COMPTIA Questions Flashcards

Question

What does Linux use to verify the authenticity of software packages obtained from an online source? -An external hardware token -Digital signatures -A trusted platform module (TPM) -A hash value

Answer 1

A hash value Linux software gets validated by disclosing the package's hash value. Users must generate their own hash of the package after downloading it and compare it to the value provided by the package maintainer. To identify legitimate developers and software suppliers, Windows employs a digital signature mechanism. This validates not just the package but also the source. An external hardware token such as a USB form factor device stores cryptographic user identification data. The user must present the token and supply a password, PIN, or fingerprint scan to authenticate. A trusted platform module (TPM) is a standard for hardware-based storage of digital certificates, cryptographic keys, and hashed passwords. Each TPM microprocessor is hard coded with a unique, unchangeable key.

Answer 2

Storage requirements Storage requirements refer to how much space the software will use on the storage device during installation and space for user-generated data and temporary files. Some programs will specify minimum requirements for CPU performance, clock speed, number of cores, or a specific CPU feature. For example, a 64-bit program requires the use of a 64-bit CPU. There are RAM requirements for different use cases. This assumes that no other foreground program is running simultaneously. Running numerous apps at the same time will necessitate extra RAM. A demanding program, such as a graphics design software or a game, is likely to necessitate using a specialized graphics card with its own video RAM distinct from the standard system RAM

Answer 3

-A 32-bit application installed with YUM -A 64-bit application installed with an .EXE -A 32-bit application installed with a .DMG Software programs can be in 32-bit or 64-bit versions. A 64-bit program requires a 64-bit CPU and operating system architecture and is incompatible with 32-bit platforms. However, 32-bit software programs can generally deploy on 64-bit systems. Every software application can run under a specific operating system. For example, macOS apps support .DMG (disk image) and .PKG (package) file types. Linux packages use the package manager the Yellowdog Updater, Modified (YUM), an open-source package-management software for Linux. Every software application can run on a particular operating system. A 32-bit operating system or systems with 32-bit CPUs can only run 32-bit software. On Windows, a technician can install software using setup files of either the .EXE or .MSI formats.

Answer 4

DMG A setup file installs desktop programs. macOS apps support DMG (disk image) and PKG (package) file types. A setup file installs desktop programs. These are either .EXE or .MSI extensions on Windows. Linux packages use the package manager the Yellowdog Updater, Modified (YUM), which is a free and open-source command-line package-management software for Linux machines. It uses the Red Hat Package Manager (RPM) install package format. The Advanced Packaging Tool (APT) package manager manages Debian (DEB) packages on Linux. The setup file contains the executables, configuration files, and media files for the application. The files are extracted and transferred to a directory allocated for program installation during setup.

Answer 5

External hardware token An external hardware token such as a USB form factor device stores cryptographic user identification data. The user must present the token and supply a password, PIN, or fingerprint scan to authenticate. A demanding program, such as a graphics design software or a game, would almost certainly necessitate using a dedicated graphics card with its own video RAM distinct from the standard system RAM. Applications are installed on top of an operating system (OS). The distinction between a 32-bit or 64-bit OS is required for compatibility purposes to support 32-bit or 64-bit applications. An app distribution method is how the vendor makes it available to install. For example, app stores publish many apps for users to download or purchase.

Answer 6

Group Policy Object (GPO) Group Policy Objects (GPOs) in Windows may configure a machine to remotely install a program from a network folder without needing human interaction from an administrator. An ISO file is a file that incorporates the contents of an optical disc in a single file and is used instead of physical media. Mountable ISO files act as emulated drives and are frequently installed as operating systems or complex applications. Products, such as centrally controlled antivirus suites, frequently provide "push" deployment techniques for remotely installing the client or security sensor on each PC. This is only relevant to antivirus products. A technician can transfer setup files using optical disks or physical media, such as a CD/DVD or a USB flash drive.

Answer 7

YUM Linux packages use the package manager the Yellowdog Updater, Modified (YUM), which is a free and open-source command-line package-management software for Linux machines. It uses the Red Hat Package Manager (RPM) install package format. The Advanced Packaging Tool (APT) package manager manages Debian (DEB) packages on Linux. The setup file contains the executables, configuration files, and media files for the application. The files are extracted and transferred to a directory allocated for program installation during setup. A setup file installs desktop programs. macOS apps support DMG (disk image) and PKG (package) file types. A setup file installs desktop programs. These are either .EXE or .MSI extensions on Windows.

Answer 8

A malicious Trojan horse program A Trojan horse is software that conceals its actual (malicious) function. Once deployed, such malware is likely programmed to steal data or enable covert remote access to the host or network. Compatibility issues on a system or network generally prevent services from running properly. Therefore, it is best practice to ensure compatibility ahead of time when possible. Software can influence a computer's or network's stability and performance. For example, the software may require more CPU and memory resources than expected or consume an unreasonable amount of network traffic. Unpatched vulnerabilities in the software might allow worm malware to spread and damage the network. Therefore, software engineers should evaluate applications in a lab setting before fully deploying them.

Answer 9

ISO An ISO file is a file that incorporates the contents of an optical disc in a single file and is used instead of physical media. Mountable ISO files act as emulated drives and are frequently installed as operating systems or complex applications. A setup file installs desktop programs. These are either .EXE or .MSI extensions on Windows. A setup file installs desktop programs. For example, macOS apps support DMG (disk image) and PKG (package) file types. Linux packages use the package manager the Yellowdog Updater, Modified (YUM), which is a free and open-source command-line package-management software for Linux machines. It uses the Red Hat Package Manager (RPM) install package format.

