Dion Training CompTIA A+ (220-1102) Core 2 Practice Exam - Results Flashcards
Which of the following commands is used on a Linux system to copy a file from one directory to another directory?
Explanation
OBJ 1.11 - The cp command is a command-line utility for copying files and directories. It supports moving one or more files or folders with options for taking backups and preserving attributes. Copies of files are independent of the original file, unlike the mv command.
The mv command
is a command-line utility that moves files or directories from one place to another. The mv command supports moving single files, multiple files, and directories. The mv command can prompt before overwriting files and will only move files that are newer than the destination. When the mv command is used, the file is copied to the new directory and removed from the old directory.
The rm command
is a command-line utility for removing files or directories. To remove a file, pass the name of a file or files to the rm command, and those files will be removed immediately from the file system.
The ls command
lists the files or directories in the current path of a Unix, Linux, or Mac operating system. When invoked without any arguments, ls lists the files in the current working directory.
You are troubleshooting a network connectivity issue and need to determine the packet’s flow path from your system to the remote server. Which of the following tools would best help you identify the path between the two systems?
Explanation
OBJ 1.2 - The tracert (trace route) diagnostic utility determines the route to a destination by sending Internet Control Message Protocol (ICMP) echo packets to the destination. In these packets, tracert uses varying IP Time-To-Live (TTL) values. When the TTL on a packet reaches zero (0), the router sends an ICMP “Time Exceeded” message back to the source computer. The ICMP “Time Exceeded” messages that intermediate routers send back show the route.
The ipconfig tool
displays all current TCP/IP network configuration values on a given system.
The netstat tool
is a command-line network utility that displays network connections for Transmission Control Protocol, routing tables, and some network interface and network protocol statistics on a single system.
The nbtstat command
is a diagnostic tool for NetBIOS over TCP/IP used to troubleshoot NetBIOS name resolution problems.
What is the native file system format used by Windows 10 during installation?
Explanation
OBJ 1.8 - The New Technology File System (NTFS) is a proprietary file system developed exclusively for Windows. It provides a 64-bit addressing scheme, allowing for large volumes and file sizes. In theory, the maximum volume size is 16 Exabytes. Still, NTFS’s actual implementations are limited to between 137 GB and 256 Terabytes, depending on the version of Windows and the allocation unit size. It is the default file system used by Windows. NTFS’s only significant drawback is that it is not fully supported by operating systems other than Windows. macOS can read NTFS drives but cannot write to them. Linux distributions and utilities may be able to support NTFS to some degree.
The extensible file allocation table (exFAT)
is a file system optimized for external flash memory storage devices such as USB flash drives and SD cards. exFAT supports a maximum volume size of up to 128 PB with a recommended maximum volume size of 512 TB for the best reliability.
The file allocation table 32-bit (FAT32)
is the 32-bit file system supported by Windows, macOS, and Linux computers. FAT32 can support maximum volume sizes of up to 2 TB and maximum file sizes of up to 4 GB.
The Apple file system (APFS)
is the default file system for Mac computers using macOS 10.13 or later and features strong encryption, space sharing, snapshots, fast directory sizing, and improved file system fundamentals.
Josie in Human Resources was just issued a new laptop by Dion Training. When she plugs the laptop into the network’s wall jack and turns it on, she receives an error message. She calls the service desk to report that the error message being displayed states, “There is an IP address conflict with another system on the network.” You are working as a field service technician and have been asked to resolve this error. What should you do?
Explanation
OBJ 1.6 - This is a common error when two network devices are assigned the same IP address on a network. This occurs most commonly when static IP addresses are used, so the easiest way to avoid this issue is to use DHCP to assign the IP addresses on the network.
Forcing the user to use wireless over wired
may solve the issue temporarily, but this is more of a workaround than a true solution to the error.
randomly choose a new IP and statically assign it to the laptop
It would be best if you didnÕt randomly choose a new IP and statically assign it to the laptop since this will lead to more future conflicts.
remove the desktop computer’s static IP configuration
You shouldnÕt remove the desktop computer’s static IP configuration if the error you received is on the laptop.
