers Control Panel applet is in the Windows Control Panel and is for configuring attached hardware. It is not in the administrative tool’s shortcut.
The Indexing options, located in the File Explorer shortcut, are not the administrative tool’s shortcut of the Control Panel applet, which relates to the searching and cataloging of databases.
What applet relates to and is responsible for the searching, cataloging, and database maintenance in the Microsoft Windows Control Panel?
-File Explorer Options
-Indexing Options
-Programs and Features
-Internet Options
Indexing Options
Indexing Options, found in the File Explorer options of the Control Panel applet, relate to the searching and cataloging of databases. Indexed locations include files and folders, although a common cause of search problems is a product of a corrupted index.
The File Explorer Options applet, found in the Control Panel, governs how Explorer shows folders and files, providing options to hide extensions, hide operating system files, and manage file attributes.
The Internet Options applet provides an interface to manage Microsoft’s Internet Explorer (IE) browser within the Control Panel.
The Programs and Features Control Panel applet is a Windows legacy software management interface found in the Control Panel to install and modify desktop applications and Windows Features.
A cyber technician working on a desktop computer attempts to reach the Windows Defender Firewall in the Control Panel. What shortcut within the Control Panel contains the advanced configuration consoles?
-System Information
-Administrative Tools
-Device Manager
-Service Console
Administrative Tools
The Administrative Tools shortcut is within the Control Panel and is home to the links of folder shortcuts to several Windows advanced configuration consoles, such as the Windows Defender Firewall.
The Windows Device Manager allows administrators to view, edit, and troubleshoot the properties of installed hardware, update drivers, and remove or disable devices.
The Services (services.msc) console tool enables control over essential and nonessential Windows services by offering manual and disable options for Windows services, improving performance and security. It is within the Administrative Tools folder.
The System Information (msinfo32.exe) tool provides comprehensive hardware and software component reports. Running the msinfo32.exe tool will produce an inventory of system information located within the Administrative Tools folder.
A user would like to adjust the power plan concerning what happens when closing the lid of their laptop computer. What are additional power management settings available under the advanced Power Options applet in a Microsoft Windows 2010 operating system? (Select all that apply.)
-Search and indexing behavior
-Interaction settings
-Display brightness
-Universal Serial Bus (USB) selective suspend
-Search and indexing behavior
-Display brightness
-Universal Serial Bus (USB) selective suspend
The Windows power plan provides a wide array of advanced power options. The USB selective suspend option powers off peripheral devices to preserve energy when enabled.
The search and indexing behavior is one of the advanced power options for MS Windows power plans, determining the resources allocated to folder, file, and database search and indexing.
Display brightness is one of the more apparent advanced power settings in a Microsoft Windows power plan. The brighter the display, the more power it will consume.
The interaction setting is an assistive technology that enables the user to configure the speech, eye-controlled input methods, and configures keyboard and mouse options. It is not a part of the Windows advanced power options.
A hardware break/fix technician replacing a failed hard drive on a MacBook computer has installed the operating system on the new drive. However, what accounts could the technician expect a desktop support specialist to have created and enabled when installing the macOS while setting up the operating system? (Select all that apply.)
The user accounts applet cannot be used to change the UAC settings.
The user accounts applet can be used to change the UAC settings.
The user accounts applet can be used in facilitating the creation of new accounts.
The user accounts applet cannot be used to add new accounts.
The user accounts applet can be used to change the UAC settings.
The user accounts applet cannot be used to add new accounts.
The Administrator account is the primary user account created by default when installing the macOS. Add additional users through the System Preferences, User, and Groups shortcut when needed.
Outside of the Administrator account, the optional Guest user account is available when installing the macOS. Add additional users through the System Preferences, User, and Groups shortcut when needed.
The Root account on a MacOS is a special superuser account for Unix/Linux operating systems. Due to increased security, it is disabled by default on a Mac but can be enabled, although not recommended.
The Power-user is a default Windows group account. While included in the latest Windows versions, its inclusion provides support solely to legacy applications.
What can a network technician implement to ensure that their connection to the company network will be secure when company employees work from remote locations?
-WWAN
-VPN
-Proxy server
-Metered connection
VPN
The technician can implement a virtual private network (VPN) which connects the components and resources of two (private) networks over another (public) network through a “tunnel.”
A metered network type sets a data limit within Windows to avoid the risk of exceeding the provider’s cap. The network technician can also monitor data usage by each app.
A proxy server forwards client internet requests to the internet. The proxy may also cache pages and content that multiple clients request, reducing bandwidth.
Wireless Wide Area Network (WWAN) refers to using a cellular adapter to connect to the internet. The bandwidth depends on the adapter’s supported technologies and the local cell tower.
A user connects their laptop to the internet by connecting to their cellular phone provider’s network over their phone. The user is taking advantage of what type of connection?
-WWAN
-Proxy
-Wired
-Wireless
WWAN
The user is taking advantage of a Wireless Wide Area Network (WWAN). This refers to using a cellular adapter to connect to the internet.
Almost all wired network connections are on some type of Ethernet. Therefore, the adapter’s media type must match the switch that connects the adapter.
Select the network and enter the required credentials to connect to a wireless network. If the user selects the Connect automatically option, Windows will use the network whenever it is in range.
A proxy server forwards client internet requests to the internet. The proxy may also cache pages and content that multiple clients request, reducing bandwidth.
A network technician is entering the network configuration for a host and must enter the address that distinguishes the network ID from the host ID of the IP address. Which address is this?
-Gateway
-DNS
-IP Address
-Subnet mask
Subnet mask
The subnet mask designates the number of bits applied to an IP address to mask the network ID portion from the host/interface ID portion and determines how many hosts can be on a network.
The default gateway is the IP address of a local router and is necessary so that the device can forward traffic destined for hosts with addresses in different ranges.
Domain Name System (DNS) is a service that maps fully qualified domain name labels to IP addresses on most TCP/IP networks, including the internet.
An Internet Protocol (IP) address is a format for logical host and network addressing. In IPv4, IP addressing uses a 32-bit binary address, and in IPv6, addresses use hexadecimal notation.
When manually configuring a host on a home network, which address will the user configure to be the same as the gateway?
-DNS
-Subnet mask
-VPN
-DHCP
DNS
The router usually forwards Domain Name System (DNS) queries on a home network, so the gateway and primary DNS server parameters for the user PCs will usually set to the same value.
The subnet mask is the number of bits applied to an IP address to mask the network ID portion from the host/interface ID portion.
Dynamic Host Configuration Protocol (DHCP) is a protocol used to automatically assign IP addressing information to hosts that a technician has not configured manually.
A virtual private network (VPN) connects the components and resources of two (private) networks over another (public) network.
An organization had a high IT department turnover, and the technicians are not sure which IP addresses the previous technicians statically assigned to hosts. What can the technicians do to ensure they do not assign the same IP address to multiple devices?
-WWAN
-Proxy settings
-DHCP
-VPN
DHCP
The technicians can implement Dynamic Host Configuration Protocol (DHCP) to automatically assign IP addressing information to hosts instead of configuring them statically.
A virtual private network (VPN) connects the components and resources of two (private) networks over another (public) network.
Wireless Wide Area Network (WWAN) refers to using a cellular adapter to connect to the internet. The bandwidth depends on the adapter’s supported technologies and the local cell tower.
Proxy settings allow client PCs to pass internet requests to a proxy server, which forwards them to the internet. The proxy may also cache pages and content, reducing bandwidth.
A network technician must configure each client with the IP address and Transmission Control Protocol (TCP) port to forward traffic via a proxy in Network and Internet settings unless the organization uses which of the following? (Select all that apply.)
-DNS
-Autoconfiguring proxy
-Intercepting proxy
-Transparent proxy
-Autoconfiguring proxy
-Intercepting proxy
-Transparent proxy
An intercepting proxy does not require any client configuration. Otherwise, the technician must configure each client with the IP address and TCP port to forward traffic via the proxy.
A transparent proxy does not require any client configuration, so the technician does not need to configure the clients with the IP address and TCP port to forward traffic via the proxy.
Some proxies are autoconfiguring. If the proxy is not autoconfiguring, the technician must configure each client with the IP address and TCP port to forward traffic via the proxy.
Domain Name System (DNS) is a service that maps fully qualified domain name labels to IP addresses on most TCP/IP networks, including the internet.
A network technician is configuring a network adapter. By default, which of the following protocols and services are on Ethernet and Wi-Fi adapters? (Select all that apply.)
-Client for Microsoft Networks
-DHCP
-Link-layer Topology Discovery
-Internet Protocol
-Link-layer Topology Discovery
-Internet Protocol
By default, the Internet Protocol, both IP version 4 and 6, will be on the adapter as it automatically uses the appropriate version of the protocol depending on the connecting network.
By default, the Link-layer Topology Discovery Protocol will be on the adapter. It provides network mapping and discovery functions for networks without dedicated name servers.
By default, the client for Microsoft Networks and File and Print Sharing for Microsoft Networks software will be on the adapter, but this is a client, not a protocol or service.
The IP properties will default to “Obtain an IP address automatically,” using a Dynamic Host Configuration Protocol (DHCP) server. The technician should double-click the IP properties item to configure a static address.
Every month, a user receives a bill from a provider that charges the user for the exact amount of computing, storage, and network resource units consumed the previous month. The provider bills the user for what kind of connection?
-Proxy
-Dynamic
-Static
-Metered
Metered
A user is connecting to their home folder at \server1\home$\jdoe. What is \server1\home$\?
-Application exception
-File server
-Shared folder
-Mapped drive
Shared folder
\server1\home$ is a shared folder created with the appropriate permissions to allow users to read and write their own subfolder only.
A domain centralizes data storage and PC configuration so that administrators can more easily monitor them and back them up. This means that users store their data on file servers.