Answer 10

-The software is not compatible with the OS. -The desktop does not meet RAM requirements. -The CPU is 32-bit A 64-bit program necessitates a 64-bit CPU and operating system platform. Therefore, it is incompatible with 32-bit platforms. However, 32-bit software programs can install and load on 64-bit computers. There might also be a RAM consideration. Some applications have certain hardware requirements. Running numerous apps at the same time will necessitate extra RAM. When ordering, the user should choose the suitable OS version. For example, Windows will not be able to run the macOS operating system If the application program is 64-bit, the CPU and operating system must likewise be 64-bit. However, if the application is 32-bit, it may run on either a 32-bit or 64-bit platform.

Answer 11

RPM A technician installs Desktop applications from a setup file. Linux packages use the package manager the Yellowdog Updater, Modified (YUM), which is a free and open-source command-line package-management software for Linux machines. It uses the Red Hat Package Manager (RPM) install package format. The Advanced Packaging Tool (APT) package manager manages Debian (DEB) packages on Linux. The setup file contains the executables, configuration files, and media files for the application. The files are extracted and transferred to a directory allocated for program installation during setup. A setup file installs desktop programs. macOS apps support DMG (disk image) and PKG (package) file types. A setup file installs desktop programs. These are either .EXE or .MSI extensions on Windows.

Answer 12

Multiple desktops Windows 10 and 11 features multiple desktops that allow users to set up multiple workspaces within the same device. In addition, the user can switch between them by using Windows+Tab. Multiple screens are helpful for viewing more information at the same time. However, it would not allow the user to have multiple workspaces. Backups protect data from loss in the case of damaged hard drives, power outages, or accidental deletion. Having multiple devices is not what the user is requesting in this scenario. While the user could set up multiple devices, it comes at an added cost.

Answer 13

Force Quit The COMMAND+OPTION+ESC option on a macOS stops applications that no longer respond, allowing users to control hanging applications without shutting the computer down. Mac operating systems include recovery and restore utilities. For example, to use the Mac Time Machine recovery menu on an Apple Mac, the user should hold down the COMMAND+R keys until the Apple logo appears upon startup. On a Mac environment, pressing the COMMAND+SPACEBAR option activates the Spotlight Search option. It can search and find almost anything on a macOS. The CONTROL+LEFT or CONTROL+RIGHT keys, when pressed on a keyboard in a macOS environment, allow a user to switch between multiple active desktops.

Answer 14

MSI Microsoft Installer (MSI) is the file format used by Windows 10 and 11 for installing software. It is known as the Windows Installer Package and is recommended in contrast to EXE file formats. DMG (disk image) format is for simple installs where the package contents just need to be copied to the Applications folder. Package (PKG) format is where the app setup needs to perform additional actions, such as running a service or writing files to multiple folders. Linux packages use Debian (DEB) packages with the Advanced Packaging Tool (APT) package manager or RPM for Yellowdog Updater Modified (YUM).

Answer 15

Administrator User Account Control (UAC) is a Windows security feature designed to protect the system against malicious scripts and attacks that could exploit the powerful privileges assigned to accounts that are members of the Administrators group. Power users are available to support legacy applications. Historically, this group intended to have intermediate permissions between administrators and users. The system disables the Guest user account by default. Microsoft ended support for using the Guest account to log in to Windows in a feature update. The Guest account only implements file sharing without passwords. A remote desktop user is a standard account user who has access to log on to the desktop remotely. This can be a user that is not an administrator.

Answer 16

Power user account Power users are available to support legacy applications. Historically, this group intended to have intermediate permissions between administrators and users. An administrator account is a local account with full access and privileges on a Windows system. The system disables the Guest user account by default. Microsoft ended support for using the Guest account to log in to Windows in a feature update. The Guest account can only implement file sharing without passwords. A Microsoft account gets managed via an online portal (account.microsoft.com) and identified by an email address. Configuring access to a device by a Microsoft account creates a profile associated with a local account.

Answer 17

-File-level encryption -Folder-level encryption The Encrypting File System (EFS) feature of the New Technology File System (NTFS) supports file-level encryption. However, EFS is not available in the Home edition of Windows. The EFS feature of NTFS also supports folder-level encryption. First, open the file's or folder's property sheet and select the Advanced button to apply encryption. Next, check the Encrypt contents box, then confirm the dialogs. The Windows BitLocker provides full disk encryption and is available with all editions of Windows except for the Home edition. BitLocker To Go encrypts removable drives like a USB thumb drive. Like BitLocker, both prevent attackers from reading data from stolen hard drive disks (HDDs) or thumb drives.

Answer 18

PIN Username and password Using a username and password is a standard, single-factor authentication method used for almost all office workstations. However, this method alone is not enough to provide adequate physical security. A personal identification number (PIN) is what employees use with a smart card to unlock user certificates that will provide access to a workstation. Facial recognition requires a scanning device that can scan all face attributes to properly authenticate users to a service or system. Organizations do not typically use facial recognition in conjunction with a smart card. Fingerprint requires a scanning device to scan a person's finger. Organizations do not typically use fingerprint scanning in conjunction with a smart card.

Answer 19

Port filtering

Answer 20

Use their Microsoft account. A Microsoft account is managed via an online portal (account.microsoft.com) and identified by an email address. Configuring access to a device by a Microsoft account creates a profile associated with a local account. The system disables the Guest user account by default. Microsoft ended support for using the Guest account to log in to Windows in a feature update. The Guest account can only implement file sharing without passwords. An administrator account has too much access and privilege. Regular users should never use administrator accounts to do non-administrative tasks. Power users are available to support legacy applications. Historically, this group intended to have intermediate permissions between administrators and users.

Answer 21

-Disable autoplay. -Disable autorun. Legacy systems automatically run programs from disks, which could increase risks to malware. As a result, manufacturers recommend that an administrator disable any autorun feature from the device. Newer systems use an autoplay feature, which prompts the user in the next steps. The software engineer should disable autoplay to safeguard the machine against accidental infection. A guest account allows unauthenticated access to the computer and may provide some sort of network access. From a security perspective, the software engineer should monitor systems and networks to ensure guest services are disabled. In account management, an administrator should restrict user accounts where only authorized systems and repositories can be accessed.