You recently moved 1.5 TB of data from your office’s file server to a new 16 TB NAS and decommissioned the old file server. You verified all users had been given the same permissions to the new file shares on the NAS as they had on the old server. The users are receiving an error stating, “Windows cannot access \server10\shared" every time they click the Share drive icon on their desktop. What is MOST likely the source of this error?
Explanation
OBJ 1.6 - Based on the error shown, it appears that the users are still mapped to the old server and not the new NAS. This is a common issue and oversight that occurs when companies migrate from one server to another. Even if every computer has an S:\ (share drive) shown, it is just a link to a network resource (like \server10\shared). If the new server is not named “server10” and is called “server11”, then the mapping needs to be redone to reflect \server11\shared, for example.
Which of the following Windows 10 system utilities would be used to test the functionality of the DirectX subsystem for video and sound-related problems?
Explanation
OBJ 1.3 - The DxDiag (DirectX diagnostic) utility is used to collect info about devices to help troubleshoot problems with DirectX sound and video. It is a diagnostics tool used to test DirectX functionality and troubleshoot video-related or sound-related hardware problems. DirectX diagnostic can save text files with the scan results.
System information (msinfo32.exe)
is a utility that gathers information about your computer and displays a comprehensive list of hardware, system components, and the software environment that can be used to diagnose computer issues.
The event viewer (eventvwr)
shows a log of application and system messages, including errors, information messages, and warnings. It’s a useful tool for troubleshooting all kinds of different Windows problems. If you use the Event Viewer, you can identify what was occurring at or around 2:35 am each day before the server crashed and use this to troubleshoot the problem.
The task scheduler (taskschd)
is a tool included with Windows that allows predefined actions to be automatically executed whenever a certain set of conditions is met. For example, you can schedule a task to run a backup script every night or send you an email whenever a certain system event occurs.
Which command would a Linux user need to enter to change their password?
Explanation
OBJ 1.11 - The passwd command changes passwords for user accounts. A normal user may only change the password for their account, while the superuser may change the password for any user.
The chown command
is used to change the owner of the file, directory, or link in Linux.
The pwd command
displays the present working directory (current directory) path to the terminal or display. If you are working on a Linux system and are unsure of where you are in the directory structure, type “pwd” and hit enter to display the path to the screen.
The ps command
is used to list the currently running processes, and their PIDs and some other information depend on different options. It reads the process information from the virtual files in the /proc file system. The /proc directory contains virtual files and is known as a virtual file system.
Your company wants to ensure that users cannot access USB mass storage devices. You have conducted some research online and found that if you modify the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor key, it will prevent USB storage devices from being used. Which of the following tools should you use to modify this key?
Explanation
OBJ 1.3 - The registry editor (RegEdit) allows you to view and make changes to system files and programs that you wouldn’t be able to access otherwise. The registry is a database made up of hives and keys that control various settings on a Windows system. Incorrectly editing the Registry can permanently damage your computer, so it is important to be very careful when modifying the registry using RegEdit.
MSConfig
is a system utility to troubleshoot the Microsoft Windows startup processes MSConfig is used to disable or re-enable software, device drivers, and Windows services that run at startup, or to change boot parameters.
Remote desktop services (RDS)
is used to connect to a remote desktop session host servers or other remote computers, edit an existing remote desktop connection (.rdp) configuration file, and migrate legacy connection files that were created with the client connection manager to the newer .rdp connection file type.
The Microsoft management console (MMC)
is a utility that uses snap-ins for various Windows tools such as disk management, computer management, performance monitor, print management, and others to perform operations on a local or networked computer.
Which of the following should be configured on a macOS system to enable the Smart Zoom feature on a user’s MacBook trackpad?