A mapped drive is a share that an administrator has assigned to a drive letter on a client device. To map a share as a drive, right-click it and select Map Network Drive.
Application exceptions are apps that an administrator allows through the firewall by configuring exceptions from the Windows Firewall status page.
A network technician needs to determine how many hosts to place on a network. What address can the technician use to calculate that?
-Subnet mask
-Gateway
-IP address
-DNS
Subnet mask
The subnet mask designates the number of bits applied to an IP address to mask the network ID portion from the host/interface ID portion and determines how many hosts can be on a network.
The default gateway is the IP address of a local router and is necessary so that the device can forward traffic destined for hosts with addresses in different ranges.
Domain Name System (DNS) is a service that maps fully qualified domain name labels to IP addresses on most TCP/IP networks, including the internet.
An Internet Protocol (IP) address is a format for logical host and network addressing. In IPv4, IP addressing uses a 32-bit binary address, and in IPv6, addresses use hexadecimal notation.
A home user wants their devices to keep the same IP addresses at all times, so the user is manually configuring all the hosts. Since the user’s router will forward all internet traffic, which address will the user configure to be the same as the gateway?
-DNS
-Subnet mask
-DHCP
-VPN
DNS
The router usually forwards Domain Name System (DNS) queries on a home network, so the gateway and primary DNS server parameters for the user PCs will usually be set to the same value.
The subnet mask is the number of bits applied to an IP address to mask the network ID portion from the host/interface ID portion.
Dynamic Host Configuration Protocol (DHCP) is a protocol used to automatically assign IP addressing information to hosts that a technician has not configured manually.
A virtual private network (VPN) connects the components and resources of two (private) networks over another (public) network.
What does Linux use to verify the authenticity of software packages obtained from an online source?
-An external hardware token
-Digital signatures
-A trusted platform module (TPM)
-A hash value
A hash value
Linux software gets validated by disclosing the package’s hash value. Users must generate their own hash of the package after downloading it and compare it to the value provided by the package maintainer.
To identify legitimate developers and software suppliers, Windows employs a digital signature mechanism. This validates not just the package but also the source.
An external hardware token such as a USB form factor device stores cryptographic user identification data. The user must present the token and supply a password, PIN, or fingerprint scan to authenticate.
A trusted platform module (TPM) is a standard for hardware-based storage of digital certificates, cryptographic keys, and hashed passwords. Each TPM microprocessor is hard coded with a unique, unchangeable key.
A PC user is installing an application that creates a considerably high number of temporary files and saves large amounts of user-generated data. What system requirement is most relevant to the user’s situation?
-Graphic card requirements
-Ram requirements
-CPU Requirements
-Storage requirements
Storage requirements
Storage requirements refer to how much space the software will use on the storage device during installation and space for user-generated data and temporary files.
Some programs will specify minimum requirements for CPU performance, clock speed, number of cores, or a specific CPU feature. For example, a 64-bit program requires the use of a 64-bit CPU.
There are RAM requirements for different use cases. This assumes that no other foreground program is running simultaneously. Running numerous apps at the same time will necessitate extra RAM.
A demanding program, such as a graphics design software or a game, is likely to necessitate using a specialized graphics card with its own video RAM distinct from the standard system RAM
Which of these applications will fail to run on a Windows PC with a 64-bit CPU running a 32-bit OS? (Select all that apply.)
-A 32-bit application installed with YUM
-A 64-bit application installed with an .EXE
-A 32-bit application installed with an .MSI file
-A 32-bit application installed with a .DMG
-A 32-bit application installed with YUM
-A 64-bit application installed with an .EXE
-A 32-bit application installed with a .DMG
Software programs can be in 32-bit or 64-bit versions. A 64-bit program requires a 64-bit CPU and operating system architecture and is incompatible with 32-bit platforms. However, 32-bit software programs can generally deploy on 64-bit systems.
Every software application can run under a specific operating system. For example, macOS apps support .DMG (disk image) and .PKG (package) file types.
Linux packages use the package manager the Yellowdog Updater, Modified (YUM), an open-source package-management software for Linux. Every software application can run on a particular operating system.
A 32-bit operating system or systems with 32-bit CPUs can only run 32-bit software. On Windows, a technician can install software using setup files of either the .EXE or .MSI formats.
A desktop owner is installing a new application on a macOS. What format would the setup file be?
-RPM
-DEB
-EXE
-DMG
DMG
A setup file installs desktop programs. macOS apps support DMG (disk image) and PKG (package) file types.
A setup file installs desktop programs. These are either .EXE or .MSI extensions on Windows.
Linux packages use the package manager the Yellowdog Updater, Modified (YUM), which is a free and open-source command-line package-management software for Linux machines. It uses the Red Hat Package Manager (RPM) install package format.
The Advanced Packaging Tool (APT) package manager manages Debian (DEB) packages on Linux. The setup file contains the executables, configuration files, and media files for the application. The files are extracted and transferred to a directory allocated for program installation during setup.
A company requires employees to use a USB security key to access company-owned devices. This type of requirement would be known as what?
-Dedicated graphics card
-External hardware token
-Distribution method
-32-bit operating system
External hardware token
An external hardware token such as a USB form factor device stores cryptographic user identification data. The user must present the token and supply a password, PIN, or fingerprint scan to authenticate.
A demanding program, such as a graphics design software or a game, would almost certainly necessitate using a dedicated graphics card with its own video RAM distinct from the standard system RAM.
Applications are installed on top of an operating system (OS). The distinction between a 32-bit or 64-bit OS is required for compatibility purposes to support 32-bit or 64-bit applications.
An app distribution method is how the vendor makes it available to install. For example, app stores publish many apps for users to download or purchase.
A Windows network administrator is remotely deploying new database software to individual desktops. What method would the administrator use to install the software from a network folder to Windows machines?
-Antivirus software
-Optical disks
-Group Policy Object (GPO)
-A mountable ISO
Group Policy Object (GPO)
Group Policy Objects (GPOs) in Windows may configure a machine to remotely install a program from a network folder without needing human interaction from an administrator.
An ISO file is a file that incorporates the contents of an optical disc in a single file and is used instead of physical media. Mountable ISO files act as emulated drives and are frequently installed as operating systems or complex applications.
Products, such as centrally controlled antivirus suites, frequently provide “push” deployment techniques for remotely installing the client or security sensor on each PC. This is only relevant to antivirus products.
A technician can transfer setup files using optical disks or physical media, such as a CD/DVD or a USB flash drive.
A technician is installing software on Linux using setup files in the RPM file format. What package manager would the technician be using?
-PKG
-YUM
-MIS
-APT
YUM
Linux packages use the package manager the Yellowdog Updater, Modified (YUM), which is a free and open-source command-line package-management software for Linux machines. It uses the Red Hat Package Manager (RPM) install package format.
The Advanced Packaging Tool (APT) package manager manages Debian (DEB) packages on Linux. The setup file contains the executables, configuration files, and media files for the application. The files are extracted and transferred to a directory allocated for program installation during setup.
A setup file installs desktop programs. macOS apps support DMG (disk image) and PKG (package) file types.
A setup file installs desktop programs. These are either .EXE or .MSI extensions on Windows.
What type of software secretly collects data from and provides access to the host or network?
-A program that consumes large amounts of resources
-A malicious Trojan horse program
-A program with unpatched vulnerabilities
-A program that is incompatible with existing applications
A malicious Trojan horse program
A Trojan horse is software that conceals its actual (malicious) function. Once deployed, such malware is likely programmed to steal data or enable covert remote access to the host or network.
Compatibility issues on a system or network generally prevent services from running properly. Therefore, it is best practice to ensure compatibility ahead of time when possible.
Software can influence a computer’s or network’s stability and performance. For example, the software may require more CPU and memory resources than expected or consume an unreasonable amount of network traffic.
Unpatched vulnerabilities in the software might allow worm malware to spread and damage the network. Therefore, software engineers should evaluate applications in a lab setting before fully deploying them.
What type of file represents a virtual mountable optical disk?
-ISO
-RPM
-DMG
-EXE
ISO
An ISO file is a file that incorporates the contents of an optical disc in a single file and is used instead of physical media. Mountable ISO files act as emulated drives and are frequently installed as operating systems or complex applications.
A setup file installs desktop programs. These are either .EXE or .MSI extensions on Windows.
A setup file installs desktop programs. For example, macOS apps support DMG (disk image) and PKG (package) file types.
Linux packages use the package manager the Yellowdog Updater, Modified (YUM), which is a free and open-source command-line package-management software for Linux machines. It uses the Red Hat Package Manager (RPM) install package format.
A desktop user is attempting to use a new 64-bit software application. Which of the following reasons could be why this software will not install and/or run on the desktop? (Select all that apply.)
-The software is not compatible with the OS.
-The OS is 64-bit.
-The CPU is 32-bit.
-The desktop does not meet RAM requirements.
-The software is not compatible with the OS.
-The desktop does not meet RAM requirements.
-The CPU is 32-bit
A 64-bit program necessitates a 64-bit CPU and operating system platform. Therefore, it is incompatible with 32-bit platforms. However, 32-bit software programs can install and load on 64-bit computers.
There might also be a RAM consideration. Some applications have certain hardware requirements. Running numerous apps at the same time will necessitate extra RAM.
When ordering, the user should choose the suitable OS version. For example, Windows will not be able to run the macOS operating system
If the application program is 64-bit, the CPU and operating system must likewise be 64-bit. However, if the application is 32-bit, it may run on either a 32-bit or 64-bit platform.
A technician is using the YUM package manager to install software on Linux. What setup file format does YUM use?
-EXE
-DEB
-DMG
-RPM
RPM
A technician installs Desktop applications from a setup file. Linux packages use the package manager the Yellowdog Updater, Modified (YUM), which is a free and open-source command-line package-management software for Linux machines. It uses the Red Hat Package Manager (RPM) install package format.