Answer 22

DHCP reservation A Dynamic Host Configuration Protocol (DHCP) reservation allows a device on the DHCP server to be assigned to the same IP address each time it connects to the host. Some internet access packages assign static IPs or an option to pay for one. A static address can be auto-configured as a DHCP reservation. A manual configuration follows the service provider’s instructions to configure the correct address on the router’s WAN interface. Universal Plug-and-Play (UPnP) provides a framework in which networking protocols allow networked devices to discover the network and establish services. A screened subnet is where some hosts get placed in a separate network segment with a different IP subnet address range than the rest of the local area network (LAN).

Answer 23

Content Filtering Content filtering means that the firewall downloads curated reputation databases that associate IP address ranges, fully-qualified domain names (FQDNs), and URL web addresses, with sites that host various content categories and those associated with malware, spam, or other threats. Internet protocol (IP) filtering protects networks by allowing users to control what traffic to permit in and out of the networks. Universal Plug-and-Play (UPnP) provides a framework in which networking protocols allow networked devices to discover the network and establish services. Port forwarding means that the router takes a request from an internet host for a particular service and sends the request to a designated host on the LAN.

Answer 24

Changing a channel Changing channels allows the access point to change bands to find the least congested channel for transmission. A Wi-Fi analyzer can identify which channel has the least congestion. Firmware updates keep router firmware and drivers up to date with the latest patches. The updates allow the user to fix security holes and support the latest security standards. The idea of a screened subnet is that some hosts get placed in a separate network segment with a different IP subnet address range than the rest of the LAN. The encryption or security option allows the user to set the authentication mode. The user should set the highest standard supported by the client devices that need to connect.

Answer 25

It orients users to the correct network. The service set ID (SSID) is a simple, case-sensitive name for users to identify the wireless local area network (WLAN). The engineer should change the SSID to something that users will recognize and not confuse with nearby networks. Most home routers automatically configure and enable a guest wireless network without a passphrase requirement. Disabling guest access mitigates the risk of unauthorized access. Disabling unused ports is a router hardening technique where the engineer disables unused open ports for protective purposes. If the system needs a port-forwarding exception, the engineer should disable it once it is no longer needed. Disabling broadcast of the SSID prevents any stations not manually configured to connect to the name the engineer specifies from seeing the network.

Answer 26

Ad blocker Ad blockers use more sophisticated techniques to prevent displaying anything that does not seem to be part of the site’s main content or functionality. Pop-up blockers prevent a website from creating dialogs or additional windows. Unfortunately, some websites often use the pop-up technique to show fake antivirus and security warnings or other malicious and nuisance advertising. Private/incognito browsing mode disables the caching features of the browser, so no cookies, browsing history, form fields, passwords, or temp files will get stored when the session closes. Aside from the issue of websites tracking users, there are privacy concerns about the data a browser might store on the device. The clearing browsing data function removes cached data that deletes it from the browsing history.

Answer 27

-Can the installer of the vendor be verified? -Is the vendor of the program/application reputable? -From where is the program installed? As the browser is a security-critical type of software, it is particularly important to use a trusted source, such as an app store. Likewise, if installed as a desktop application, the user should ensure using a reputable vendor. If the trusted source installs a program/application as a desktop application, the user should take care to use a reputable vendor. The integrity of the installer should be verified, either by checking the vendor’s code-signing certificate or by manually comparing the hash file published by the developer with one computed for the download file. Password managers can suggest a strong password at each new account sign-up or credential reset and autofill this value when the user needs to authenticate to the site.

Answer 28

-It involves the use of a source that cannot be verified. Using a browser from an untrusted source, which cannot verify the installer through a digital signature or hash, is a security risk. As the browser is a security-critical type of software, it is particularly important to use a trusted source, such as an app store. Likewise, if installed as a desktop application, the user should ensure using a reputable vendor. A hash is a short representation of data. A hashing function takes any amount of data as input and produces a fixed-length value as output. Password managers can suggest a strong password at each new account sign-up or credential reset and autofill this value when the user needs to authenticate to the site.

Answer 29

-It takes any amount of data and produces a fixed-length value. A hash is a short representation of data. A hashing function takes any amount of data as input and produces a fixed-length value as output. Password managers can suggest a strong password at each new account sign-up or credential reset and autofill this value when the user needs to authenticate to the site. As the browser is a security-critical type of software, it is particularly important to use a trusted source, such as an app store. Likewise, if installed as a desktop application, the user should ensure using a reputable vendor. A security risk is using a browser from an untrusted source, which cannot verify the installer through a digital signature or hash.

Answer 30

It prevents displaying anything not part of the site's main content. Ad blockers use more sophisticated techniques to prevent displaying anything that does not seem to be part of the site’s main content or functionality. Pop-up blockers prevent a website from creating dialogs or additional windows. Unfortunately, some websites often use the pop-up technique to show fake antivirus and security warnings or other malicious and nuisance advertising. Private/incognito browsing mode disables the caching features of the browser, so no cookies, browsing history, form fields, passwords, or temp files will get stored when the session closes. Aside from the issue of websites tracking users, there are privacy concerns about the data a browser might store on the device. The clearing browsing data function removes cached data that deletes it from the browsing history.

Answer 31

Rebuild a Windows profile Operating systems allow users to rebuild a profile by taking uncorrupted data and adding it to the functional profile. Restoring a device allows users to regain data by reverting it to a previously saved point. However, not all data updates may be available in the previous profile. Reimaging a device allows a user to move one profile to another machine or allow the computer to set organizational standards, like specific tools and applications applied to the profile. In some instances, having newly installed drivers with bugs or drivers that are not fully tested results in computer issues. Rolling back an updated driver allows the user to regain access to a useable profile and continue work until the driver is repaired or replaced.