Explanation
OBJ 1.10 - Apple introduced gestures as a simple way to control macOS from a Magic Trackpad or built-in trackpad of a MacBook. Gestures are finger movements on a trackpad or mouse that enable a user to scroll, zoom, and navigate the desktop, documents, and application content in macOS. Gestures include things like Smart Zoom, Rotate, Scroll Direction, and many others. To see what gestures are available on the Mac or change any of the settings, go to System Preferences, and then click Trackpad.
A company has had several virus infections over the past few months. The root cause was determined to be known vulnerabilities in the software applications in use by the company. What should an administrator implement to prevent future outbreaks?
Explanation
OBJ 1.11 - Since the viruses exploited known vulnerabilities, there should be patches available from the manufacturer/vendor. Patch management is the process of distributing and applying updates to the software to prevent vulnerabilities from being exploited by an attacker or malware. Proper patch management is a technical control that would prevent future outbreaks.
An acceptable use policy (AUP)
is a document stipulating constraints and practices that a user must agree to for access to a corporate network or the Internet. While some items in the AUP might help prevent a malware infection (such as not allowing users to download and run programs from the internet), it is considered an administrative control, and choosing a technical control like patch management would better protect the network.
An incident response team or emergency response team
is a group of people who prepare for and respond to any emergency incident, such as a natural disaster or an interruption of business operations. An incident response team will respond to the virus infections, but they would not prevent them from occurring.
Host-based intrusion detection systems (HIDS)
help organizations to identify threats inside the network perimeter by monitoring host devices for malicious activity that, if left undetected, could lead to serious breaches. A HIDS may detect the effects of a virus infection, such as a client becoming a zombie in a botnet, but it will not prevent these outbreaks from occurring.
Which type of installation would require an answer file to install the operating system?
Explanation
OBJ 1.9 - An unattended installation is a traditional method of deploying a Windows operating system in a large enterprise environment. Unattended installations use an answer file that contains user input to various GUI dialog boxes that would otherwise appear during the installation process. Unattended installation is the most practical way to install Windows when the client computers have different hardware components, and an image file cannot be used. Unattended installations save deployment time and can be used either for clean installs or in-place upgrades.
A clean install
is a means of installing the operating system to a new computer or completely replacing the operating system on an old computer. All existing user data or settings will be deleted during the setup process when a clean installation is conducted.
An in-place upgrade
is a means of installing an operating system on top of an existing version of the operating system. Applications, user settings, and data files are retained when conducting an in-place upgrade.
A repair
is used to check and replace any modified system files within the operating system.
What is the minimum amount of memory required to install Windows 10 (x64) on a device?
For the Windows 10 (64-bit) operating system, the minimum requirements are a 1 GHz processor and 2 GB of RAM.
For the Windows 10 (32-bit) operating system,
he minimum requirements are a 1 GHz processor and 1 GB of RAM.
For the Windows 11 (64-bit) operating system,
the minimum requirements are a dual-core 1 GHz processor and 4 GB of RAM.
Which of the following Windows 10 power options will turn off individual devices connected to a laptop to save energy?
Explanation
OBJ 1.4 - The USB selective suspend feature allows the hub driver to suspend an individual port without affecting the operation of the other ports on the hub. Selective suspension of USB devices is helpful when using a laptop computer as it helps to conserve battery power by powering off USB ports that are not needed at the time.
Hibernate mode
is used to save the current session to disk before powering off the computer to save battery life when the system is not being used. The computer takes longer to start up again from hibernate mode than it does from the sleep or standby mode.
Sleep or standby mode
is used to save the current session to memory and put the computer into a minimal power state to save battery life when the system is not being used. The computer takes less time to start up again from the sleep or standby mode than it does from the hibernate mode.
Fast startup
is a mode in between a full shutdown and a hibernation mode. With a fast startup, the computer will log out of the computer close all of its open files when being shut down. Before the system powers off, though, a small hibernation file is created to help speed up the bootup process when the computer is powered on again.
A technician at Dion Training wants to identify which version and build of Windows 10 is installed on a laptop. Which of the following commands should the technician enter at the command line?
Explanation
OBJ 1.2 - The winver command is a Windows command-line tool that is used to display the name, version, and build of the operating system on a workstation.