The Advanced Packaging Tool (APT) package manager manages Debian (DEB) packages on Linux. The setup file contains the executables, configuration files, and media files for the application. The files are extracted and transferred to a directory allocated for program installation during setup.
A setup file installs desktop programs. macOS apps support DMG (disk image) and PKG (package) file types.
A setup file installs desktop programs. These are either .EXE or .MSI extensions on Windows.
A user wants to set up two workspaces within their Windows 11 device. What feature of Windows 11 would allow the user to have more than one workspace on the same computer?
-Multiple desktops
-Multiple devices
-Multiple backups
-Multiple screens
Multiple desktops
Windows 10 and 11 features multiple desktops that allow users to set up multiple workspaces within the same device. In addition, the user can switch between them by using Windows+Tab.
Multiple screens are helpful for viewing more information at the same time. However, it would not allow the user to have multiple workspaces.
Backups protect data from loss in the case of damaged hard drives, power outages, or accidental deletion.
Having multiple devices is not what the user is requesting in this scenario. While the user could set up multiple devices, it comes at an added cost.
On an Apple Mac, what is the purpose of the COMMAND+OPTION+ESC option on a Mac operating system?
-Recovery
-Force Quit
-Spotlight Search
-Switch between desktops
Force Quit
The COMMAND+OPTION+ESC option on a macOS stops applications that no longer respond, allowing users to control hanging applications without shutting the computer down.
Mac operating systems include recovery and restore utilities. For example, to use the Mac Time Machine recovery menu on an Apple Mac, the user should hold down the COMMAND+R keys until the Apple logo appears upon startup.
On a Mac environment, pressing the COMMAND+SPACEBAR option activates the Spotlight Search option. It can search and find almost anything on a macOS.
The CONTROL+LEFT or CONTROL+RIGHT keys, when pressed on a keyboard in a macOS environment, allow a user to switch between multiple active desktops.
What file format is for installing programs in Windows?
Unsure Incorrect
YOU WERE UNSURE AND INCORRECT
-DEB
-DMG
-MSI
-PKG
MSI
Microsoft Installer (MSI) is the file format used by Windows 10 and 11 for installing software. It is known as the Windows Installer Package and is recommended in contrast to EXE file formats.
DMG (disk image) format is for simple installs where the package contents just need to be copied to the Applications folder.
Package (PKG) format is where the app setup needs to perform additional actions, such as running a service or writing files to multiple folders.
Linux packages use Debian (DEB) packages with the Advanced Packaging Tool (APT) package manager or RPM for Yellowdog Updater Modified (YUM).
The User Account Control (UAC) feature in Windows has a concern with what type of user account on a Windows machine?
-Remote desktop user
-Guest user
-Power user
-Administrator
Administrator
User Account Control (UAC) is a Windows security feature designed to protect the system against malicious scripts and attacks that could exploit the powerful privileges assigned to accounts that are members of the Administrators group.
Power users are available to support legacy applications. Historically, this group intended to have intermediate permissions between administrators and users.
The system disables the Guest user account by default. Microsoft ended support for using the Guest account to log in to Windows in a feature update. The Guest account only implements file sharing without passwords.
A remote desktop user is a standard account user who has access to log on to the desktop remotely. This can be a user that is not an administrator.
What type of local account does a user’s Windows computer utilize for legacy applications?
-Power user account
-Guest user account
-Microsoft account
-Administrator
Power user account
Power users are available to support legacy applications. Historically, this group intended to have intermediate permissions between administrators and users.
An administrator account is a local account with full access and privileges on a Windows system.
The system disables the Guest user account by default. Microsoft ended support for using the Guest account to log in to Windows in a feature update. The Guest account can only implement file sharing without passwords.
A Microsoft account gets managed via an online portal (account.microsoft.com) and identified by an email address. Configuring access to a device by a Microsoft account creates a profile associated with a local account.
The encrypting file system (EFS) is primarily for what purpose on a Windows machine? (Select all that apply.)
-Full drive encryption
-File-level encryption
-Folder-level encryption
-Removable drive encryption
-File-level encryption
-Folder-level encryption
The Encrypting File System (EFS) feature of the New Technology File System (NTFS) supports file-level encryption. However, EFS is not available in the Home edition of Windows.
The EFS feature of NTFS also supports folder-level encryption. First, open the file’s or folder’s property sheet and select the Advanced button to apply encryption. Next, check the Encrypt contents box, then confirm the dialogs.
The Windows BitLocker provides full disk encryption and is available with all editions of Windows except for the Home edition.
BitLocker To Go encrypts removable drives like a USB thumb drive. Like BitLocker, both prevent attackers from reading data from stolen hard drive disks (HDDs) or thumb drives.
Employees at a secure facility must log on to office workstations with two-factor authentication (2FA). All employees access the building with a smart card. What 2FA methods are employees most likely using to access their workstations? (Select all that apply.)
-Username and password
-Facial recognition
-PIN
-Fingerprint
PIN
Username and password
Using a username and password is a standard, single-factor authentication method used for almost all office workstations. However, this method alone is not enough to provide adequate physical security.
A personal identification number (PIN) is what employees use with a smart card to unlock user certificates that will provide access to a workstation.
Facial recognition requires a scanning device that can scan all face attributes to properly authenticate users to a service or system. Organizations do not typically use facial recognition in conjunction with a smart card.
Fingerprint requires a scanning device to scan a person’s finger. Organizations do not typically use fingerprint scanning in conjunction with a smart card.
Windows Defender Firewall uses which security feature based on Transmission Control Port (TCP) or User Datagram Protocol (UDP)?
-Application security
-Address
-Port filtering
-UAC
Port filtering
Employees have received their brand-new Windows 10 laptops to support a work-from-home initiative. Employees have already been using Office 365 applications in the office and are looking forward to picking up right where they left off. How should employees initially log on to their laptops?
-Log on as a Guest user.
-Request administrator access.
-Use their Microsoft account.
-Use a power user account.
Use their Microsoft account.
A Microsoft account is managed via an online portal (account.microsoft.com) and identified by an email address. Configuring access to a device by a Microsoft account creates a profile associated with a local account.
The system disables the Guest user account by default. Microsoft ended support for using the Guest account to log in to Windows in a feature update. The Guest account can only implement file sharing without passwords.
An administrator account has too much access and privilege. Regular users should never use administrator accounts to do non-administrative tasks.
Power users are available to support legacy applications. Historically, this group intended to have intermediate permissions between administrators and users.
A software engineer drafts a policy on execution control, emphasizing trusted/untrusted software sources. What should the engineer disable to ensure infections are not on a company device? (Select all that apply.)
-Disable autoplay.
-Disable user access.
-Disable autorun.
-Disable guest account.
-Disable autoplay.
-Disable autorun.
Legacy systems automatically run programs from disks, which could increase risks to malware. As a result, manufacturers recommend that an administrator disable any autorun feature from the device.
Newer systems use an autoplay feature, which prompts the user in the next steps. The software engineer should disable autoplay to safeguard the machine against accidental infection.
A guest account allows unauthenticated access to the computer and may provide some sort of network access. From a security perspective, the software engineer should monitor systems and networks to ensure guest services are disabled.
In account management, an administrator should restrict user accounts where only authorized systems and repositories can be accessed.
A cyber architect assists an employee in setting up their home router port forwarding configurations. What allows a device to retain the same IP each time it connects to a host?
-UPnP
-DHCP reservation
-Static WAN IP
-Screened subnet
DHCP reservation
A Dynamic Host Configuration Protocol (DHCP) reservation allows a device on the DHCP server to be assigned to the same IP address each time it connects to the host.
Some internet access packages assign static IPs or an option to pay for one. A static address can be auto-configured as a DHCP reservation. A manual configuration follows the service provider’s instructions to configure the correct address on the router’s WAN interface.
Universal Plug-and-Play (UPnP) provides a framework in which networking protocols allow networked devices to discover the network and establish services.
A screened subnet is where some hosts get placed in a separate network segment with a different IP subnet address range than the rest of the local area network (LAN).
A cyber consultant assists a contracted employee with setting up their home router firewall. What occurs when the firewall downloads curated reputation databases that associate IP address ranges, fully-qualified domain names (FQDNs), and URL web addresses with sites that host various categories?
-UPnP
-IP filtering
-Content filtering
-Port forwarding
Content Filtering
Content filtering means that the firewall downloads curated reputation databases that associate IP address ranges, fully-qualified domain names (FQDNs), and URL web addresses, with sites that host various content categories and those associated with malware, spam, or other threats.
Internet protocol (IP) filtering protects networks by allowing users to control what traffic to permit in and out of the networks.
Universal Plug-and-Play (UPnP) provides a framework in which networking protocols allow networked devices to discover the network and establish services.
Port forwarding means that the router takes a request from an internet host for a particular service and sends the request to a designated host on the LAN.
A technician is working on Home Router WAN configurations. What can a Wi-Fi Analyzer do to assist in the configurations?
-Encryption settings
-Changing a channel
-Updating firmware
-Screening the subnet
Changing a channel
Changing channels allows the access point to change bands to find the least congested channel for transmission. A Wi-Fi analyzer can identify which channel has the least congestion.
Firmware updates keep router firmware and drivers up to date with the latest patches. The updates allow the user to fix security holes and support the latest security standards.
The idea of a screened subnet is that some hosts get placed in a separate network segment with a different IP subnet address range than the rest of the LAN.
The encryption or security option allows the user to set the authentication mode. The user should set the highest standard supported by the client devices that need to connect.
An engineer is revising the organization’s policy on home router LAN and WAN configurations for employees that work from home. What is beneficial in changing the SSID?
-It orients users to the correct network.
-It disables access from a visitor network.
-It masks the network from being seen.
-It disables unused access to/from the router.
It orients users to the correct network.
