Core 2 Flashcards
A technician suspects a rootkit has been installed and needs to be removed. Which of the following would BEST resolve the issue?
A. Application updates
B. Anti-malware software
C. OS reinstallation
D. File restore
C. OS reinstallation
A rootkit embeds itself in the….wait for it…..root of the OS and it very likely to be undetected as the Antimalware runs after it has done its business. It takes control of the MBR/GPT so wahatever scans you run, isn’t going to find it. ALWAYS the answer to rootkits is OS reinstalltion…ALWAYS.
A technician is setting up a SOHO wireless router. The router is about ten years old. The customer would like the most secure wireless network possible. Which of the following should the technician configure?
A. WPA2 with TKIP
B. WPA2 with AES
C. WPA3 with AES-256
D. WPA3 with AES-128
B. WPA2 with AES
WPA2 with AES/TKIP encryption was introduced to the market in 2004. compare to AES and TKIP , AES is more secure. on the other side, WPA3 was officially introduced to the market in June 2018 which is not 10 years old yet. so correct answer is (B) WPA2 with AES
When a user calls in to report an issue, a technician submits a ticket on the user’s behalf. Which of the following practices should the technician use to make sure the ticket is associated with the correct user?
A. Have the user provide a callback phone number to be added to the ticket.
B. Assign the ticket to the department’s power user.
C. Register the ticket with a unique user identifier.
D. Provide the user with a unique ticket number that can be referenced on subsequent calls.
C. Register the ticket with a unique user identifier.
Giving the user a ticket number, while helpful to them, would do nothing to correctly associate that ticket with the user in the system. The answer should be C, as it will actually associate the ticket in a formal way.
A technician is working with a company to determine the best way to transfer sensitive personal information between offices when conducting business. The company currently uses USB drives and is resistant to change. The company’s compliance officer states that all media at rest must be encrypted. Which of the following would be the BEST way to secure the current workflow?
A. Deploy a secondary hard drive with encryption on the appropriate workstation.
B. Configure a hardened SFTP portal for file transfers between file servers.
C. Require files to be individually password protected with unique passwords.
D. Enable BitLocker To Go with a password that meets corporate requirements.
D. Enable BitLocker To Go with a password that meets corporate requirements.
BitLocker To Go is a Microsoft Windows feature that allows encryption of removable storage devices such as USB drives. By enabling BitLocker To Go and setting a password that meets corporate requirements.
A technician needs to recommend the best backup method that will mitigate ransomware attacks. Only a few files are regularly modified; however, storage space is a concern. Which of the following backup methods would BEST address these concerns?
A. Full
B. Differential
C. Off-site
D. Grandfather-father-son
B. Differential
This method only backs up the files that have changed since the last full backup. Since only a few files are modified regularly, this saves storage space compared to a full backup, while still allowing for quick recovery if files are lost or compromised.
Why Not the Other Options?
A. Full: Backs up everything each time, using a lot of storage.
C. Off-site: Refers to where backups are stored, not the backup method itself.
D. Grandfather-father-son: A backup rotation scheme but not efficient for storage space and ransomware protection.
A customer reported that a home PC with Windows 10 installed in the default configuration is having issues loading applications after a reboot occurred in the middle of the night. Which of the following is the FIRST step in troubleshooting?
A. Install alternate open-source software in place of the applications with issues.
B. Run both CPU and memory tests to ensure that all hardware functionality is normal.
C. Check for any installed patches and roll them back one at a time until the issue is resolved.
D. Reformat the hard drive, and then reinstall the newest Windows 10 release and all applications.
B. Run both CPU and memory tests to ensure that all hardware functionality is normal.
Explanation:
Running Hardware Tests: Starting with hardware diagnostics is a good practice to rule out any underlying hardware issues that might be causing application loading problems. This can help identify if the issue is due to faulty memory or CPU problems before moving on to software-related troubleshooting.
Why Not the Other Options?
A. Install alternate open-source software: This does not address the root cause of the issue and could complicate troubleshooting further.
C. Check for any installed patches and roll them back: While this is a valid troubleshooting step, it should come after confirming that hardware components are functioning correctly. Rolling back patches can also be time-consuming if the issue is hardware-related.