The gpresult command
is used to display the Resultant Set of Policy (RSoP) information for a remote user and computer. Because you can apply overlapping policy settings to any computer or user, the Group Policy feature generates a resulting set of policy settings when the user logs on. The gpresult command displays the resulting set of policy settings that were enforced on the computer for the specified user when the user logged on.
The pingpath command
is a Windows command-line tool that is used to locate spots that have network latency and network loss between a client and a destination. The advantages of PathPing over ping and traceroute are that each node is pinged as the result of a single command and that the behavior of nodes is studied over an extended period, rather than the default ping sample of four messages or default traceroute single route trace.
The net user command
allows system administrators to manage user accounts on Windows PCs. You can use the command to display account information or make changes to user accounts. It can be used, among other things, to enable the inactive administrator account of a Windows system.
Michael, a salesman, is on a business trip and is trying to access his corporate email over the hotel’s Wi-Fi network. Michael’s laptop appears to be connected to the hotel’s wireless network, but his email client cannot download any new messages and states, “Network Offline.” Michael contacts the help desk for assistance. What action should the help desk technician tell Michael to perform to solve this issue?
Explanation
OBJ 1.6 - Many hotels use a captive portal with a redirect page with their wireless networks. When users connect to the wireless network, they have to open a web browser and are then redirected to the hotel’s Acceptable Use Policy page. Until the user accepts the terms and conditions, none of their network traffic will be routed to the internet. If the redirect page is shown, Michael can then accept the terms and conditions, and his email client will be able to download his mail again.
Which of the following commands is used on a Linux system to edit a text file on a server?
Explanation
OBJ 1.11 - The vi (visual) utility is a popular screen-oriented text editor in Linux, Unix, and other Unix-like operating systems. When using vi, the terminal screen acts as a window into the editing buffer. Changes made to the editing buffer shall be reflected in the screen display, and the position of the cursor on the screen will indicate the position within the editing buffer.
The ps command
is used to list the currently running processes, and their PIDs and some other information depend on different options. It reads the process information from the virtual files in the /proc file system. The /proc directory contains virtual files and is known as a virtual file system.
The pwd command
displays the present working directory (current directory) path to the terminal or display. If you are working on a Linux system and are unsure of where you are in the directory structure, type “pwd” and hit enter to display the path to the screen.
The chown command
is used to change the owner of the file, directory, or link in Linux.
What is the minimum processor required to install Windows 10 (x86) on a device?
Explanation
OBJ 1.7 - For the Windows 10 (32-bit) operating system, the minimum requirements are a 1 GHz processor and 1 GB of RAM.
For the Windows 10 (64-bit) operating system,
the minimum requirements are a 1 GHz processor and 2 GB of RAM.
For the Windows 11 (64-bit) operating system,
the minimum requirements are a dual-core 1 GHz processor and 4 GB of RAM.
Which of the following allows users to save their current session to disk and before powering down their Windows 10 laptop?
Explanation
OBJ 1.4 - Hibernate mode is used to save the current session to disk before powering off the computer to save battery life when the system is not being used. The computer takes longer to start up again from hibernate mode than it does from the sleep or standby mode.
Sleep or standby mode
is used to save the current session to memory and put the computer into a minimal power state to save battery life when the system is not being used. The computer takes less time to start up again from the sleep or standby mode than it does from the hibernate mode.
Shutdown mode
completely powers off the computer and does not save the current user session to disk. Instead, the shutdown will close all open files and log out the user during the shutdown process.
A lock
will secure the desktop with a password while leaving programs running.
Which of the following Linux command-line options would shut down a Linux server 11 minutes from now?
Explanation
OBJ 1.11 - The command-line option of “shutdown +11” will shut down the server 11 minutes from now. The option of “shutdown 11:00” would shut down the server at 11:00 am. The option of “shutdown now” would immediately shut down the server. The option of “shutdown @11” is not a valid use of the shutdown command. The shutdown command brings the system down in a secure way. When the shutdown is initiated, all logged-in users and processes are notified that the system is going down, and no further logins are allowed. You can shut down your system immediately or at the specified time.