The service set ID (SSID) is a simple, case-sensitive name for users to identify the wireless local area network (WLAN). The engineer should change the SSID to something that users will recognize and not confuse with nearby networks.
Most home routers automatically configure and enable a guest wireless network without a passphrase requirement. Disabling guest access mitigates the risk of unauthorized access.
Disabling unused ports is a router hardening technique where the engineer disables unused open ports for protective purposes. If the system needs a port-forwarding exception, the engineer should disable it once it is no longer needed.
Disabling broadcast of the SSID prevents any stations not manually configured to connect to the name the engineer specifies from seeing the network.
A technician prepares an organizational presentation on browser privacy settings and additional features that supplement the cookie policy and tracking protection. What uses more sophisticated techniques to prevent displaying anything that does not seem to be part of the site’s main content or functionality?
-Pop-up blocker
-Private-browsing mode
-Ad blocker
-Browser data removal function
Ad blocker
Ad blockers use more sophisticated techniques to prevent displaying anything that does not seem to be part of the site’s main content or functionality.
Pop-up blockers prevent a website from creating dialogs or additional windows. Unfortunately, some websites often use the pop-up technique to show fake antivirus and security warnings or other malicious and nuisance advertising.
Private/incognito browsing mode disables the caching features of the browser, so no cookies, browsing history, form fields, passwords, or temp files will get stored when the session closes.
Aside from the issue of websites tracking users, there are privacy concerns about the data a browser might store on the device. The clearing browsing data function removes cached data that deletes it from the browsing history.
A consultant advises an employee on the importance of browser selection and installing programs/applications onto their company computer. What questions should the consultant consider regarding trusted sources? (Select all that apply.)
-Can the source offer encrypted password management?
-Can the installer of the vendor be verified?
-Is the vendor of the program/application reputable?
-From where is the program installed?
-Can the installer of the vendor be verified?
-Is the vendor of the program/application reputable?
-From where is the program installed?
As the browser is a security-critical type of software, it is particularly important to use a trusted source, such as an app store. Likewise, if installed as a desktop application, the user should ensure using a reputable vendor.
If the trusted source installs a program/application as a desktop application, the user should take care to use a reputable vendor.
The integrity of the installer should be verified, either by checking the vendor’s code-signing certificate or by manually comparing the hash file published by the developer with one computed for the download file.
Password managers can suggest a strong password at each new account sign-up or credential reset and autofill this value when the user needs to authenticate to the site.
A company has tasked a cyber consultant with compiling a list of approved sources for the company network. What describes an untrusted source?
-It involves the use of a source that cannot be verified.
-It suggests strong passwords at each new sign-up.
-It involves the use of a source that contains a verified digital signature.
-It takes any amount of data and produces a fixed-length value.
-It involves the use of a source that cannot be verified.
Using a browser from an untrusted source, which cannot verify the installer through a digital signature or hash, is a security risk.
As the browser is a security-critical type of software, it is particularly important to use a trusted source, such as an app store. Likewise, if installed as a desktop application, the user should ensure using a reputable vendor.
A hash is a short representation of data. A hashing function takes any amount of data as input and produces a fixed-length value as output.
Password managers can suggest a strong password at each new account sign-up or credential reset and autofill this value when the user needs to authenticate to the site.
A consultant drafts a point paper for the organization’s cyber department discussing the various methods of securing data. What is a tenet of hashing?
-It involves the use of a source that contains a verified digital signature.
-It suggests strong passwords at each new sign-up.
-It involves the use of a source that cannot be verified.
-It takes any amount of data and produces a fixed-length value.
-It takes any amount of data and produces a fixed-length value.
A hash is a short representation of data. A hashing function takes any amount of data as input and produces a fixed-length value as output.
Password managers can suggest a strong password at each new account sign-up or credential reset and autofill this value when the user needs to authenticate to the site.
As the browser is a security-critical type of software, it is particularly important to use a trusted source, such as an app store. Likewise, if installed as a desktop application, the user should ensure using a reputable vendor.
A security risk is using a browser from an untrusted source, which cannot verify the installer through a digital signature or hash.
A technician reviews organizational protocols surrounding browser privacy settings. What is the benefit of using an ad blocker?
It clears cached data from the computer’s browsing history.
It prevents a website from creating dialogs.
It prevents displaying anything not part of the site’s main content.
It disables the caching features of the browser.
It prevents displaying anything not part of the site’s main content.
Ad blockers use more sophisticated techniques to prevent displaying anything that does not seem to be part of the site’s main content or functionality.
Pop-up blockers prevent a website from creating dialogs or additional windows. Unfortunately, some websites often use the pop-up technique to show fake antivirus and security warnings or other malicious and nuisance advertising.
Private/incognito browsing mode disables the caching features of the browser, so no cookies, browsing history, form fields, passwords, or temp files will get stored when the session closes.
Aside from the issue of websites tracking users, there are privacy concerns about the data a browser might store on the device. The clearing browsing data function removes cached data that deletes it from the browsing history.
A software engineer is reviewing a help ticket where an employee can not access their account due to corrupted files but has to regain the data. What method allows the engineer to take uncorrupted data and place it in a new account for the employee?
-Reimage a device.
-Roll back an update.
-Restore a device.
-Rebuild a Windows profile.
Rebuild a Windows profile
Operating systems allow users to rebuild a profile by taking uncorrupted data and adding it to the functional profile.
Restoring a device allows users to regain data by reverting it to a previously saved point. However, not all data updates may be available in the previous profile.
Reimaging a device allows a user to move one profile to another machine or allow the computer to set organizational standards, like specific tools and applications applied to the profile.
In some instances, having newly installed drivers with bugs or drivers that are not fully tested results in computer issues. Rolling back an updated driver allows the user to regain access to a useable profile and continue work until the driver is repaired or replaced.
A cyber architect analyzes a computer returned for application and performance issues. As part of their analysis, the architect uses a utility that has a manual interface to review system files and restores stored files if found to be corrupt or damaged. What is the architect using to test files?
-Time drift
-Windows repair
-SFC
-Requirement verification
SFC
The System File Checker (SFC) utility tool uses a manual interface to verify system files and restore stored files from a cache deemed corrupt or damaged.
Time drift occurs when the battery on the motherboard becomes weak. This can lead to sync issues with operating systems and other programs.
Windows repair is accomplished by testing, fixing, reinstalling, and restoring files from a previous instance to get the program/application in a workable state.
An architect should review program/application minimum CPU requirements to ensure that the selected device will meet the computing needs of the software and alleviate performance issues. Maxing out the computer capabilities, also known as stretching, will lead to performance issues.
A cyber technician is troubleshooting a company computer that exhibits performance issues. What steps should the technician take in their troubleshooting strategy? (Select all that apply.)
-Check for misconfigurations.
-Check RTC battery.
-Check for overheating.
-Verify the problem.
-Check for misconfigurations.
-Check for overheating.
-Verify the problem.
The first step in troubleshooting performance issues is to check for overheating. Overheating causes the CPU and other components not to function correctly, causing performance issues with the machine.
The second step is to check for misconfigurations. A machine built with non-compatible parts will lead to performance issues.
The third step in troubleshooting for performance issues is to verify the problem. A computer has computing, storage, and networking functions, of which any of these three can cause performance issues.
Checking the real-time clock (RTC) battery is not a troubleshooting step for performance issues but rather an issue tied to time drift.
A cyber architect troubleshoots a computer with the message that reflects “OS not found.” What recovery mode command prompts repair of the master boot record (MBR)?
-NTUSER.DAT
-bootrec/fixmbr
-bootrec/fixboot
-bootrec/rebuildbcd
-bootrec/fixmbr
If the system firmware reports the disk’s presence but Windows still will not boot in a no OS found situation, use a startup repair tool to open a recovery mode command prompt. bootrec/fixmbr attempts repair of the MBR. If the disk uses GUID partition table (GPT) partitioning, do not use this option.
Enter bootrec/fixboot to attempt repair of the boot sector.
Enter bootrec/rebuildbcd to add missing Windows installations to the boot configuration database (BCD).
NTUSER.DAT is a registry system that manages user profiles and is prone to corruption. Rebuilding a local user profile means creating a new account and then copying files from the old, corrupt profile to the new one, excluding the NTUSER.DAT file.
A cyber engineer identifies a disk drive while working on a computer, but the loader does not reflect the location. What computer issue is the engineer observing in this instance?
Time drift
Low memory warning
USB controller resource warning
No OS found
No OS found
A “no OS found” type message can appear when a disk drive is identified as the boot device but does not report the location of the OS loader.
Time drift can occur when a motherboard battery runs low and causes the clients and servers to fall out of sync with one another.
Low memory warnings can occur when a device is attempting to run several programs at one given time. A recommendation to mitigate low memory concerns is to close unused programs.
A USB controller resource warning indicates that too many devices connect to a single controller. This typically occurs if an unpowered USB hub expands the number of device peripherals.
A tech support assistant is helping an employee with a laptop issue. The reported issue suggests that recently updated applications are not opening. The employee further states they had not shut down and started their machine since updating the applications. What is required before the applications will work on the laptop?
Add resources.
Restart services.
Reboot.
Unselected
Reinstall applications.
Restart services.
Upon installing or updating certain software onto a computing/mobile device, the user must restart the device to complete the update. This is known as restarting services.
Rebooting occurs when a computing/mobile device intentionally or unintentionally restarts itself, which means that the device restarts and completes a full cycle of the operating system.
Adding resources allows users to enhance their computing experience and work by increasing memory, storage capability (whether physical or virtual), or computing power.
Instances occur when a device does not have a properly installed application, resulting in the corrupted file not allowing the application to work. As a result, this may require a user to reinstall the application for it to work.
A cyber technician successfully captures the user profile for a computer that is demonstrating performance issues. The technician moves this profile onto a new computer for the employee’s use. What is this called?