D. Reformat the hard drive and reinstall Windows: This is a last-resort measure and should not be the first step. It requires a lot of time and effort and should only be done after other troubleshooting steps have failed.
A user’s mobile phone has become sluggish. A systems administrator discovered several malicious applications on the device and reset the phone. The administrator installed MDM software. Which of the following should the administrator do to help secure the device against this threat in the future? (Choose two.)
A. Prevent a device root.
B. Disable biometric authentication.
C. Require a PIN on the unlock screen.
D. Enable developer mode.
E. Block a third-party application installation.
F. Prevent GPS spoofing.
A & E
A technician has spent hours trying to resolve a computer issue for the company’s Chief Executive Officer (CEO). The CEO needs the device returned as soon as possible. Which of the following step should the technician take NEXT?
A. Continue researching the issue.
B. Repeat the iterative processes.
C. Inform the CEO the repair will take a couple of weeks.
D. Escalate the ticket.
D. Escalate the ticket.
Which of the following must be maintained throughout the forensic evidence life cycle when dealing with a piece of evidence?
A. Acceptable use
B. Chain of custody
C. Security policy
D. Information management
B. Chain of custody
A technician is configuring a SOHO device. Company policy dictates that static IP addresses cannot be used. The company wants the server to maintain the same
IP address at all times. Which of the following should the technician use?
A. DHCP reservation
B. Port forwarding
C. DNS A record
D. NAT
A. DHCP Reservation
This allows the router to assign the same IP address to a specific device every time it connects to the network. It achieves this by reserving an IP address for the device’s MAC address, ensuring that even though the device is using DHCP (Dynamic Host Configuration Protocol), it always gets the same IP address without needing to configure a static IP manually.
Why Not the Other Options?
B. Port forwarding: This is used to forward traffic from a specific port on the router to a device on the network, not to assign or maintain an IP address.
C. DNS A record: This is used to map a domain name to an IP address, not to ensure that a device gets the same IP address on the network.
D. NAT (Network Address Translation): NAT translates private IP addresses to a public IP for outgoing internet traffic, but it doesn’t help with assigning or reserving an IP address on the internal network.
A technician found that an employee is mining cryptocurrency on a work desktop. The company has decided that this action violates its guidelines. Which of the following should be updated to reflect this new requirement?
A. MDM
B. EULA
C. IRP
D. AUP
D. AUP = Acceptable Use Policy
An organization is centralizing support functions and requires the ability to support a remote user’s desktop. Which of the following technologies will allow a technician to see the issue along with the user?
A. RDP
B. VNC
C. SSH
D. VPN
B. VNC (Virtual Network Computing)
VNC allows a technician to remotely view and control a user’s desktop, enabling them to see exactly what the user sees and assist them in real-time. This is ideal for remote desktop support where the technician needs to observe and interact with the user’s desktop environment.
Why Not the Other Options?
A. RDP (Remote Desktop Protocol): While RDP allows remote access to a desktop, it typically logs the user out and takes control of the desktop, which prevents the user and technician from viewing the issue together at the same time.
C. SSH (Secure Shell): SSH is used to securely access the command line of remote systems, primarily for server management, not for viewing and interacting with graphical desktops.
D. VPN (Virtual Private Network): A VPN provides secure network access to remote users but does not allow desktop sharing or viewing. It is a method to secure the connection but doesn’t directly enable desktop support.
A user is unable to log in to the domain with a desktop PC, but a laptop PC is working properly on the same network. A technician logs in to the desktop PC with a local account but is unable to browse to the secure intranet site to get troubleshooting tools. Which of the following is the MOST likely cause of the issue?
A. Time drift
B. Dual in-line memory module failure
C. Application crash
D. Filesystem errors
A. Time drift
Time Drift: If the time on the desktop PC is significantly out of sync with the domain controller, it can prevent domain logins and access to network resources such as secure intranet sites. Many authentication protocols, like Kerberos, require that the system time on devices be synchronized with the domain controller. A large time difference can result in failed authentication.
Why Not the Other Options?
B. Dual in-line memory module failure (RAM failure): While a memory failure could cause performance issues or crashes, it wouldn’t specifically cause the inability to log in to the domain or access network resources.