You are working as a service desk analyst. This morning, you have received multiple calls from users reporting that they cannot access websites from their work computers. You decide to troubleshoot the issue by opening up your command prompt on your Windows machine and running a program to determine where the network connectivity outage is occurring. This tool tests the end-to-end connection and reports on each hop found in the connection. Which tool should you use to determine if the issue is on the intranet portion of your corporate network or if it is occurring due to a problem with your ISP?
Explanation
OBJ 1.2 - Tracert is a command-line utility used to trace an IP packet’s path as it moves from its source to its destination. Tracert performs a series of ICMP echo requests to determine which device in the connection path is not responding appropriately. This will help to identify if the connectivity issue lies within your intranet or is a problem with the ISP’s connection.
While using ping will
tell you if the remote website is reachable or not, it will not tell you where the connection is broken. The ping tool is used to test an end-to-end connection, but it will not provide any data on the hops found in the connection.
The nslookup tool
is used to troubleshoot DNS issues.
The netstat tool
is used to display network statistics and active connections.
Dion Consulting Group has been hired by a small real estate office to build its network. The office has 4 computers running Windows 10 Professional edition configured in a workgroup to access a shared file server. Which of the following types of network models is being used by this real estate office?
Explanation
OBJ 1.1 - A workgroup is a Microsoft peer-to-peer network model in which computers are connected together for access to shared resources for organizational purposes.
A domain is
a Microsoft client/server network model that groups computers together for security and to centralize administration. Domain members have access to a central user account database so that users can log on to any computer within the domain.
Hub-and-spoke and mesh
are networking models that are not used for workgroups or domains.
Which version of Windows 10 does not support BitLocker for full disk encryption?
Explanation
OBJ 1.1 - Windows 10 has support for BitLocker in every version except the Windows 10 Home edition. BitLocker provides support for full disk encryption using AES with a 128-bit or 256-bit key. BitLocker drive encryption is a data protection feature that integrates with the operating system and addresses the threats of data theft or exposure from lost, stolen, or inappropriately decommissioned computers.
Which version of Windows supports Virtual Desktops?
Explanation
OBJ 1.1 - Windows 10 added support for Virtual Desktops like those long seen on Linux and Mac OS X. These allow users without multi-monitor setups to create multiple virtual desktops that are handy for splitting usage between work and leisure work into projects, or whatever you require. Older versions of Windows, such as Windows 7, Windows 8, and Windows 8.1 do not support Virtual Desktops and are currently considered end-of-life operating systems.
Jason wants to configure his Windows 10 laptop to suspend individual USB ports when not in use. Which of the following Control Panel sections should he use to set the USB selective suspend feature?
Explanation
OBJ 1.4 - The USB selective suspend feature is located in the Power Options section of the Control Panel. The Power Options section of the Control Panel allows technicians to customize how a computer manages its power to either conserve energy at the expense of performance or to maximize performance at the expense of energy savings by creating a power plan. The USB selective suspend feature allows the hub driver to suspend an individual port without affecting the operation of the other ports on the hub. Selective suspension of USB devices is helpful when using a laptop computer as it helps to conserve battery power by powering off USB ports that are not needed at the time.
The File Explorer Options
section of the Control Panel allows technicians to customize the display of files and folders.
The Indexing Options is
used to configure the method used by Windows when searching for content within the storage devices. When indexing is properly configured, the system will catalog the information on the computer using the words within the files and their metadata to more easily find the content when requested by a user.
The Internet Options section of the Control Panel
allows a technician to manage the Internet settings for their computers, including the security settings, access settings, and add-on control settings.