Reimage the device.
Roll back an update.
Rebuild a Windows profile.
Restore the device.
Reimage the device.
Reimaging is when a technician installs a new operating system on a device and reloads all factory-installed software onto the machine.
Rolling back updates allows a user to revert to a previously working driver. This is needed when new drivers have flaws that keep the driver from working correctly.
Rebuilding a Windows profile includes creating a new account and then copying files from the old corrupted profile to the new one.
Restoring a device to a previous state allows the user to go to the last saved point of uncorrupted files, returning the device to a working station.
A software engineer troubleshoots an “OS not found” issue on a company computer and wants to repair the boot sector. What recovery mode command prompt can the engineer use to accomplish this troubleshooting task?
bootrec/fixboot
bootrec/rebuildbcd
bootrec/fixmbr
NTUSER.DAT
bootrec/fixboot
If the system firmware reports the disk’s presence but Windows still will not boot in a no OS found situation, use a startup repair tool to open a recovery mode command prompt. Enter bootrec/fixboot to attempt repair of the boot sector.
bootrec/fixmbr attempts repair of the master boot record (MBR). If the disk uses GUID partition table (GPT) partitioning, do not use this option.
Rebuilding a local user profile means creating a new account and then copying files from the old, corrupt profile to the new one, excluding the NTUSER.DAT file, which manages user profiles and is prone to corruption.
Enter bootrec/rebuildbcd to add missing Windows installations to the boot configuration database (BCD).
A technician receives a request from an employee via a help ticket. The employee wants to return their computer to a former installation setting. What is the employee requesting the technician to complete?
Reboot the computer.
Restart services on the computer.
Reimage the computer.
Restore the computer.
Restore the computer.
Restoring a computer to a previous state allows the user to undo recent changes to programs or applications. Restoring can also be set to return the computer to its factory settings, which removes all files not associated with the initial installation of the operating system.
Reimaging is when a technician installs a new operating system on a device and reloads all factory-installed software onto the machine.
Reboot is a term used when a computer has intentionally or unintentionally restarted and cycles through the entire operating system loading process.
After certain programs/applications are installed/updated, a restart service is required. The program/application will boot and perform the desired tasks upon restart.
A cyber architect troubleshoots a computer with the message that reflects “OS not found.” What recovery mode command prompts repair of the master boot record (MBR)?
bootrec/fixmbr
bootrec/fixboot
bootrec/rebuildbcd
NTUSER.DAT
bootrec/fixmbr
If the system firmware reports the disk’s presence but Windows still will not boot in a no OS found situation, use a startup repair tool to open a recovery mode command prompt. bootrec/fixmbr attempts repair of the MBR. If the disk uses GUID partition table (GPT) partitioning, do not use this option.
Enter bootrec/fixboot to attempt repair of the boot sector.
Enter bootrec/rebuildbcd to add missing Windows installations to the boot configuration database (BCD).
NTUSER.DAT is a registry system that manages user profiles and is prone to corruption. Rebuilding a local user profile means creating a new account and then copying files from the old, corrupt profile to the new one, excluding the NTUSER.DAT file.
A cyber consultant reviews the help ticket log and notices several computers submitted for repairs due to being out of sync with other systems. What is the consultant observing in the log?
Windows repair
System file check
Requirement verification
Time drift
Time drift
Time drift occurs when the battery on the motherboard becomes weak. This can lead to sync issues with operating systems and other programs.
Windows repair is accomplished by testing, fixing, reinstalling, and restoring files from a previous instance to get the program/application in a workable state.
Requirement verification assists a user in selecting programs/applications that will successfully operate on the desired device. Extended use or stretching will result in performance issues when using programs or applications that exceed the system requirements.
A system file checker is a utility tool that provides a manual interface for verifying system files and restoring files if found to be damaged or corrupted.
A help desk technician is creating a spreadsheet that captures the concerns presented by the employees. After reviewing previous tickets, the technician creates a column for “Blue Screen of Death,” or BSOD. What does a user observe when they experience a BSOD?
It causes the computer to operate slower than expected.
It causes the computer to shut down unexpectedly.
It displays a Windows STOP error.
It causes the computer to not start up correctly.
It displays a Windows STOP error.
A blue screen of death (BSoD) displays a Windows STOP error. A STOP error causes Windows to stop working. STOP errors can occur when Windows is loading or running in an environment.
Sluggish performance occurs when the computer appears to run slower than expected. Sluggish performance can result from too many windows open at one time or several applications running in the background at the same time.
Boot problems can occur when a corrupted file keeps the operating system from loading correctly.
Frequent shutdowns can occur because of instability within the operating system or application. This instability will cause freezes, shutdowns, reboots, or power off the device without any error message.
An employee goes to several websites to purchase needed office equipment and new laptop computers. The employee selects a website that hosts laptop computers, but the page displays a site with inappropriate content. What has occurred in this situation?
The user receives a series of notifications that were not prompted by the user.
The user receives a warning that a site is untrusted.
The user attempts to open one web page but is directed to another one.
The user receives a message stating immediate action is required.
The user attempts to open one web page but is directed to another one
Redirection is where the user tries to open one page but gets sent to another. Often this may imitate the target page.
A certificate warning occurs when a user is browsing a website that may contain potential risks. While visiting a website, a small padlock next to the website address will demonstrate if the site is trusted or untrusted.
Desktop alerts alert the user for various reasons. While many desktop alerts are legitimate, there are several instances in which a bad actor will manipulate users to download infected software/packets.
Unwanted notifications are those alerted messages that appear on a device’s display without the user’s approval or desire.
A cyber architect reviews desktop symptoms and wants to learn more about file system errors and anomalous behaviors. Which are NOT considered symptoms of security issues in the file system? (Select all that apply.)
Certificate warnings
Missing or renamed files
Altered personal or system documents
Desktop alerts
Certificate warnings
Desktop alerts
A certificate warning occurs when a user is browsing a website that may contain potential risks.
Desktop alerts alert the user for various reasons. While many desktop alerts are legitimate, there are several instances in which a bad actor will manipulate users to download infected software/packets. One method of sending out nefarious malware is through a push notification.
Symptoms of security issues in the file system include altered system files or personal files with date stamps and file sizes different from known-good versions.
An additional symptom of security issues in the file system includes renaming or deleting files.
A software engineer is drafting a memo that focuses on anomalous system behavior regarding system security. What is a symptom of malware introduction to a computer’s file system?
The OS fails to update.
The device presents a series of certificate warnings.
The device displays unwanted notifications.
The file names of saved work changed.
The file names of saved work changed.
Symptoms of security issues in the file system include files being renamed or deleted.
Unwanted notifications are alerted messages that appear on a device’s display without the user’s approval or their desire.
An operating system (OS) update failure is a serious issue as this update failure could leave the device exposed to unpatched vulnerabilities.
A certificate warning occurs when a user is browsing a website that may contain potential risks. While visiting a website, a small padlock next to the website address will demonstrate if the site is trusted or untrusted.
A cyber consultant is reviewing the company’s policy on security issues. What are symptoms associated with security issues within file systems? (Select all that apply.)
The device is displaying a message requiring immediate action.
The devices files have been renamed.
The device has altered system files.
The device is unable to access the network.
-The devices files have been renamed.
-The device has altered system files.
Symptoms of security issues in the file system include altered system files or personal files with date stamps and file sizes different from known-good versions.
An additional symptom of security issues in the file system is missing or renamed files.
When the computer is slow or “behaving oddly,” one of the things that a technician should suspect is that malware has infected the device. A symptom can include the host being unable to access the network or internet.
Desktop alerts alert the user for various reasons. While many desktop alerts are legitimate, there are several instances in which a bad actor will manipulate users to download infected software/packets.
A software engineer is reviewing the various concerns associated with certificate warnings. What are common issues tied to certificate warnings? (Select all that apply.)
It is self-signed or issued by a CA that is not trusted.
It changes or deletes targeted files.
The FQDN requested by the browser is different from the subject name listed.
It has expired or is listed as revoked.
-It is self-signed or issued by a CA that is not trusted.
-It has expired or is listed as revoked.
-The FQDN requested by the browser is different from the subject name listed.
There are many causes of certificate warnings. One common cause is the certificate is self-signed or issued by a certificate authority (CA) that is not trusted.
Another common cause is the fully qualified domain name (FQDN) requested by the browser is different from the subject name listed in the certificate.
Another common cause includes a certificate that is expired or listed as revoked. Each of these warnings could indicate either a misconfigured site or that some malware on the computer is attempting to redirect the browser to a spoofed page.
Symptoms of security issues in the file system include missing or renamed files.
A technician reviews the CompTIA A+ manual regarding malware symptoms associated with performance issues. What is considered a performance symptom?
Permissions for files have been modified.
The host cannot access the network or the network is slow.
The system files have been altered.
The files of data have been modified by name or are missing.
The host cannot access the network or the network is slow.
When the computer is slow or “behaving oddly,” one of the things that the technician should suspect is malware infection. One performance symptom associated with malware is that the host cannot access the network, or internet access or network performance is slow.
Another marker for malware infection is the changes to system files and file permissions. Symptoms of security issues in the file system include missing or renamed files.
Another symptom of security issues is the existence of altered system files.
A third symptom associated with security issues is that there are modified permissions for the files.
A cyber technician is drafting a memorandum to advise employees of current risks associated with using the internet. One of the topics in this memorandum focuses on site redirection. What type of malware has a blunt means of driving traffic through a site?
Spyware
Adware
Frequent pop-ups
Certificate warning
Adware
Redirection is where the user tries to open one page but gets sent to another. Often this may imitate the target page. This is just a blunt means of driving traffic through a site in adware.
Redirection is where the user tries to open one page but gets sent to another. Often this may imitate the target page. Spyware may exploit it to capture authentication details.