C. Application crash: An application crash would typically affect the functionality of a specific application, but it would not prevent domain login or network access.
D. Filesystem errors: Filesystem errors might cause issues with accessing or saving local files, but they are unlikely to prevent domain login or access to network resources, unless critical system files are affected, which would usually present other symptoms.
A user rotates a cell phone horizontally to read emails, but the display remains vertical, even though the settings indicate autorotate is on. Which of the following will MOST likely resolve the issue?
A. Recalibrating the magnetometer
B. Recalibrating the compass
C. Recalibrating the digitizer
D. Recalibrating the accelerometer
D. Recalibrating the accelerometer
Accelerometer: The accelerometer is the sensor in a smartphone that detects the device’s orientation. It measures changes in motion and orientation, allowing the phone to switch between portrait and landscape modes when the device is rotated. If the accelerometer is not functioning properly or needs recalibration, the phone may not detect changes in orientation, even if autorotate is enabled.
Why Not the Other Options?
A. Recalibrating the magnetometer: The magnetometer is used to detect magnetic fields, often in navigation and compass apps. It is not involved in detecting screen orientation changes.
B. Recalibrating the compass: The compass (which uses the magnetometer) helps with direction but does not control the display orientation.
C. Recalibrating the digitizer: The digitizer is responsible for detecting touch input, not for controlling the display orientation.
A Microsoft Windows PC needs to be set up for a user at a large corporation. The user will need access to the corporate domain to access email and shared drives. Which of the following versions of Windows would a technician MOST likely deploy for the user?
A. Windows Enterprise Edition
B. Windows Professional Edition
C. Windows Server Standard Edition
D. Windows Home Edition
A. Windows Enterprise Edition
This version is specifically designed for large organizations and includes all the features of the Professional Edition, plus additional enterprise-grade security, management, and deployment tools. These features are especially important in large corporate environments where centralized control, advanced security, and management capabilities are critical.
Why Not the Other Options?
B. Windows Professional Edition: While Professional Edition supports joining a domain and is suitable for smaller businesses or individual use, large corporations typically use Enterprise Edition for better control over many devices and for features like advanced threat protection and Windows To Go.
C. Windows Server Standard Edition: This is a server operating system, not intended for end-user machines.
D. Windows Home Edition: Home Edition lacks support for joining a corporate domain or using features like group policies, making it unsuitable for business use in a large corporation.
While browsing a website, a staff member received a message that the website could not be trusted. Shortly afterward, several other colleagues reported the same issue across numerous other websites. Remote users who were not connected to corporate resources did not have any issues. Which of the following is
MOST likely the cause of this issue?
A. A bad antivirus signature update was installed.
B. A router was misconfigured and was blocking traffic.
C. An upstream internet service provider was flapping.
D. The time or date was not in sync with the website.
D. The time or date was not in sync with the website.
Time/Date Sync Issues: Many websites use SSL/TLS certificates to establish trust and secure connections. If the time or date on a computer is incorrect, the browser might not be able to verify the validity of these certificates, causing a warning that the website “cannot be trusted.” This is a common cause of such warnings across multiple websites. Since remote users not connected to corporate resources didn’t experience the issue, it suggests a centralized problem, such as a network time server misconfiguration affecting corporate devices.
Why Not the Other Options?
A. A bad antivirus signature update was installed: This would more likely cause issues related to malware detection or false positives, but it wouldn’t typically affect SSL/TLS certificate validation across multiple websites.
B. A router was misconfigured and was blocking traffic: A misconfigured router might block traffic, but it wouldn’t typically cause trust issues with websites. Blocked traffic usually results in timeouts or connection errors, not certificate warnings.
C. An upstream internet service provider was flapping: While ISP issues can cause intermittent connectivity problems, they wouldn’t cause SSL certificate errors related to trust.
A systems administrator is tasked with configuring desktop systems to use a new proxy server that the organization has added to provide content filtering. Which of the following Windows utilities is the BEST choice for accessing the necessary configuration to complete this goal?