Answer 32

SFC The System File Checker (SFC) utility tool uses a manual interface to verify system files and restore stored files from a cache deemed corrupt or damaged. Time drift occurs when the battery on the motherboard becomes weak. This can lead to sync issues with operating systems and other programs. Windows repair is accomplished by testing, fixing, reinstalling, and restoring files from a previous instance to get the program/application in a workable state. An architect should review program/application minimum CPU requirements to ensure that the selected device will meet the computing needs of the software and alleviate performance issues. Maxing out the computer capabilities, also known as stretching, will lead to performance issues.

Answer 33

-Check for misconfigurations. -Check for overheating. -Verify the problem. The first step in troubleshooting performance issues is to check for overheating. Overheating causes the CPU and other components not to function correctly, causing performance issues with the machine. The second step is to check for misconfigurations. A machine built with non-compatible parts will lead to performance issues. The third step in troubleshooting for performance issues is to verify the problem. A computer has computing, storage, and networking functions, of which any of these three can cause performance issues. Checking the real-time clock (RTC) battery is not a troubleshooting step for performance issues but rather an issue tied to time drift.

Answer 34

-bootrec/fixmbr If the system firmware reports the disk's presence but Windows still will not boot in a no OS found situation, use a startup repair tool to open a recovery mode command prompt. bootrec/fixmbr attempts repair of the MBR. If the disk uses GUID partition table (GPT) partitioning, do not use this option. Enter bootrec/fixboot to attempt repair of the boot sector. Enter bootrec/rebuildbcd to add missing Windows installations to the boot configuration database (BCD). NTUSER.DAT is a registry system that manages user profiles and is prone to corruption. Rebuilding a local user profile means creating a new account and then copying files from the old, corrupt profile to the new one, excluding the NTUSER.DAT file.

Answer 35

No OS found A "no OS found" type message can appear when a disk drive is identified as the boot device but does not report the location of the OS loader. Time drift can occur when a motherboard battery runs low and causes the clients and servers to fall out of sync with one another. Low memory warnings can occur when a device is attempting to run several programs at one given time. A recommendation to mitigate low memory concerns is to close unused programs. A USB controller resource warning indicates that too many devices connect to a single controller. This typically occurs if an unpowered USB hub expands the number of device peripherals.

Answer 36

Restart services. Upon installing or updating certain software onto a computing/mobile device, the user must restart the device to complete the update. This is known as restarting services. Rebooting occurs when a computing/mobile device intentionally or unintentionally restarts itself, which means that the device restarts and completes a full cycle of the operating system. Adding resources allows users to enhance their computing experience and work by increasing memory, storage capability (whether physical or virtual), or computing power. Instances occur when a device does not have a properly installed application, resulting in the corrupted file not allowing the application to work. As a result, this may require a user to reinstall the application for it to work.

Answer 37

Reimage the device. Reimaging is when a technician installs a new operating system on a device and reloads all factory-installed software onto the machine. Rolling back updates allows a user to revert to a previously working driver. This is needed when new drivers have flaws that keep the driver from working correctly. Rebuilding a Windows profile includes creating a new account and then copying files from the old corrupted profile to the new one. Restoring a device to a previous state allows the user to go to the last saved point of uncorrupted files, returning the device to a working station.

Answer 38

bootrec/fixboot If the system firmware reports the disk's presence but Windows still will not boot in a no OS found situation, use a startup repair tool to open a recovery mode command prompt. Enter bootrec/fixboot to attempt repair of the boot sector. bootrec/fixmbr attempts repair of the master boot record (MBR). If the disk uses GUID partition table (GPT) partitioning, do not use this option. Rebuilding a local user profile means creating a new account and then copying files from the old, corrupt profile to the new one, excluding the NTUSER.DAT file, which manages user profiles and is prone to corruption. Enter bootrec/rebuildbcd to add missing Windows installations to the boot configuration database (BCD).

Answer 39

Restore the computer. Restoring a computer to a previous state allows the user to undo recent changes to programs or applications. Restoring can also be set to return the computer to its factory settings, which removes all files not associated with the initial installation of the operating system. Reimaging is when a technician installs a new operating system on a device and reloads all factory-installed software onto the machine. Reboot is a term used when a computer has intentionally or unintentionally restarted and cycles through the entire operating system loading process. After certain programs/applications are installed/updated, a restart service is required. The program/application will boot and perform the desired tasks upon restart.

Answer 40

bootrec/fixmbr If the system firmware reports the disk's presence but Windows still will not boot in a no OS found situation, use a startup repair tool to open a recovery mode command prompt. bootrec/fixmbr attempts repair of the MBR. If the disk uses GUID partition table (GPT) partitioning, do not use this option. Enter bootrec/fixboot to attempt repair of the boot sector. Enter bootrec/rebuildbcd to add missing Windows installations to the boot configuration database (BCD). NTUSER.DAT is a registry system that manages user profiles and is prone to corruption. Rebuilding a local user profile means creating a new account and then copying files from the old, corrupt profile to the new one, excluding the NTUSER.DAT file.

Answer 41

Time drift Time drift occurs when the battery on the motherboard becomes weak. This can lead to sync issues with operating systems and other programs. Windows repair is accomplished by testing, fixing, reinstalling, and restoring files from a previous instance to get the program/application in a workable state. Requirement verification assists a user in selecting programs/applications that will successfully operate on the desired device. Extended use or stretching will result in performance issues when using programs or applications that exceed the system requirements. A system file checker is a utility tool that provides a manual interface for verifying system files and restoring files if found to be damaged or corrupted.

Answer 42

It displays a Windows STOP error. A blue screen of death (BSoD) displays a Windows STOP error. A STOP error causes Windows to stop working. STOP errors can occur when Windows is loading or running in an environment. Sluggish performance occurs when the computer appears to run slower than expected. Sluggish performance can result from too many windows open at one time or several applications running in the background at the same time. Boot problems can occur when a corrupted file keeps the operating system from loading correctly. Frequent shutdowns can occur because of instability within the operating system or application. This instability will cause freezes, shutdowns, reboots, or power off the device without any error message.