Advertisements are not affiliated with desktop alerts and occur, in most instances, without the user’s desire to view them. Nefarious actors can use pop-up advertisements as a method to victimize users.
A certificate warning occurs when a user is browsing a website that may contain potential risks.
A software engineer is having issues with one of the company laptops and believes it may have malware. What is a symptom that the device may have been affected by malware?
The device is showing a display to take immediate action.
The devices files have been renamed.
The device is unable to access the network.
The device has altered system files.
The device is unable to access the network.
When the computer is slow or “behaving oddly,” one of the things that the engineer should suspect is that malware has infected the device. A symptom can include the host being unable to access the network or internet.
Symptoms of security issues in the file system include altered system files or personal files with date stamps and file sizes different from known-good versions.
An additional symptom of security issues in the file system is missing or renamed files.
A desktop alert is a notification that alerts the user for various reasons, such as receipt of an email or message or a reminder for a meeting or task requirement.
A technician uses the internet to purchase new computer components and is shopping for the best price. After reviewing several sites, the technician began receiving advertisements for related and unrelated products for the items they were looking for. What is the technician receiving?
Certificate warnings
Desktop alerts
Frequent pop-ups
Antivirus warnings
Frequent pop-ups
Frequent pop-ups occur when multiple advertisements or announcements appear on a computing device not initiated by the user’s request.
A desktop alert is a notification sent to the user suggesting an immediate response. In some instances, a malicious actor will send push notifications to gain a victim.
A certificate warning occurs when a user is browsing a website that may contain potential risks.
Nefarious actors can use a false alert through an antivirus warning to create a ruse where the victim completes the action of the warning prompt and compromises their device.
An employee works on their company computer and receives a push notification to download and install software to remain compliant. Upon clicking the link in the notification window, malware inserts into the device. What message did the employee receive?
Certificate warning
Unwanted notifications
Desktop alert
Antivirus warning
Desktop alert
A desktop alert is a message transmitted to the user. In nefarious instances, a malicious actor develops a ruse by sending a push notification requesting immediate action, or something negative will transpire. This can use fear and an immediate reaction to clicking the link versus confirming an issue exists.
Nefarious actors can use a false alert through an antivirus warning to create a ruse where the victim completes the action of the warning prompt and compromises their device.
Unwanted notifications are alerted messages that appear on a device’s display without the user’s approval or desire.
A certificate warning occurs when a user is browsing a website that may contain potential risks.
An employee is working on their company computer and begins getting pop-up notifications. Which notifications would be considered desktop alerts? (Select all that apply.)
An advertisement
Immediate download
Software install and upgrade
Push notification
-Software install and upgrade
-Push notification
Desktop alerts alert the user for various reasons. While many are legitimate, there are several instances in which a bad actor will manipulate users to download infected software/packets. One method of sending out nefarious malware is through a push notification.
A second desktop alert that can victimize a user is a message declaring an immediate download is needed, or the system will shut down/fail.
A third desktop alert that can contain malicious code is a message wanting the user to download and install software provided by the attached link.
Advertisements are not affiliated with desktop alerts and occur, in most instances, without the user’s desire to view them. Nefarious actors can use pop-up advertisements as a method to victimize users.
An engineer is reviewing the various symptoms associated with malware infections. What is NOT a symptom associated with security system errors?
The system files have been altered
Permissions for files have been modified
The files of data have been modified by name or are missing
The host cannot access the network or network performance is slow
The files of data have been modified by name or are missing
When the computer is slow or “behaving oddly,” one of the things that the engineer should suspect is malware infection. One performance symptom associated with malware is that the host cannot access the network, or internet access or network performance is slow.
One marker for malware infection is a change to system files or file permissions. Symptoms of security issues in the file system include identifying that altered system files are present.
Another system issue in file systems is finding modified permissions for files.
A third system issue with file system symptoms includes finding renamed filenames or completely missing files.
A cyber associate reviews the company policy on troubleshooting desktop symptoms of malware infection. What is a key indicator that malware infection has occurred in security-related applications?
Certificate warning
OS update failure
No access to network
Desktop alert
OS update failure
One of the key indicators of malware infection is that security-related applications, such as antivirus, firewall, and Windows Update, stop working. Additionally, operating system (OS) updates may fail, leaving the device in a compromised status.
A certificate warning occurs when a user is browsing a website that may contain potential risks.
When the computer is slow or “behaving oddly,” one of the things that a technician should suspect is that malware has infected the device. A symptom can include the host being unable to access the network or internet.
A desktop alert is a notification sent to the user suggesting an immediate response. In some instances, a malicious actor will send push notifications to gain a victim.
A cyber technician explores the various types of notifications that they can observe on the organization’s computers. What is unique to desktop alerts?
It is a notification that a website may be untrustworthy.
It is a notification that attempts to ruse the user.
It is a notification advising immediate action.
It is an unapproved notification on the display.
It is a notification advising immediate action.
A desktop alert is a message transmitted to the user. In nefarious instances, a malicious actor develops a ruse by sending a push notification requesting immediate action, or something negative will transpire. This can use fear and an immediate reaction to clicking the link versus confirming an issue exists.
Nefarious actors can use a false alert through an antivirus warning to create a ruse where the victim completes the action of the warning prompt and compromises their device.
Unwanted notifications are alerted messages that appear on a device’s display without the user’s approval or desire.
A certificate warning occurs when a user is browsing a website that may contain potential risks.
A software agent has completed the fifth step of CompTIA’s best practices procedure on malware removal while working on a company device. While enabling system restore is part of the sixth step, what else should the agent consider part of that process? (Select all that apply.)
Secure use of software, such as browsers and email clients.
Verify DNS configuration.
Re-enable software firewalls.
Create a fresh restore point or system image.
-Verify DNS configuration.
-Re-enable software firewalls.
-Create a fresh restore point or system image.
As the sixth step, enabling system restore and creating a new Windows restore point should occur after completing scans to ensure malware removal. One part of this step includes the creation of a fresh restore point of a system image.
An additional matter to consider when re-enabling and creating restore points is to ensure that the technician re-enables the software firewalls.
A third measure to consider when re-enabling and creating new restore points is to verify the domain name system (DNS) configuration to ensure that the device does not get reinfected.
Securing the use of software browsers and email clients is not part of the sixth step, as that falls under the seventh step.
A cyber technician follows the CompTIA best practice procedure on malware removal and is ready to remediate one of the company’s infected systems. What tools are synonymous in remediating infected systems? (Select all that apply.)
Sandbox
Antivirus software
Quarantine
Anti-malware software
-Antivirus software
-Anti-malware software
The main tool to use to remediate an infected system will be antivirus software.
While there were differences in the past, the terms antivirus and anti-malware are synonymous. Almost every antivirus product protects against a broad range of viruses, worms, file-less malware, Trojan, rootkit, ransomware, spyware, and cryptominer threats.
Upon identifying the infected system, the technician should move it to a physically or logically secure segment or sandbox.
The second sub-step within step 5 of the best practice procedure created by CompTIA for malware removal involves using scanning and removal techniques.
A consultant is troubleshooting a system reported as being infected by malware. The office’s protocol is to follow the CompTIA best practice procedure. According to the procedure, what considerations should the consultant place while quarantining the infected system? (Select all that apply.)
Move the infected system to a sandbox.
Disconnect the network link.
Schedule scans and run updates.
Scan attached removable media devices for malware.
-Move the infected system to a sandbox.
-Disconnect the network link
-Scan attached removable media devices for malware.
Putting a host in quarantine means that it cannot communicate on the main network. A threat actor might use backdoor malware to attempt to access other systems. One of the first actions should be to disconnect the network link.
A second concern tied to quarantining the infected system is to ensure the malware impacted no connected devices therefore, it is important to scan removable media.
Upon identifying the infected system, quarantine protocol recommends moving the infected system to a physically/logically secure sandbox.
The fifth step in the CompTIA best practice procedure for malware removal is to schedule scans and run updates.
A cyber technician removes malware from the organization’s system and follows the guidance presented by CompTIA. While remediating the infected system, what should the technician be doing?
Remediate infected systems.
Quarantine the infected systems.
Update the anti-malware software.
Disable system restore in Windows
Update the anti-malware software.
Step four of the CompTIA best practice procedure for malware removal includes two sub-steps; the first sub-step offers that a technician updates the anti-malware software.
The second step in CompTIA’s best practices procedure for malware removal is to quarantine infected symptoms, which means that the host will be in an area where it cannot communicate with the main network.
Before remediating infected systems, the third step in CompTIA’s procedure for removing malware is the disabled system restore in Windows.
The fourth step of the CompTIA best practice procedure for malware removal includes two sub-steps; the second sub-step includes scanning and removal techniques.
A technician reviews step 2 of the CompTIA best practice procedure for malware removal. While quarantining infected systems, what should the technician do first?
Disconnect the network link.
Scan attached removable media devices for malware.
Update anti-malware software.
Move the infected system to a sandbox.
Disconnect the network link.
Putting a host in quarantine means that it cannot communicate on the main network. A threat actor might use backdoor malware to attempt to access other systems. One of the first actions should be to disconnect the network link.
Step four of the CompTIA best practice procedure for malware removal includes two sub-steps; the first sub-step offers that the technician updates the anti-malware software.
A second concern tied to quarantining the infected system is to ensure the malware impacted no connected devices therefore, it is important to scan removable media.
Upon identifying the infected system, quarantine protocol recommends moving the infected system to a physically/logically secure sandbox.
A technician is trying to troubleshoot a system impacted by malware. According to the CompTIA best practice procedure, what should also be done as a safety precaution when disabling system restore points?
Schedule a scan and run updates.
Delete old system restore points and backup copies.
Update the anti-malware software.
Use scanning and removal techniques.
Delete old system restore points and backup copies.
Upon disabling restore points, the safest option is to delete old system restore points and backup copies as they may have malware.