A. Security and Maintenance
B. Network and Sharing Center
C. Windows Defender Firewall
D. Internet Options
D. Internet Options
Internet Options: This utility in Windows provides settings for configuring how the system connects to the internet, including proxy server settings. You can configure proxy settings under the Connections tab by selecting LAN settings. This is where you would input the new proxy server details to ensure that all web traffic from the desktop systems is routed through the proxy for content filtering.
Why Not the Other Options?
A. Security and Maintenance: This utility provides an overview of security settings, but it is not used for configuring proxy servers.
B. Network and Sharing Center: This is used to configure network adapters, view network status, and manage basic network settings, but it does not provide access to proxy server settings.
C. Windows Defender Firewall: The firewall controls traffic to and from the computer based on security rules, but it does not handle proxy configurations for web traffic.
An analyst needs GUI access to server software running on a macOS server. Which of the following options provides the BEST way for the analyst to access the macOS server from the Windows workstation?
A. RDP through RD Gateway
B. Apple Remote Desktop
C. SSH access with SSH keys
D. VNC with username and password
D. VNC with username and password
VNC (Virtual Network Computing): macOS includes built-in support for VNC through the “Screen Sharing” feature. By enabling this on the macOS server, the analyst can connect from a Windows workstation using a VNC client, providing GUI access to the macOS system. This is a cross-platform solution that works well for remote desktop access between different operating systems.
Why Not the Other Options?
A. RDP through RD Gateway: RDP (Remote Desktop Protocol) is primarily used for remote access to Windows systems. macOS does not natively support RDP, so this would not be the most straightforward or best method for accessing a macOS server.
B. Apple Remote Desktop: While Apple Remote Desktop is a powerful tool for managing macOS devices, it is specific to macOS and would require the analyst to use a macOS device. It is not natively supported on Windows, and additional configuration or third-party software would be required to use it from a Windows workstation.
C. SSH access with SSH keys: SSH (Secure Shell) is used for command-line access, not for GUI access. While SSH is ideal for managing servers through the terminal, it does not provide a graphical interface without complex configurations like X11 forwarding.
After returning from vacation, a user is unable to connect to the network at the corporate office. Windows allows the user to log in; however, no internal or external websites are accessible when running a browser. The user’s expected network shares are unreachable, and all websites attempted return the message, Hmm, we can't reach this page. Which of the following is the MOST likely cause of this issue?
A. The user’s password expired while on vacation.
B. The user clicked on a malicious email.
C. The user connected to a captive portal while traveling.
D. The user enabled airplane mode.
C. The user connected to a captive portal while traveling.
Captive Portals: Captive portals are often used in public networks (such as those in hotels or airports) and require users to log in or accept terms before granting full internet access. If the user connected to a captive portal while traveling, it’s possible that their device retained some network settings from the portal. This could prevent the system from properly connecting to the corporate network upon return, leading to an inability to access websites or internal network resources.
Why Not the Other Options?
A. The user’s password expired while on vacation: If the user’s password had expired, they would likely not be able to log in to Windows at all. Since they can log in, it suggests the issue is network-related rather than an account problem.
B. The user clicked on a malicious email: While clicking on a malicious email can cause issues, the symptoms described (especially the specific browser message “Hmm, we can’t reach this page”) are more indicative of a network connectivity issue, not a malware infection.
D. The user enabled airplane mode: If the user had enabled airplane mode, they would not be able to connect to the network at all, and Windows likely wouldn’t allow them to log in to the domain if no connection is available.
A suite of security applications was installed a few days ago on a user’s home computer. The user reports that the computer has been running slowly since the installation. The user notices the hard drive activity light is constantly solid. Which of the following should be checked FIRST?
A. Services in Control Panel to check for overutilization
B. Performance Monitor to check for resource utilization
C. System File Checker to check for modified Windows files
D. Event Viewer to identify errors
B. Performance Monitor to check for resource utilization
A field technician applied a Group Policy setting to all the workstations in the network. This setting forced the workstations to use a specific SNTP server. Users are unable to log in now. Which of the following is the MOST likely cause of this issue?