Answer 43

The user attempts to open one web page but is directed to another one Redirection is where the user tries to open one page but gets sent to another. Often this may imitate the target page. A certificate warning occurs when a user is browsing a website that may contain potential risks. While visiting a website, a small padlock next to the website address will demonstrate if the site is trusted or untrusted. Desktop alerts alert the user for various reasons. While many desktop alerts are legitimate, there are several instances in which a bad actor will manipulate users to download infected software/packets. Unwanted notifications are those alerted messages that appear on a device's display without the user's approval or desire.

Answer 44

Certificate warnings Desktop alerts A certificate warning occurs when a user is browsing a website that may contain potential risks. Desktop alerts alert the user for various reasons. While many desktop alerts are legitimate, there are several instances in which a bad actor will manipulate users to download infected software/packets. One method of sending out nefarious malware is through a push notification. Symptoms of security issues in the file system include altered system files or personal files with date stamps and file sizes different from known-good versions. An additional symptom of security issues in the file system includes renaming or deleting files.

Answer 45

The file names of saved work changed. Symptoms of security issues in the file system include files being renamed or deleted. Unwanted notifications are alerted messages that appear on a device's display without the user's approval or their desire. An operating system (OS) update failure is a serious issue as this update failure could leave the device exposed to unpatched vulnerabilities. A certificate warning occurs when a user is browsing a website that may contain potential risks. While visiting a website, a small padlock next to the website address will demonstrate if the site is trusted or untrusted.

Answer 46

-The devices files have been renamed. -The device has altered system files. Symptoms of security issues in the file system include altered system files or personal files with date stamps and file sizes different from known-good versions. An additional symptom of security issues in the file system is missing or renamed files. When the computer is slow or "behaving oddly," one of the things that a technician should suspect is that malware has infected the device. A symptom can include the host being unable to access the network or internet. Desktop alerts alert the user for various reasons. While many desktop alerts are legitimate, there are several instances in which a bad actor will manipulate users to download infected software/packets.

Answer 47

-It is self-signed or issued by a CA that is not trusted. -It has expired or is listed as revoked. -The FQDN requested by the browser is different from the subject name listed. There are many causes of certificate warnings. One common cause is the certificate is self-signed or issued by a certificate authority (CA) that is not trusted. Another common cause is the fully qualified domain name (FQDN) requested by the browser is different from the subject name listed in the certificate. Another common cause includes a certificate that is expired or listed as revoked. Each of these warnings could indicate either a misconfigured site or that some malware on the computer is attempting to redirect the browser to a spoofed page. Symptoms of security issues in the file system include missing or renamed files.

Answer 48

The host cannot access the network or the network is slow. When the computer is slow or "behaving oddly," one of the things that the technician should suspect is malware infection. One performance symptom associated with malware is that the host cannot access the network, or internet access or network performance is slow. Another marker for malware infection is the changes to system files and file permissions. Symptoms of security issues in the file system include missing or renamed files. Another symptom of security issues is the existence of altered system files. A third symptom associated with security issues is that there are modified permissions for the files.

Answer 49

Adware Redirection is where the user tries to open one page but gets sent to another. Often this may imitate the target page. This is just a blunt means of driving traffic through a site in adware. Redirection is where the user tries to open one page but gets sent to another. Often this may imitate the target page. Spyware may exploit it to capture authentication details. Advertisements are not affiliated with desktop alerts and occur, in most instances, without the user's desire to view them. Nefarious actors can use pop-up advertisements as a method to victimize users. A certificate warning occurs when a user is browsing a website that may contain potential risks.

Answer 50

The device is unable to access the network. When the computer is slow or "behaving oddly," one of the things that the engineer should suspect is that malware has infected the device. A symptom can include the host being unable to access the network or internet. Symptoms of security issues in the file system include altered system files or personal files with date stamps and file sizes different from known-good versions. An additional symptom of security issues in the file system is missing or renamed files. A desktop alert is a notification that alerts the user for various reasons, such as receipt of an email or message or a reminder for a meeting or task requirement.

Answer 51

Frequent pop-ups Frequent pop-ups occur when multiple advertisements or announcements appear on a computing device not initiated by the user's request. A desktop alert is a notification sent to the user suggesting an immediate response. In some instances, a malicious actor will send push notifications to gain a victim. A certificate warning occurs when a user is browsing a website that may contain potential risks. Nefarious actors can use a false alert through an antivirus warning to create a ruse where the victim completes the action of the warning prompt and compromises their device.

Answer 52

Desktop alert A desktop alert is a message transmitted to the user. In nefarious instances, a malicious actor develops a ruse by sending a push notification requesting immediate action, or something negative will transpire. This can use fear and an immediate reaction to clicking the link versus confirming an issue exists. Nefarious actors can use a false alert through an antivirus warning to create a ruse where the victim completes the action of the warning prompt and compromises their device. Unwanted notifications are alerted messages that appear on a device's display without the user's approval or desire. A certificate warning occurs when a user is browsing a website that may contain potential risks.

Answer 53

-Software install and upgrade -Push notification Desktop alerts alert the user for various reasons. While many are legitimate, there are several instances in which a bad actor will manipulate users to download infected software/packets. One method of sending out nefarious malware is through a push notification. A second desktop alert that can victimize a user is a message declaring an immediate download is needed, or the system will shut down/fail. A third desktop alert that can contain malicious code is a message wanting the user to download and install software provided by the attached link. Advertisements are not affiliated with desktop alerts and occur, in most instances, without the user's desire to view them. Nefarious actors can use pop-up advertisements as a method to victimize users.

Answer 54

The files of data have been modified by name or are missing When the computer is slow or "behaving oddly," one of the things that the engineer should suspect is malware infection. One performance symptom associated with malware is that the host cannot access the network, or internet access or network performance is slow. One marker for malware infection is a change to system files or file permissions. Symptoms of security issues in the file system include identifying that altered system files are present. Another system issue in file systems is finding modified permissions for files. A third system issue with file system symptoms includes finding renamed filenames or completely missing files.