The fifth step in the CompTIA best practice procedure for malware removal is to schedule scans and run updates.
Step four of the CompTIA best practice procedure for malware removal includes two sub-steps; the first sub-step offers that the technician updates the anti-malware software.
The fourth step of the CompTIA best practice procedure for malware removal includes two sub-steps; the second sub-step includes using scanning and removal techniques.
A cyber architect removed malware from an employee’s computer, successfully quarantined the infected system, and disabled system restore. While following the CompTIA procedure for malware removal, what should the architect do as part of the remediation of infected systems?
Enable System Restore and create a restore point.
Quarantine infected systems
Schedule scans and run updates
Disable systems restore
Quarantine infected systems
The second sub-step within Step 5 of the best practice procedure created by CompTIA for malware removal involves scanning and removal techniques.
The fifth step in the CompTIA best practice procedure for malware removal is to schedule scans and run updates.
The second step in CompTIA’s best practices procedure for malware removal is to quarantine infected symptoms, which means that the host will be in an area where it cannot communicate with the main network.
Step four of the CompTIA best practice procedure for malware removal includes two sub-steps; the first sub-step offers that a technician updates the anti-malware software.
A cyber analyst is attempting to remove malware from a company system and is following the steps of the CompTIA best practice procedure for malware removal. What step focuses on updating anti-malware software?
Third step
Seventh step
Fifth step
Fourth step
Fourth step
Step four of the CompTIA best practice procedure for malware removal includes two sub-steps; the first sub-step offers that the analyst updates the anti-malware software.
The third step in CompTIA’s best practices procedure for malware removal is to disable system restore in Windows, which will mitigate the risk of the malware spreading to other devices.
The fifth step in the CompTIA best practice procedure for malware removal is to schedule scans and run updates.
The final step, step 7, in the CompTIA best practice procedure for malware removal is to educate the end-user. Conducting additional training will strengthen the employee’s knowledge base and mitigate future occurrences with malware.
A cyber technician removes malware from the organization’s system and follows the guidance presented by CompTIA. While remediating the infected system, what should the technician be doing?
Quarantine the infected systems.
Remediate infected systems.
Update the anti-malware software.
Disable system restore in Windows.
Update the anti-malware software.
Step four of the CompTIA best practice procedure for malware removal includes two sub-steps; the first sub-step offers that a technician updates the anti-malware software.
The second step in CompTIA’s best practices procedure for malware removal is to quarantine infected symptoms, which means that the host will be in an area where it cannot communicate with the main network.
Before remediating infected systems, the third step in CompTIA’s procedure for removing malware is the disabled system restore in Windows.
The fourth step of the CompTIA best practice procedure for malware removal includes two sub-steps; the second sub-step includes scanning and removal techniques.
A software engineer troubleshoots an employee’s mobile device, complaining that the screen will not auto-rotate. The engineer has completed the first step prescribed by CompTIA to correct the issue and is moving to the next step. What is the second step in CompTIA’s recommendations for troubleshooting auto-rotate issues?
Consider that some apps can only be used in a single orientation.
Use the notification drawer or Control Center to check that rotation lock is not enabled.
Check that the user is not touching any part of the screen as this will prevent rotation.
Make sure the battery is charged to perform the requested action.
Check that the user is not touching any part of the screen as this will prevent rotation.
The second step in troubleshooting the issues with auto-rotation of screen displays is to check that the user is not touching any screen part to prevent rotation.
The first step is to use the notification drawer or Control Center to check that the rotation lock is not enabled.
Making sure that the user charged the battery is not used for troubleshooting auto-rotation issues with mobile devices but more for troubleshooting signals and reboot issues.
The third step is to consider that users can only use some apps in a single orientation.
A cyber technician prepares a briefing on troubleshooting devices with operating system issues. What common issue can impact OS updates, cause the device to reboot randomly, or present a slow response?
Battery issues
Failure to create a communication link, such as Bluetooth
Failure to establish a connection with the Wi-Fi
Connectivity issues, such as NFC
Battery Issues
Battery life issues can directly impact operating systems and connectivity as it produces less power than what is required of the machine, programs, or/and signal.
Connectivity issues, such as near-field communication (NFC) transactions, do not impact the operating system, cause the device to reboot, or slow the device from working correctly.
Bluetooth linkage is also a connectivity matter and does not impact the operating system, cause device reboots, or slow down the computer processing speed.
Wi-Fi connections allow devices to connect to the internet but do not impact the operating system, cause random reboots, or impact the operating system.
A helpdesk technician receives a computer in their triage department where the customer is complaining that their device is constantly rebooting at random times. What could be causing the random reboots? (Select all that apply.)
The device is overheating.
The device has a low battery charge.
Applications are failing to close.
The device has a faulty battery or other hardware.
-The device is overheating.
-The device has a low battery charge.
-The device has a faulty battery or other hardware.
A device can randomly reboot if it overheats. Devices will shut down if a device gets too hot to reduce the risk of component swelling or the device will shut down if it catches on fire.
A device can also reboot randomly if a low-charged battery is powering the device. Certain applications and programs require a lot of computing power, and a low-charged battery could disrupt the program from booting.
A device can also randomly reboot if it uses a faulty battery or other hardware malfunction.
An application fails to close or crashes when there are attempts to end the application’s session, and the device does not close the program.
A consultant is troubleshooting an employee’s mobile device where the employee is complaining that several of the applications are failing to update. What causes a failure in updates?
-It occurs when the system does not accept the latest version/patch.
-It occurs when the application fails to stop after being prompted.
-It occurs when the device does not open an application once the execution command has been initiated.
-It occurs when resources are inadequate or the app is badly written
-It occurs when the system does not accept the latest version/patch.
If an app fails to update, check that it is compatible with the current OS version. Also, verify that there is sufficient storage space and an internet connection.
A device that is slow to respond can indicate resources being inadequate (too many open apps) or badly written apps that overutilize memory or other resources.
An application fails to launch when the user presses an icon on the screen of the mobile device or attempts to run the executable file associated with an installed application, and the device does not open.
An application fails to close or crashes when attempting to end the application session, and the device does not close the program.
A technician is troubleshooting connectivity issues on a mobile device regarding Bluetooth connections. What best describes Bluetooth connectivity?
It occurs when paired devices are not in range.
It occurs when the device is outside the range of the router.
It occurs when the recipient is not on the contact list.
It occurs when a device cannot make payments through a contactless card reader.
-It occurs when paired devices are not in range.
Bluetooth issues occur when the paired devices are not in range of one another to create a communication link.
Similar to Bluetooth issues, Wi-Fi issues occur when the device cannot connect to the router for internet access.
A near-field communication (NFC) issue typically manifests when making payments via a contactless card reader. The user must unlock the device to authorize the payment and enable NFC.
AirDrop issues occur when a file transfer between iOS and macOS devices is not permitted because the recipient is not on the contact list or the AirDrop lacks the configuration to send/receive files from everyone.
A helpdesk attendant troubleshoots connectivity issues for an employee’s mobile device. What type of connectivity issues occurs when two paired devices cannot establish a communication link?
NFC
Bluetooth
Wi-Fi
AirDrop
Bluetooth
Bluetooth issues occur when the paired devices are not in range of one another to create a communication link.
Similar to Bluetooth issues, Wi-Fi issues occur when the device cannot connect to the router for internet access.
A near-field communication (NFC) issue typically manifests when making payments via a contactless card reader. The user must unlock the device to authorize the payment and enable NFC.
AirDrop issues occur when a file transfer between iOS and macOS devices is not permitted because the recipient is not on the contact list or the AirDrop lacks the configuration to send/receive files from everyone.
A cyber consultant is troubleshooting a mobile device that is having application issues. The consultant opens an application and cannot get it to stop. What is the consultant observing?
Fails to close.
Fails to launch.
Fails to update.
Slow to respond.
Fails to close.
An application fails to close or crashes when attempting to end the application session, and the device does not close the program.
An application fails to launch when the user presses an icon on the screen of the mobile device or attempts to run the executable file associated with an installed application, and the device does not open.
If an app fails to update, check that it is compatible with the current OS version. Also, verify that there is sufficient storage space and an internet connection.
A device that is slow to respond can indicate resources being inadequate (too many open apps) or badly written apps that overutilize memory or other resources.
A technician is troubleshooting connectivity issues on a mobile device where the employee is complaining that they can not complete near-field communication (NFC). How can an NFC issue be described?
It occurs when a device cannot make payments through a contactless card reader.
It occurs when paired devices are not in range.
It occurs when the device is outside the range of the router.
It occurs when the recipient is not on the contact list.
It occurs when a device cannot make payments through a contactless card reader.
A near-field communication (NFC) issue typically manifests when making payments via a contactless card reader. The user must unlock the device to authorize the payment and enable NFC.
AirDrop issues occur when a file transfer between iOS and macOS devices is not permitted because the recipient is not on the contact list or the AirDrop configuration does not permit sending/receiving files from everyone.
Similar to Bluetooth issues, Wi-Fi issues occur when the device cannot connect to the router for internet access.
Bluetooth issues occur when the paired devices are not in range of one another to create a communication link.
A cyber consultant reviews the company’s policy on managing root access security concerns and mobile-device management suites. What makes advanced configuration settings and diagnostic/log data available?
Developer mode
Spoof
Root access
APK source
Developer mode
Developer mode makes advanced configuration settings and diagnostic/log data available. It should not necessarily weaken the security configuration, but it should be used only for actual app development work and not enabled routinely.
Android devices allow applications to be downloaded and installed from untrusted external third-party sources using the Android package (.apk) format.
A malicious app will typically spoof a legitimate app by using a similar name and using fake reviews and automated downloads to boost its apparent popularity.
The term “jailbreaking” or “root access” has become popular for exploits that enabled users to obtain root privileges, sideload apps, change or add carriers, and customize the interface.