Jason is building an inexpensive workstation for one of the employees at Dion Training. The workstation will utilize an Intel x86 processor. Which of the following editions of Windows will support installation on this workstation? (Choose all of the answers that apply)
Explanation
OBJ 1.1 - All editions of Windows 10 are available in either x86 (32-bit) or x64 (64-bit) versions. When using a 32-bit version of Windows 10, a maximum of 4 GB of RAM is supported. All editions of Windows 11 only support x64 (64-bit) processors due to the higher minimum memory requirements. All Windows 11 editions require a minimum of 4 GB of memory to operate.
A cybersecurity analyst is auditing your company’s network logs and identifies that a USB mass storage device was previously inserted into many of the company’s servers. The logs also showed dozens of failed login attempts before a successful login occurred on the servers. Which TWO of the following actions are recommended to eliminate the vulnerabilities identified by the cybersecurity analyst?
Explanation
OBJ 2.6 - Since the USB mass storage device was used to connect to the servers, it is recommended to modify the AutoRun settings. To prevent the password guessing attacks used, the servers should be configured to lock out any account after 3 failed login attempts. The other options are all considered good security practices, but they do not directly address the issues presented in this scenario.
Which of the following authentication protocols was developed by Cisco to provide authentication, authorization, and accounting services?
Explanation
OBJ 2.2 - TACACS+ is an extension to TACACS (Terminal Access Controller Access Control System) and was developed as a proprietary protocol by Cisco.
The Remote Authentication Dial-In User Service (RADIUS) is
a networking protocol that operates on port 1812 and provides centralized Authentication, Authorization, and Accounting management for users who connect and use a network service, but Cisco did not develop it.
Kerberos is
a network authentication protocol designed to provide strong mutual authentication for client/server applications using secret-key cryptography developed by MIT.
Challenge-Handshake Authentication Protocol (CHAP) is
used to authenticate a user or network host to an authenticating entity. CHAP is an authentication protocol but does not provide authorization or accounting services.
You have just updated the graphics card’s driver to the latest version. After installation, the Windows workstation crashes and reports an error code. You attempt to reboot the workstation, but it fails again. You decide to reboot the workstation into Safe Mode. What should you do NEXT?
Explanation
OBJ 3.1 - Since the issue began once you installed the latest graphics driver, you should roll back the driver to the last stable version. This should resolve the issue and then allow you to reboot the system back to the normal Windows desktop. Every change should be accompanied by a rollback (or backout) plan so that the change can be reversed if it has harmful or unforeseen consequences. If you are experiencing problems with a device and you have recently updated the driver, Windows also provides a Roll Back Driver feature. A new driver may not work properly because it has not been fully tested or it may not work on your particular system. Driver rollback can recover a system speedily and easily where this has occurred. You can use Device Manager to revert to the previous driver. Right-click the device and select Properties. Click the Driver tab then click the Roll Back Driver button.
A user calls the service desk and states that their workstation has a virus. The user states that they were browsing their favorite website when the antivirus displayed a full-screen message stating, “1532 file infected on this computer - Click to remove infected files NOW!” The user states that when they click the button, a message from the company’s content filter states it is blocked, and they need your assistance to remove the infected files. Which of the following has MOST likely occurred?
Explanation
OBJ 3.2 - Rogue antivirus is a particularly popular way to disguise a Trojan. In the early versions of this attack, a website would display a pop-up disguised as a normal Windows dialog box with a fake security alert, warning the user that viruses have been detected. As browsers and security software have moved to block this vector, cold calling vulnerable users claiming to represent Microsoft support has become a popular attack.
An administrator arrives at work and is told that network users are unable to access the shared drive on a Windows server. The administrator logs into the server and sees that some Windows Updates were automatically installed last night successfully, but now the network connection shows ÒlimitedÓ with no availability. What rollback action should the technician perform?
Explanation
OBJ 3.1 - When automatically receiving updates through the Windows Update service, your server can receive driver updates for its network interface card (NIC), graphics cards, and other peripherals. This can accidentally install an incompatible driver that causes network connectivity issues to occur. A best practice is to always set driver updates to “manual” so that you can download and test them in a lab before upgrading your production servers. If your drivers were updated and this is causing the connectivity issue, you can perform a driver rollback to the last known working version of the drivers. An IP address is bound to a network interface card using DHCP and there is no such thing as a “rollback” for a server’s IP address. The error of “limited” connectivity is associated with the network interface card and the network connection, not the antivirus or the web browser.