Answer 55

OS update failure One of the key indicators of malware infection is that security-related applications, such as antivirus, firewall, and Windows Update, stop working. Additionally, operating system (OS) updates may fail, leaving the device in a compromised status. A certificate warning occurs when a user is browsing a website that may contain potential risks. When the computer is slow or "behaving oddly," one of the things that a technician should suspect is that malware has infected the device. A symptom can include the host being unable to access the network or internet. A desktop alert is a notification sent to the user suggesting an immediate response. In some instances, a malicious actor will send push notifications to gain a victim.

Answer 56

It is a notification advising immediate action. A desktop alert is a message transmitted to the user. In nefarious instances, a malicious actor develops a ruse by sending a push notification requesting immediate action, or something negative will transpire. This can use fear and an immediate reaction to clicking the link versus confirming an issue exists. Nefarious actors can use a false alert through an antivirus warning to create a ruse where the victim completes the action of the warning prompt and compromises their device. Unwanted notifications are alerted messages that appear on a device's display without the user's approval or desire. A certificate warning occurs when a user is browsing a website that may contain potential risks.

Answer 57

-Verify DNS configuration. -Re-enable software firewalls. -Create a fresh restore point or system image. As the sixth step, enabling system restore and creating a new Windows restore point should occur after completing scans to ensure malware removal. One part of this step includes the creation of a fresh restore point of a system image. An additional matter to consider when re-enabling and creating restore points is to ensure that the technician re-enables the software firewalls. A third measure to consider when re-enabling and creating new restore points is to verify the domain name system (DNS) configuration to ensure that the device does not get reinfected. Securing the use of software browsers and email clients is not part of the sixth step, as that falls under the seventh step.

Answer 58

-Antivirus software -Anti-malware software The main tool to use to remediate an infected system will be antivirus software. While there were differences in the past, the terms antivirus and anti-malware are synonymous. Almost every antivirus product protects against a broad range of viruses, worms, file-less malware, Trojan, rootkit, ransomware, spyware, and cryptominer threats. Upon identifying the infected system, the technician should move it to a physically or logically secure segment or sandbox. The second sub-step within step 5 of the best practice procedure created by CompTIA for malware removal involves using scanning and removal techniques.

Answer 59

-Move the infected system to a sandbox. -Disconnect the network link -Scan attached removable media devices for malware. Putting a host in quarantine means that it cannot communicate on the main network. A threat actor might use backdoor malware to attempt to access other systems. One of the first actions should be to disconnect the network link. A second concern tied to quarantining the infected system is to ensure the malware impacted no connected devices therefore, it is important to scan removable media. Upon identifying the infected system, quarantine protocol recommends moving the infected system to a physically/logically secure sandbox. The fifth step in the CompTIA best practice procedure for malware removal is to schedule scans and run updates.

Answer 60

Update the anti-malware software. Step four of the CompTIA best practice procedure for malware removal includes two sub-steps; the first sub-step offers that a technician updates the anti-malware software. The second step in CompTIA's best practices procedure for malware removal is to quarantine infected symptoms, which means that the host will be in an area where it cannot communicate with the main network. Before remediating infected systems, the third step in CompTIA's procedure for removing malware is the disabled system restore in Windows. The fourth step of the CompTIA best practice procedure for malware removal includes two sub-steps; the second sub-step includes scanning and removal techniques.

Answer 61

Disconnect the network link. Putting a host in quarantine means that it cannot communicate on the main network. A threat actor might use backdoor malware to attempt to access other systems. One of the first actions should be to disconnect the network link. Step four of the CompTIA best practice procedure for malware removal includes two sub-steps; the first sub-step offers that the technician updates the anti-malware software. A second concern tied to quarantining the infected system is to ensure the malware impacted no connected devices therefore, it is important to scan removable media. Upon identifying the infected system, quarantine protocol recommends moving the infected system to a physically/logically secure sandbox.

Answer 62

Delete old system restore points and backup copies. Upon disabling restore points, the safest option is to delete old system restore points and backup copies as they may have malware. The fifth step in the CompTIA best practice procedure for malware removal is to schedule scans and run updates. Step four of the CompTIA best practice procedure for malware removal includes two sub-steps; the first sub-step offers that the technician updates the anti-malware software. The fourth step of the CompTIA best practice procedure for malware removal includes two sub-steps; the second sub-step includes using scanning and removal techniques.

Answer 63

Quarantine infected systems The second sub-step within Step 5 of the best practice procedure created by CompTIA for malware removal involves scanning and removal techniques. The fifth step in the CompTIA best practice procedure for malware removal is to schedule scans and run updates. The second step in CompTIA's best practices procedure for malware removal is to quarantine infected symptoms, which means that the host will be in an area where it cannot communicate with the main network. Step four of the CompTIA best practice procedure for malware removal includes two sub-steps; the first sub-step offers that a technician updates the anti-malware software.

Answer 64

Fourth step Step four of the CompTIA best practice procedure for malware removal includes two sub-steps; the first sub-step offers that the analyst updates the anti-malware software. The third step in CompTIA's best practices procedure for malware removal is to disable system restore in Windows, which will mitigate the risk of the malware spreading to other devices. The fifth step in the CompTIA best practice procedure for malware removal is to schedule scans and run updates. The final step, step 7, in the CompTIA best practice procedure for malware removal is to educate the end-user. Conducting additional training will strengthen the employee's knowledge base and mitigate future occurrences with malware.

Answer 65

Update the anti-malware software. Step four of the CompTIA best practice procedure for malware removal includes two sub-steps; the first sub-step offers that a technician updates the anti-malware software. The second step in CompTIA's best practices procedure for malware removal is to quarantine infected symptoms, which means that the host will be in an area where it cannot communicate with the main network. Before remediating infected systems, the third step in CompTIA's procedure for removing malware is the disabled system restore in Windows. The fourth step of the CompTIA best practice procedure for malware removal includes two sub-steps; the second sub-step includes scanning and removal techniques.

Answer 66

Check that the user is not touching any part of the screen as this will prevent rotation. The second step in troubleshooting the issues with auto-rotation of screen displays is to check that the user is not touching any screen part to prevent rotation. The first step is to use the notification drawer or Control Center to check that the rotation lock is not enabled. Making sure that the user charged the battery is not used for troubleshooting auto-rotation issues with mobile devices but more for troubleshooting signals and reboot issues. The third step is to consider that users can only use some apps in a single orientation.

Answer 67

Battery Issues Battery life issues can directly impact operating systems and connectivity as it produces less power than what is required of the machine, programs, or/and signal. Connectivity issues, such as near-field communication (NFC) transactions, do not impact the operating system, cause the device to reboot, or slow the device from working correctly. Bluetooth linkage is also a connectivity matter and does not impact the operating system, cause device reboots, or slow down the computer processing speed. Wi-Fi connections allow devices to connect to the internet but do not impact the operating system, cause random reboots, or impact the operating system.

Answer 68

-The device is overheating. -The device has a low battery charge. -The device has a faulty battery or other hardware. A device can randomly reboot if it overheats. Devices will shut down if a device gets too hot to reduce the risk of component swelling or the device will shut down if it catches on fire. A device can also reboot randomly if a low-charged battery is powering the device. Certain applications and programs require a lot of computing power, and a low-charged battery could disrupt the program from booting. A device can also randomly reboot if it uses a faulty battery or other hardware malfunction. An application fails to close or crashes when there are attempts to end the application's session, and the device does not close the program.

Answer 69

-It occurs when the system does not accept the latest version/patch. If an app fails to update, check that it is compatible with the current OS version. Also, verify that there is sufficient storage space and an internet connection. A device that is slow to respond can indicate resources being inadequate (too many open apps) or badly written apps that overutilize memory or other resources. An application fails to launch when the user presses an icon on the screen of the mobile device or attempts to run the executable file associated with an installed application, and the device does not open. An application fails to close or crashes when attempting to end the application session, and the device does not close the program.

Answer 70

-It occurs when paired devices are not in range. Bluetooth issues occur when the paired devices are not in range of one another to create a communication link. Similar to Bluetooth issues, Wi-Fi issues occur when the device cannot connect to the router for internet access. A near-field communication (NFC) issue typically manifests when making payments via a contactless card reader. The user must unlock the device to authorize the payment and enable NFC. AirDrop issues occur when a file transfer between iOS and macOS devices is not permitted because the recipient is not on the contact list or the AirDrop lacks the configuration to send/receive files from everyone.

Answer 71

Bluetooth Bluetooth issues occur when the paired devices are not in range of one another to create a communication link. Similar to Bluetooth issues, Wi-Fi issues occur when the device cannot connect to the router for internet access. A near-field communication (NFC) issue typically manifests when making payments via a contactless card reader. The user must unlock the device to authorize the payment and enable NFC. AirDrop issues occur when a file transfer between iOS and macOS devices is not permitted because the recipient is not on the contact list or the AirDrop lacks the configuration to send/receive files from everyone.

Answer 72

Fails to close. An application fails to close or crashes when attempting to end the application session, and the device does not close the program. An application fails to launch when the user presses an icon on the screen of the mobile device or attempts to run the executable file associated with an installed application, and the device does not open. If an app fails to update, check that it is compatible with the current OS version. Also, verify that there is sufficient storage space and an internet connection. A device that is slow to respond can indicate resources being inadequate (too many open apps) or badly written apps that overutilize memory or other resources.

Answer 73

It occurs when a device cannot make payments through a contactless card reader. A near-field communication (NFC) issue typically manifests when making payments via a contactless card reader. The user must unlock the device to authorize the payment and enable NFC. AirDrop issues occur when a file transfer between iOS and macOS devices is not permitted because the recipient is not on the contact list or the AirDrop configuration does not permit sending/receiving files from everyone. Similar to Bluetooth issues, Wi-Fi issues occur when the device cannot connect to the router for internet access. Bluetooth issues occur when the paired devices are not in range of one another to create a communication link.

Answer 74

Developer mode Developer mode makes advanced configuration settings and diagnostic/log data available. It should not necessarily weaken the security configuration, but it should be used only for actual app development work and not enabled routinely. Android devices allow applications to be downloaded and installed from untrusted external third-party sources using the Android package (.apk) format. A malicious app will typically spoof a legitimate app by using a similar name and using fake reviews and automated downloads to boost its apparent popularity. The term "jailbreaking" or "root access" has become popular for exploits that enabled users to obtain root privileges, sideload apps, change or add carriers, and customize the interface.

Answer 75

-Fake security warnings -High number of ads A nefarious actor uses fake security warnings through scareware to persuade users to install an app or give a Trojan app additional permissions. Malware is likely to collect data in the background or perform processing such as cryptomining. This might cause excessive power drain and high resource utilization and cause other apps to perform sluggishly. Free apps are all supported by advertising revenue, so a high level of ads is not necessarily a sign of an actively malicious app. Still, if ads are unexpected or displayed in the browser without authorization, this might indicate some tracking or spyware activity. Regarding malware concerns, unexpected application behavior might manifest as requests for permissions or the use of camera/microphone devices.

Answer 76

-Websites should be set for immediate notification. -Linked devices to the data should be quarantined. -Two-step verification should be monitored. If there is a personal or corporate data leak, each device that could have been a source for the files must be quarantined and investigated as a possible source of the breach. Users should also be alert to two-step verification notifications, especially when new devices have attempted to access an account or there are unexpected password changes. Whenever a website or service suffers a data breach and leaks personal files/data, it should notify users immediately. Excessive bandwidth is important to monitor as a malicious actor may have taken over a system; however, this is a concern that falls with high network traffic and not leaked data.