A cyber architect is writing a memorandum on the mobile security symptoms associated with malware. What should the architect include as part of these symptoms? (Select all that apply.)
Fake security warnings
High number of ads
Sluggish response time
Unexpected application behavior
-Fake security warnings
-High number of ads
A nefarious actor uses fake security warnings through scareware to persuade users to install an app or give a Trojan app additional permissions.
Malware is likely to collect data in the background or perform processing such as cryptomining. This might cause excessive power drain and high resource utilization and cause other apps to perform sluggishly.
Free apps are all supported by advertising revenue, so a high level of ads is not necessarily a sign of an actively malicious app. Still, if ads are unexpected or displayed in the browser without authorization, this might indicate some tracking or spyware activity.
Regarding malware concerns, unexpected application behavior might manifest as requests for permissions or the use of camera/microphone devices.
A cyber engineer creates a training packet on what employees should look for regarding leaked personal and corporate files. What proactive measures should the employees and engineer look for regarding this topic? (Select all that apply.)
Excessive bandwidth should be monitored.
Websites should be set for immediate notification.
Linked devices to the data should be quarantined.
Two-step verification should be monitored.
-Websites should be set for immediate notification.
-Linked devices to the data should be quarantined.
-Two-step verification should be monitored.
If there is a personal or corporate data leak, each device that could have been a source for the files must be quarantined and investigated as a possible source of the breach.
Users should also be alert to two-step verification notifications, especially when new devices have attempted to access an account or there are unexpected password changes.
Whenever a website or service suffers a data breach and leaks personal files/data, it should notify users immediately.
Excessive bandwidth is important to monitor as a malicious actor may have taken over a system; however, this is a concern that falls with high network traffic and not leaked data.
A helpdesk consultant is reviewing the impacts of malware on mobile and computer assets. What can signify that malware is causing excessive power drain and high resource utilization and cause other apps to perform slowly?
Fake security warnings
High network traffic
Data-usage limit notifications
Unexpected application behavior
Data-usage limit notifications
Data-usage limit notifications can signify that malware is causing excessive power drain and high resource utilization and cause other apps to perform slowly.
A nefarious actor uses fake security warnings through scareware to persuade users to install an app or give a Trojan app additional permissions.
Regarding malware concerns, unexpected application behavior might manifest as requests for permissions or the use of camera/microphone devices.
Excessive bandwidth is important to monitor as a malicious actor may have taken over a system; however, this is a concern that falls with high network traffic and not leaked data.
A cyber architect is writing a paper on root activity security concerns and the use of developer mode. What are the characteristics of placing a device into developer mode? (Select all that apply.)
It makes advanced configuration settings and log data available.
It enables users to obtain root privileges, sideload applications, and customize interfaces.
It should be used only for application development.
It can be purposely misused to install bootleg applications.
-It makes advanced configuration settings and log data available
-It should be used only for application development.
-It can be purposely misused to install bootleg applications.
Developer mode makes advanced configuration settings and diagnostic/log data available.
Developer mode should not necessarily weaken the security configuration, but equally, it should be used only for actual app development work and not enabled routinely.
Users can purposefully misuse developer mode to install bootleg apps. Technicians can typically configure mobile-device management to block devices that have developer mode enabled.
The term “jailbreaking” or “root access” has become popular and is used for exploits that enable the user to obtain root privileges, sideload apps, change or add carriers, and customize the interface.
A cyber specialist troubleshoots a mobile device showing limited internet connectivity to websites. What can cause this decrease in connectivity?
Malware may be collecting data in the background.
Malware may be corrupting the domain name system.
An actor uses scareware to persuade users to install a nefarious application.
An actor uses advertisements as a ruse to track a user’s activity.
Malware may be corrupting the domain name system.
Malware is likely to corrupt the DNS or search provider to perform redirection attacks and force users to spoofed sites, causing limited connectivity to legitimate sites.
Malware is likely to collect data in the background or perform processing such as cryptomining. This might cause excessive power drain and high resource utilization and cause other apps to perform sluggishly.
Scareware uses fake security warnings to persuade users to install apps or give a Trojan app additional permissions.
Free apps are all supported by advertising revenue, so a high level of ads is not necessarily a sign of an actively malicious app. Still, if ads are unexpected or displayed in the browser without authorization, this might indicate some tracking or spyware activity.
A technician is performing an inventory of computer systems on a network. What allows asset management scanners and software to track a device’s location?
Barcode
RFID Tag
Inventory list
Network topology diagram
RFID Tag
A radio frequency identification (RFID) tag is a chip programmed with asset data. When in range of a scanner, the chip powers up and signals that scanner. The scanner alerts the management software of the device’s current location.
A technician can affix a barcode to a hardware asset to make inventories easier for an organization. Each barcode pattern represents a unique instance of a hardware type.
An inventory list is a list of all tangible and intangible assets and resources an organization has. This can include but is not limited to hardware, software, office furniture, etc.
A diagram shows how assets are used in combination to deliver a service. A network topology diagram shows how assets are linked as nodes.
When creating a new ticket in the ticketing system, a technical support agent must enter all relevant ticket information related to the issue. Where should the agent go to get an accurate initial description of the problem?
Device inventory record
System log
The affected user
Asset ID
The affected user
The affected user is the primary source for gathering an initial description of the device’s problem.
The device inventory record tracks all devices on hand, commonly by service tag or asset ID. This is not a part of the ticketing system, but they can link it to the system.
An asset ID is a unique tag assigned to a device to identify it in an inventory database.
The system log contains information about events that affect the core OS. These include service load failures, hardware conflicts, driver load failures, network issues, and so on.
When onboarding or offboarding an employee, a company generates a list of steps that must be followed to ensure that all processing for that employee is complete. Which of the following are the correct lists that are generated? (Select all that apply.)
New-user setup checklist
Intellectual property
Inventory list
End-user termination checklist
-New-user setup checklist
-End-user termination checklist
A new-user setup checklist is a list generated by a company that will walk a new user through all of the required onboarding steps for that company or role. Typical tasks include identification/enrollment with secure credentials, allocation of devices, and allocation of permissions/assignments to security groups.
An end-user termination checklist is an offboarding checklist for an employee that is changing positions, retiring, or is being terminated.
An inventory list is a list of all tangible and intangible assets and resources an organization has. This can include but is not limited to hardware, software, office furniture, etc.
Intellectual property (IP) assets are intangible assets that an organization controls. This can include copyrights, trademarks, and any sensitive information that could harm the company if lost or stolen.
What part of the ticketing system does a support agent use to group related tickets?
Incident reports
Issue description
Categories
Incident severity
Categories
Categories group related tickets together. This helps support agents to assign related tickets to the relevant support team. Within a ticketing system, a user may be allowed to select the primary category that their issue relates to. Still, the agent will ensure the user selects the correct category and subcategory.
The user supplies a description of the issue. The agent might ask clarifying questions to ensure an accurate initial description.
An incident report is a more in-depth look at the problem for critical and major incidents.
Incident severity is a category used to prioritize or escalate tickets with higher levels of severity.
What phase of a procurement life cycle implements a procedure for installing an asset in a secure configuration?
Deployment
Procurement
Change management
Maintenance
Deployment
The deployment phase of the procurement life cycle is when a technician implements a controlled procedure to install software or hardware assets in a secure configuration.
Change management procedures approve a request for a new or upgraded asset, taking account of impacts to business, operations, networks, and existing devices.
The procurement phase in the asset procurement life cycle is the process of determining the available budget and identifying a trusted vendor or supplier.
The technician implements the maintenance phase of the procurement life cycle to monitor and support the use of an asset.
What port do third-party screen-sharing applications like TeamViewer and LogMeln use to connect over the internet?
TCP Port 80
TCP Port 22
TCP Port 23
TCP Port 443
TCP Port 443
Web browsers use Port 443 to create an HTTPS (secured) connection to a remote server. This is the protocol that many third-party applications use to establish secure screen-sharing connections.
Secure Shell (SSH) uses TCP Port 22 by default. If unable to connect, check the firewall and ensure that this port is allowed for inbound and outbound traffic.
The telnet protocol uses Port 23. Telnet provides access to a variety of systems and servers. It commonly uses this for remote maintenance of routers and other networking devices.
Web browsers use Port 80 to create an HTTP (unsecured) connection to a remote server.
A user attempts to connect to a server using a secure shell connection. What default port does the user need to enable on the computer’s firewall to allow the connection?
TCP Port 443
TCP Port 23
TCP/UDP Port 80
TCP Port 22
TCP Port 22
Secure Shell (SSH) uses TCP Port 22 by default. If unable to connect, check the firewall and ensure that this port is allowed for inbound and outbound traffic.
Telnet protocol uses Port 23. Telnet provides access to a variety of systems and servers. They commonly use it for remote maintenance of routers and other networking devices.
Web browsers use TCP/UDP Port 80 to create an HTTP (unsecured) connection to a remote server.
Web browsers use Port 443 to create an HTTPS (secured) connection to a remote server.
A user is working with a technician to solve a software problem on their computer. What application allows a user to ask for help from a technician or co-worker via an invitation file protected by a passcode?
Secure Shell (SSH)
Virtual private network (VPN)
Remote Desktop Protocol (RDP)
Microsoft Remote Assistance (MSRA)
Microsoft Remote Assistance (MSRA)
Microsoft Remote assistance (MSRA) allows a user to ask for help from a technician or co-worker by an invitation file protected by a passcode. The helper opens the invitation file to connect to the remote system.
A virtual private network allows users to connect to an office computer or network remotely and securely. A VPN is also commonly used to allow for anonymous web browsing on the internet.
Windows uses the Remote Desktop Protocol (RDP) to implement terminal server and client functionality.
Secure Shell (SSH) connects to a command interpreter rather than a desktop window manager using encryption to protect the session.