A. The SNTP server is offline.
B. A user changed the time zone on a local machine.
C. The Group Policy setting has disrupted domain authentication on the system.
D. The workstations and the authentication server have a system clock difference.
D. The workstations and the authentication server have a system clock difference.
Time synchronization is critical for many network services, including domain authentication (especially if the network uses Kerberos for authentication, which is time-sensitive). If the workstations’ clocks are not synchronized with the domain controller or authentication server due to an issue with the newly applied SNTP (Simple Network Time Protocol) settings, it can result in login failures. Even small time differences can prevent successful authentication.
Why Not the Other Options?
A. The SNTP server is offline: While this could potentially cause a time synchronization issue, the most direct cause of the login problem would be the clock difference between the workstations and the authentication server.
B. A user changed the time zone on a local machine: This might affect one machine but would not cause login issues across all workstations.
C. The Group Policy setting has disrupted domain authentication on the system: The disruption is likely not directly due to the Group Policy setting itself, but rather the result of time desynchronization caused by the change in the SNTP settings.
A technician receives a call from a user who is on vacation. The user provides the necessary credentials and asks the technician to log in to the user’s account and read a critical email that the user has been expecting. The technician refuses because this is a violation of the:
A. acceptable use policy.
B. regulatory compliance requirements.
C. non-disclosure agreement.
D. incident response procedures.
A. Acceptable Use Policy (AUP).
This policy governs how employees are allowed to use company resources, including user accounts, emails, and IT systems. Logging into another user’s account, even with permission, is typically a violation of this policy because it can compromise security, privacy, and the integrity of the company’s systems. Technicians are required to follow the AUP to ensure that they do not engage in behavior that could lead to unauthorized access or data breaches.
Why Not the Other Options?
B. Regulatory compliance requirements: While this situation could potentially violate certain compliance rules, such as those related to data protection (depending on the industry), the primary issue here is related to internal policy rather than regulatory compliance.
C. Non-disclosure agreement: An NDA typically covers confidentiality regarding company information but does not specifically address the issue of logging into another employee’s account.
D. Incident response procedures: These procedures outline steps to take in response to a security incident or breach. This scenario does not describe an active security incident but rather a violation of normal use policies.
A network administrator is deploying a client certificate to be used for Wi-Fi access for all devices in an organization. The certificate will be used in conjunction with the user’s existing username and password. Which of the following BEST describes the security benefits realized after this deployment?
A. Multifactor authentication will be forced for Wi-Fi.
B. All Wi-Fi traffic will be encrypted in transit.
C. Eavesdropping attempts will be prevented.
D. Rogue access points will not connect.
A. Multifactor authentication will be forced for Wi-Fi.
By requiring both a username/password and a client certificate, the network is now utilizing two factors of authentication (something the user knows and something the user has). This adds an additional layer of security beyond just a username and password, significantly improving protection against unauthorized access.
Why Not the Other Options?
B. All Wi-Fi traffic will be encrypted in transit: While encryption is important, this benefit is typically realized through Wi-Fi encryption protocols like WPA2 or WPA3, not directly from the use of a client certificate.
C. Eavesdropping attempts will be prevented: While client certificates contribute to secure authentication, they do not specifically prevent eavesdropping, which is more related to the encryption of data in transit (handled by WPA2/WPA3 protocols).
D. Rogue access points will not connect: While client certificates add security, they do not directly prevent rogue access points from existing or trying to connect to the network. This is usually handled through other security measures like network monitoring and rogue AP detection tools.
A user in a corporate office reports the inability to connect to any network drives. No other users have reported this issue. Which of the following is the MOST likely reason the user is having this issue?
A. The user is not connected to the VPN.
B. The file server is offline.
C. A low battery is preventing the connection.
D. The log-in script failed.
D. The log-in script failed.
Log-in scripts are often used in corporate environments to automatically map network drives when users log in. If the log-in script fails to run properly, the user may not have access to network drives, even though they are connected to the network and other resources.
Why Not the Other Options?
A. The user is not connected to the VPN: While VPN connections are sometimes necessary for remote access to network resources, if the user is in a corporate office (as mentioned), they are likely directly connected to the local network, so VPN is not required.
B. The file server is offline: If the file server were offline, other users would also be experiencing the same issue. Since no other users have reported the problem, this is less likely to be the cause.
C. A low battery is preventing the connection: A low battery may cause performance issues on a laptop, but it wouldn’t specifically prevent access to network drives while the device is still operational.