Answer 77

Data-usage limit notifications Data-usage limit notifications can signify that malware is causing excessive power drain and high resource utilization and cause other apps to perform slowly. A nefarious actor uses fake security warnings through scareware to persuade users to install an app or give a Trojan app additional permissions. Regarding malware concerns, unexpected application behavior might manifest as requests for permissions or the use of camera/microphone devices. Excessive bandwidth is important to monitor as a malicious actor may have taken over a system; however, this is a concern that falls with high network traffic and not leaked data.

Answer 78

-It makes advanced configuration settings and log data available -It should be used only for application development. -It can be purposely misused to install bootleg applications. Developer mode makes advanced configuration settings and diagnostic/log data available. Developer mode should not necessarily weaken the security configuration, but equally, it should be used only for actual app development work and not enabled routinely. Users can purposefully misuse developer mode to install bootleg apps. Technicians can typically configure mobile-device management to block devices that have developer mode enabled. The term "jailbreaking" or "root access" has become popular and is used for exploits that enable the user to obtain root privileges, sideload apps, change or add carriers, and customize the interface.

Answer 79

Malware may be corrupting the domain name system. Malware is likely to corrupt the DNS or search provider to perform redirection attacks and force users to spoofed sites, causing limited connectivity to legitimate sites. Malware is likely to collect data in the background or perform processing such as cryptomining. This might cause excessive power drain and high resource utilization and cause other apps to perform sluggishly. Scareware uses fake security warnings to persuade users to install apps or give a Trojan app additional permissions. Free apps are all supported by advertising revenue, so a high level of ads is not necessarily a sign of an actively malicious app. Still, if ads are unexpected or displayed in the browser without authorization, this might indicate some tracking or spyware activity.

Answer 80

RFID Tag A radio frequency identification (RFID) tag is a chip programmed with asset data. When in range of a scanner, the chip powers up and signals that scanner. The scanner alerts the management software of the device’s current location. A technician can affix a barcode to a hardware asset to make inventories easier for an organization. Each barcode pattern represents a unique instance of a hardware type. An inventory list is a list of all tangible and intangible assets and resources an organization has. This can include but is not limited to hardware, software, office furniture, etc. A diagram shows how assets are used in combination to deliver a service. A network topology diagram shows how assets are linked as nodes.

Answer 81

The affected user The affected user is the primary source for gathering an initial description of the device's problem. The device inventory record tracks all devices on hand, commonly by service tag or asset ID. This is not a part of the ticketing system, but they can link it to the system. An asset ID is a unique tag assigned to a device to identify it in an inventory database. The system log contains information about events that affect the core OS. These include service load failures, hardware conflicts, driver load failures, network issues, and so on.

Answer 82

-New-user setup checklist -End-user termination checklist A new-user setup checklist is a list generated by a company that will walk a new user through all of the required onboarding steps for that company or role. Typical tasks include identification/enrollment with secure credentials, allocation of devices, and allocation of permissions/assignments to security groups. An end-user termination checklist is an offboarding checklist for an employee that is changing positions, retiring, or is being terminated. An inventory list is a list of all tangible and intangible assets and resources an organization has. This can include but is not limited to hardware, software, office furniture, etc. Intellectual property (IP) assets are intangible assets that an organization controls. This can include copyrights, trademarks, and any sensitive information that could harm the company if lost or stolen.

Answer 83

Categories Categories group related tickets together. This helps support agents to assign related tickets to the relevant support team. Within a ticketing system, a user may be allowed to select the primary category that their issue relates to. Still, the agent will ensure the user selects the correct category and subcategory. The user supplies a description of the issue. The agent might ask clarifying questions to ensure an accurate initial description. An incident report is a more in-depth look at the problem for critical and major incidents. Incident severity is a category used to prioritize or escalate tickets with higher levels of severity.

Answer 84

Deployment The deployment phase of the procurement life cycle is when a technician implements a controlled procedure to install software or hardware assets in a secure configuration. Change management procedures approve a request for a new or upgraded asset, taking account of impacts to business, operations, networks, and existing devices. The procurement phase in the asset procurement life cycle is the process of determining the available budget and identifying a trusted vendor or supplier. The technician implements the maintenance phase of the procurement life cycle to monitor and support the use of an asset.

Answer 85

TCP Port 443 Web browsers use Port 443 to create an HTTPS (secured) connection to a remote server. This is the protocol that many third-party applications use to establish secure screen-sharing connections. Secure Shell (SSH) uses TCP Port 22 by default. If unable to connect, check the firewall and ensure that this port is allowed for inbound and outbound traffic. The telnet protocol uses Port 23. Telnet provides access to a variety of systems and servers. It commonly uses this for remote maintenance of routers and other networking devices. Web browsers use Port 80 to create an HTTP (unsecured) connection to a remote server.

Answer 86

TCP Port 22 Secure Shell (SSH) uses TCP Port 22 by default. If unable to connect, check the firewall and ensure that this port is allowed for inbound and outbound traffic. Telnet protocol uses Port 23. Telnet provides access to a variety of systems and servers. They commonly use it for remote maintenance of routers and other networking devices. Web browsers use TCP/UDP Port 80 to create an HTTP (unsecured) connection to a remote server. Web browsers use Port 443 to create an HTTPS (secured) connection to a remote server.

Answer 87

Microsoft Remote Assistance (MSRA) Microsoft Remote assistance (MSRA) allows a user to ask for help from a technician or co-worker by an invitation file protected by a passcode. The helper opens the invitation file to connect to the remote system. A virtual private network allows users to connect to an office computer or network remotely and securely. A VPN is also commonly used to allow for anonymous web browsing on the internet. Windows uses the Remote Desktop Protocol (RDP) to implement terminal server and client functionality. Secure Shell (SSH) connects to a command interpreter rather than a desktop window manager using encryption to protect the session.