Tamera and her husband are driving to the beach for the weekend. While her husband drives, she is using her iPhone to browse Facebook. Her phone shows only 1 bar of 3G signal in the current location. She can make and receive calls, but Facebook is refusing to load her news feed. Which of the following is MOST likely the problem?
Explanation
OBJ 3.4 - To make and receive a call using a smartphone, you need at least one bar of signal. A phone call requires much less signal than using cellular data. As the signal strength decreases, so does the data speed. Depending on the frequency and type of signal being used, you may see speeds under 100 Kbps with one bar. This is too slow to load a Facebook news feed adequately.
A corporate user has called the enterprise service desk because they believe their computer has become infected with malware. When you arrive at their desktop to troubleshoot the issue, you notice it was powered down. You press the power button, the system loads without any issues. When you open Google Chrome, you notice that multiple pop-ups appear almost immediately. Which of the following actions should you take NEXT?
Explanation
OBJ 3.3 - This is a tricky question because many technicians might try to fix the issue by clearing the browser or reinstalling/reimaging the machine. If this were a home user’s machine, this would be an appropriate response, but you should follow the company’s procedures since this is a corporate workstation. Most companies require any machines suspected of malware infection to be scanned/analyzed by the cybersecurity department before remediating or reimaging them. Therefore, the best thing to do is to remediate the system. This also follows the malware removal process since the technician just investigated and verified the malware symptoms. The seven steps of the malware removal procedures are (1) Investigate and verify malware symptoms, (2) Quarantine the infected systems, (3) Disable System Restore in Windows, (4) Remediate the infected systems, update anti-malware software, scan the system, and use removal techniques (e.g., safe mode, pre-installation environment), (5) Schedule scans and run updates, (6) Enable System Restore and create a restore point in Windows, and (7) Educate the end user.
You have just run an anti-virus scan on a workstation, discovered about 25 different malicious items, and successfully removed them. You have scheduled a daily scan of the workstation, enabled the System Restore function, and created a new restore point. What is the NEXT step in the malware removal process?
Explanation
OBJ 3.3 - The seven steps of the malware removal procedures are (1) Investigate and verify malware symptoms, (2) Quarantine the infected systems, (3) Disable System Restore in Windows, (4) Remediate the infected systems, update anti-malware software, scan the system, and use removal techniques (e.g., safe mode, pre-installation environment), (5) Schedule scans and run updates, (6) Enable System Restore and create a restore point in Windows, and (7) Educate the end user.
An employee was recently moved from the Human Resources department into the Sales department. Which of the following should you check to ensure they no longer have access to the employee data stored in the Human Resource department share drives?
Explanation
OBJ 3.2 - A security group is a collection of user accounts that can be assigned permissions in the same way as a single user object. Security groups are used when assigning permissions and rights, as it is more efficient to assign permissions to a group than to assign them individually to each user. You can assign permissions to a user simply by adding the user to the appropriate group. In most corporate environments, security groups control access to share drives, mailing lists, and other network resources.
A user cannot change their iPad display from landscape to portrait when they are on the home screen. Which of the following is MOST likely the reason for this issue?
Explanation
OBJ 3.4 - If the iPad will not change from landscape to portrait mode, it is likely that the autorotate feature has been disabled by the user accidentally. To enable autorotation, the user needs to swipe down from the top right corner of the screen to open their Control Center. Then, they need to tap the lock and arrow icon to turn off the rotation lock to enable autorotation.
A user contacts the service desk, stating their account is locked out, and they are unable to login to their local workstation. Which of the following log files should you review to determine the source of the lockout on the local workstation?
The security log contains information regarding audit data and security on a system. For example, the security log contains a list of every successful and failed login attempt. The file (security.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer.
The application log
contains information regarding application errors. The file (application.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer.