Jason Dion - CompTIA A+ 1002 Exam Prep #1 Flashcards

Question 1

Q

You are concerned that your services could be damaged during a power failure or under-voltage event. Which Two Devices would protect against these conditions?

Surge Suppressor
Battery Backup
Grounding the Server Rack
Line Conditioner

Answer

A

Battery Backup
Line Conditioner

Explanation:
Line Conditioner - Protects equipment from Power Surges, helps to correct voltage and waveform distortions, and removes external electrical noise (IE: Frequency, Electromagnetic Interference) caused by devices such as radios and motors.

Battery Backup - Like a UPS (Uninterruptable Power Supply), have protections against Sags or Brownouts and will keep a System running for a limited amount of time, enough time to properly save your work and power down.

Question 2

Q

Whenever you reboot your domain controller, you notice it takes a very long time to boot up. As the server is booting, you hear noises that sound like a steady series of clicks coming from the hard drive. Which of the following is the BEST action to help speed up the boot time of the Server?

Perform a Disk Cleanup
Terminate Processes in the Task Manager
Remove unnecessary applications from Startup
Defragment the Hard Drive

Answer

A

Defragment the Hard Drive

Explanation:
Defragging is a simple process when file fragments are put together to speed up file access. File fragments are put together, and quality defragmentation utilities also assemble the free space into a single block to prevent future fragmentation. By defragmenting the hard drive, the server doesn’t have to spend as much time accessing the information, and it can boot up faster. Based on the Clicking Noises, it sounds like the system has to access many parts of the drive to load files.

My Explanation:
The question focuses alot on BOOT, and REBOOT language, so I thought it was “Remove unnecessary applications from Startup” so the System boots up and loads into Windows Faster. The key part of the question that I missed however is Clicking Noises. Clicking Noises to me indicates that the DRIVE is Failing, per A+ 1001. However; apparently there’s some aspects of Defragmenting that sort of Error Checks Drives and can potentially clear Clicking sounds from Drives. However, non A+ Exam advice, I’d still consider this a Drive that is failing and I’d back things up and be ready for a replacement.

Question 3

Q

Which of the following commands is used on a Linux System to delete all the files and directories in a Linux System’s filesystem?

rm -rf .
rm -rf /
rm /
rm .

Answer

A

rm -rf /

Explanation:
The “rm -rf /” command is the most dangerous command to issue in Linux. The rm -rf command is one of the fastest ways to delete a folder and its contents. But a little typo or ignorance may result in unrecoverable system damage.

The -r option means that the command will recursively delete the folder and its subfolders.

The -f option means that even read-only files wil be removed without asking the user.

The use of / indicates that the remove command should begin at the ROOT directory ( / ) and recursively force all files and folders to be deleted under the ROOT. This would delete everything on the System.

The . would only be deleting from the current working directory and then delete all files and folders further down the directory structure, not the entire file system.

Question 4

Q

Your companies share drive has several folders that have become encrypted by a piece of ransomware. During your investigation, you found that only the Sales Department folders were encrypted. You continue your investigation and find that a salesperson’s workstation was also encrypted. You suspect that this workstation was the original source of the infection. Since it was connected to the Sales department share drive as mapped S:\ drive, it was also encrypted. You have unplugged the network cable from this workstation. What Action should you perform NEXT to restore the company’s network to normal operation?

Schedule a Full Disk Anti-Malware Scan on the Workstation
Schedule Weekly Scans and Enable On-Access Scanning
Disable System Restore on the Workstation
Restore the Sales Department Folders from Backups

Answer

A

Restore the Sales Department Folders from Backups

Explanation: (My Take)
The KEY piece of the LONG question is “….to RESTORE the Company’s Network to Normal Operation”. From a Malware 7 Step process, I believe and answered it was Disable System Restore, to prevent the specific Workstation from creating a Restore point that has the Malware Infection on it as you Remediate and remove the Malware. But that’s not what the question was asking. From a Business Standpoint, you Quarantine the Source Workstation that contains the Malware - and they indicate they did, then you want to get the Business Network restore ASAP and back up and running. – THEN, go back to taking care of the infected workstation.

Question 5

Q

What is the Symbolic representation of the OCTAL Numeric Permission 644?

rw-r–r–
rw——-
rwx-r-xr-x
r–rw-rw-

Answer

A

rw-r–r–

Explanation:
r = 4
w = 2
x = 1

Knowing this, that means RW = 6, R = 4, and R = 4 over the 3 layers of Linux Permissions.

Question 6

Q

Dion Training’s offices are frequently experiencing brownouts and sags. Which of the Following Solutions would protect all of their workstations and servers from these under-voltage events?

Line Conditioner
Uninterruptible Power Supply
Diesel Generator
Surge Suppressor

Answer

A

Line Conditioner

Explanation:
Line Conditioners are used to protect an entire power circuit from Under-Voltage events and power sags. Line Conditioners raise a sag or under-voltage event back to Normal Levels, but it cannot protect the line from a Complete Power Failure or Power Outage. These are also known as Voltage Regulators and Power Distribution Units.

Because the question’s requirement must protect ALL of the Workstations, a Line Conditioner is the Best Option.

An uninterruptible power supply or UPS is an electrical apparatus that provides emergency power to a load when the input power source becomes too low or the main power fails. UPS provides near-instantaneous protection from input power interruptions by using a battery backup.

Question 7

Q

A user calls the service desk and states that their workstation has a virus. The user states that they were browsing their favorite website when the antivirus displayed a full-screen messaging stating, “1532 file infected on this computer - Click to remove infected files NOW!” The user states that when they click the button, a message from the company’s content filter states it is Blocked, and they need your assistance to remove the infected files. Which of the following has MOST likely occurred?

The user’s workstation is infected with ransomware
The user’s antivirus needs to be updated
The user’s workstation should be reimaged immediately
The user is the victim of a rogue antivirus attack

Answer

A

The user is the victim of a rogue antivirus attack

Question 8

Q

After a company rolls out software updates, Ann a lab researcher, can no longer use the lab equipment connected to her PC. The tech contacts the vendor and determines there is an incompatibility with the latest version of the drivers. Which of the following should the technician perform to get the researcher back to the work as quickly as possible?

Downgrade the PC to a working patch level
Reset Ann’s equipment configuration from a backup
Restore Ann’s PC to the last known good configuration
Rollback the drivers to the previous version

Answer

A

Rollback the drivers to the previous version

Question 9

Q

An attacker uses the nslookup interactive mode to locate information on a Domain Name Service (DNS). What command should they type to request the appropriate records for only the name servers?

request type=ns
set type=ns
transfer type=ns
locate type=ns

Answer

A

set type=ns

Explanation:
The nslookup command is used to query the Domain Name System to obtain the mapping between a domain name and an IP Address or to view other DNS records.

The “set type=ns” tells nslookup only reports information on name servers.

If you used “set type=mx” instead, you would receive information only on mail exchange servers.

Question 10

Q

You have decided to have DNA genetic testing and analysis performed to determine your exact ancestry composition and possibly find some lost relatives through their database. Which of the following types of data should this be classified as?

PII
IP
PHI
CUI

Answer

A

PHI (Personal Health Information)

Explanation:
PHI (Personal Health Information) refers to medical and insurance records, plus associated hospital and lab test results.

PII (Personal Identifiable Information) refers to data that can be used to identify, contact, or locate an individual. Information such as a Social Security Number, name, date of birth, email address, telephone number, street address, biometric data is considered PII.

IP (Intellectual Property) or Proprietary Information is information created and owned by the company.

CUI (Controlled Unclassified Information) is federal non-classified information that must be safeguarded by implementing a uniform set of requirements and information security controls to secure sensitive government information.

Question 11

Q

What umask should be set for a directory to have 700 as its OCTAL Permissions?

rwxrwxrwx
rwx—rwx
r–r–r–
rwx——

Answer

A

rwx——

Explanation:
r = 4
w = 2
x = 1

Knowing this, that means RWX = 7, then there is 0 Permissions for the next 2 levels in Linux Permissions.

Question 12

Q

A user’s personal settings are not showing up on their computer. You suspect that their profile has become corrupted within Windows. You attempt to look at their profile file but cannot find it in their profile directory. Which of the following options do you need to configure to see this file?

Internet Options
Display Settings
User Accounts
Folder Options

Answer

A

Folder Options

Explanation:
File Explorer Options section of the Control Panel allows techs to customize the display of files and folders. You can enable or disable the ability to show hidden files, hide file extensions, and more. If you configure to view hidden files, you will see the system files such as the “ntuser.dat” file that are hidden from users by default.

The User Accounts section of the Control Panel allows techs to add user accounts, remove user accounts, change account types, reset account passwords, and other settings relevant to user accounts and their security.

Question 13

Q

You want to ensure that only one person can enter or leave the server room at a time. Which of the following physical security devices would BEST help you meet this requirement?

Thumbprint Reader
Cipher Lock
Access Control Vestibule
Video Monitoring

Answer

A

Access Control Vestibule

Explanation:
Access Control Vestibule is a physical security access control system comprising a small space with two sets of interlocking doors, such that the first set of doors must be closed before the second set opens.

Thumbprint Reader or Cipher Lock will ensure that only an authorized user can open the door, but it won’t prevent someone from piggybacking and entering with them.

Video Monitoring is passive security, it won’t prevent two people from entering at once.

Question 14

Q

A workstation was patched last night with the latest operating system security update. This morning, the workstation only displays a blank screen. You restart the computer, but the OS fails to load. What is the NEXT step you should attempt to boot this workstation?

Reboot the workstation into the BIOS and reconfigure boot options
Reboot the workstation into Safe Mode and rollback the recent security update
Reboot the workstation into Safe Mode, open RegEdit, and repair the Registry
Reboot the workstation into Safe Mode and disable Windows Services/Applications

Answer

A

Reboot the workstation into Safe Mode and rollback the recent security update

Question 15

Q

Which version should you use when installing a Linux OS and are concerned with End-Of-Life Support?

Rolling Release
Developer Release
LTS Release
Beta Release

Answer

A

LTS Release

Explanation: (My Take)
End of Life Support, being concerned with it means, you want a STABLE Distro of Linux, something that will be SUPPORTED, for the Long Term. LTS Release stands for (Long Term Support).

Beta Release is a Pre-Release of software product that is given out to a large group of users for a LIMITED Time and is supported for a LIMITED Time.

Developer Release is also a Pre-Release of a software product that is given out to software developers to TEST. Again, Supported for a LIMITED Time.

Rolling Release is a CONCEPT of Software development where an application is frequently updated through the release of new features over time.

Question 16

Q

Peter is attempting to print to his office printer, but nothing comes out. Yesterday, his printer was working just fine. Peter does not notice any errors on the taskbar’s printer icon. Which of the following actions should Peter try FIRST to solve this issue?

Check the status of the print server queue
Cancel all documents and print them again
Check to ensure the printer selected is the default printer
Check that the printer is not offline

Answer

A

Check the status of the print server queue

Explanation: (My Take)
The KEY word in the question was “Office” printer. Implies a Print Server/Networked Printer.
If no errors show in the taskbar’s printer icon, the user should open the print queue to determine if the print job has become stuck.
If it is, the print queue can be emptied or reset.

Question 17

Q

Which of the following types of attacks involves changing the system’s MAC address before it connects to a Wireless Network?

Spoofing
Botnet
Zombie
DDoS

Answer

A

Spoofing (MAC Spoofing)

Question 18

Q

You attempt to boot a Windows 10 laptop and receive an “Operating System Not Found” error on the screen. You can see the hard disk listed in the UEFI/BIOS of the system. Which of the following commands should you use to repair the boot sector of the hard disk?

bootrec /fixmbr
bootrec /rebuildbcd
diskpart list
bootrec /fixboot

Answer

A

bootrec /fixboot

Explanation:
To repair the Drive’s BOOT SECTOR - you should use the command “bootrec /fixboot” and reboot the computer.

“bootrec /fixmbr” is used to attempt to repair the MASTER BOOT RECORD of a Drive. The first 512-byte sector on a Hard Disk.

“bootrec /rebuildbcd” command is used to add missing Windows Installation to the Boot Configuration Database (BCD).

diskpart command is used in the command-line partitioning utility available for Windows that is used to view, create, delete, and modify a computers disk partition.

Question 19

Q

Which of the following open-source remote access tools allows users to connect to their desktop remotely, see what is on their screen, and control it with their mouse and keyboard?

Telnet
SSH
VNC
RDP

Answer

A

VNC (Virtual Network Computing)

Explanation: (My Take)
KEY words “Open Source” and “Tool”.
VNC is a remote access TOOL and protocol. It is used for Screen Sharing on Linux and macOS.

RDP is NOT Open-Source.
SSH and Telnet are Text Based Remote Access Tools.

RDP (Remote Desktop Protocol) uses Port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.
SSH (Secure Shell) uses Port 22 to securely create communication sessions over the Internet for remote access to a server or system.
Telnet uses Port 23 to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection but sends its data in plaintext making it an insecure protocol.

Question 20

Q

A webserver has a planned firmware upgrade for Saturday evening. During the upgrade, the power to the building is lost, and the firmware upgrade fails. Which of the following plans should be implemented to revert to the most recent working version of the firmware on the webserver?

Contingency Plan
Alternative Plan
Backup Plan
Rollback Plan

Answer

A

Rollback Plan

Explanation: (My Take)
It’s a BackOUT Plan or Rollback Plan, they are the same thing. IT Governance integration approach that specifies the processes required to restore a system to its original or earlier state in the event of a failed or aborted implementation. Every Change Request should be accompanied by a Rollback or BackOUT Plan so that the change can be reversed if it has harmful or unforeseen consequences.

BackUP Plan is a documented business process that identifies how data will be available for recovery by quickly copying critical data from a backup system to the production environment.

Contingency Plan or Alternative Plan is a plan devised for an outcome other than the usual (Expected) plan. Often used in Risk Management for exceptional risk.

Question 21

Q

Sam and Mary both work in the accounting department and use a web-based SaaS product as part of their job. Sam cannot log in to the website using his credentials from his computer, but Mary can log in with her credentials on her computer. Sam asks Mary to login into her account from his computer to see if the problem is with his account or computer. When Mary attempts to log in to Sam’s computer, she receives an error. Mary noticed a pop-up notification about a new piece of software on Sam’s computer when she attempted to log in to the website. Which TWO of the following steps should Mary take to resolve the issue with logging in from Sam’s computer?

Choices:
Ask Sam about the pop-up notification and determine what new programs he installed on his computer.

Have Sam attempt to log on to another website from Sam’s computer to see if it works.

Have Sam clear his browser cache on his computer and then attempt to log on to the website again

Verify Sam’s computer has the correct web browser configuration and settings.

Ask Sam for his username/password to log on to the website from Mary’s computer.

Install a new web browser, reboot Sam’s computer, and attempt to log on to the website again from Sam’s computer.

Answer

A

Ask Sam about the pop-up notification and determine what new programs he installed on his computer.
Verify Sam’s computer has the correct web browser configuration and settings.

Question 22

Q

Which of the following is considered a form of Regulated Data?

DMCA
AUP
DRM
PII

Answer

A

PII (Personal Identifiable Information)

Explanation:
The four forms of regulated data covered by the exam are:
PII (Personally Identifiable Information)
PCI (Payment Card Industry)
GDPR (General Data Protection Regulation)
PHI (Protected Health Information)

AUP (Acceptable Use Policy
DRM (Digital Rights Management)
DMCA (Digital Millennium Copyright Act)

Question 23

Q

An administrator arrives at work and is told that network users are unable to access the shared drive on a Windows Server. The administrator logs into the server and sees that some windows updates were automatically installed last night successfully, but now the network connection shows “Limited with no availability”. What rollback action should the tech perform?

Web Browser
Server’s NIC Drivers
Server’s IP Address
Antivirus Updates

Answer

A

Server’s NIC Drivers

Explanation: (My Take)
There’s no such thing as rolling back a Server’s IP Address.
Antivirus Updates/Web Browser has nothing to do with Network Connectivity

Sometimes Windows Updates can install incompatible Drivers for your hardware and need to be rolled back. In this case, the NIC Card Drivers.

Question 24

Q

Which of the following macOS features allows the user to search all of the hard drives, network shares, and files for a keyword or phrase?

Finder
Gesture
Spotlight
Dock

Answer

A

Spotlight

Explanation: (My Take)
KEY words - Search via keyword or phrase…

Spotlight in macOS is like a SUPER SEARCH.

Question 25

Q

What does the command “shutdown /s” do on a Windows workstation?

Reboot the Workstation
Log Off the Workstation
Shutdown the Workstation
Enter Sleep Mode

Answer

A

Shutdown the Workstation

Explanation:
shutdown /s = shutdown
shutdown /l = log off
shutdown /h = hibernate or sleep mode
shutdown /r = reboot

Question 26

Q

You have submitted an RFC to install a security patch on all of your company’s Windows 2019 servers during the weekly maintenance window. Which of the following change request documents would describe why the change will be installed during this maintenance window?

Purpose
Scope
Risk Analysis
Plan

Question 27

Q

While troubleshooting the reason that the File Explorer is crashing on a Windows 10 machine, you determine that some of its files may have become corrupt. Which of the following utilities should you use to correct this?

dxdiag
gpupdate
regedit
SFC

Answer

A

SFC (System File Checker)

Question 28

Q

You attempt to boot a Windows 10 laptop and receive an “Operating System Not Found” error on the screen. You can see the hard disk listed in the UEFI/BIOS of the system. Which of the following commands should you use to repair the first 512-byte sector on the hard disk?

bootrec /fixmbr
diskpart list
bootrec /fixboot
bootrec /rebuildbcd

Answer

A

bootrec /fixmbr

Explanation:
The master boot record (MBR) is the first 512-byte sector on a hard disk. It contains the partitioning information for a drive. To repair the master boot record (MBR), you should use the command “bootrec /fixmbr” and reboot the computer.

If the disk cannot be detected, enter the system setup and try modifying settings (or even resetting the default settings). If the system firmware reports the disk’s presence, but Windows still will not boot, use a startup repair tool to open a recovery mode command prompt and use the bootrec tool to repair the drive’s boot information. The “bootrec /fixboot” command is used to attempt a repair of the boot sector of a drive.

The “bootrec /rebuildbcd” command is used to add missing Windows installations to the Boot Configuration Database (BCD).

The diskpart command is a command-line disk-partitioning utility available for Windows that is used to view, create, delete, and modify a computer’s disk partitions.

Question 29

Q

You have just finished installing a new workstation for a user in your office. They need to be able to see the other workstations on the company’s workgroup. Which of the following settings should you ensure is enabled?

Enable Network Discovery
Enable BitLocker
Enable File and Folder Sharing
Enable an RDP Connection

Answer

A

Enable Network Discovery

Question 30

Q

You are configuring a SOHO network for a small coffee shop. They have found that certain customers will buy a single coffee cup and then sit at the coffee shop all day to use the WiFi. The owner has asked you to block this customer’s laptop from connecting by placing it on a blocklist. Which of the following configurations would you use to blocklist this customer’s device based on its unique hardware identifier?

Port Filtering
MAC Filtering
Enforce a WPA2 Password
Port Fowarding

Answer

A

MAC Filtering

Question 31

Q

You are helping to set up a backup plan for your organization. The current plan states that all of the organization’s Linux servers must have a daily backup conducted. These backups are then saved to a local NAS device. You have been asked to recommend a method to ensure the backups will work when needed for restoration. Which of the following should you recommend?

Attempt to restore to a test server from one of the backup files to verify them.
Create an additional copy of the backups in an off-site datacenter
Setup Scripts to automatically reattempt any failed backup jobs.
Frequently restore the server from backup files to test them

Answer

A

Attempt to restore to a test server from one of the backup files to verify them.

Question 32

Q

A Windows 2019 server is crashing every evening at 2:35 am, but you are not sure why. Which of the following tools should you use to identify the cause of the system crash?

System Information
Event Viewer
Performance Monitor
Registry Editor

Answer

A

Event Viewer

Question 33

Q

You are working at the service desk and just received the following email from an end-user who believes it is suspicious:

FROM: user@diontraining.com
TO: abuse@diontraining.com
SUBJECT: You won a free iPhone!

You have won a brand new iPhone!!

Just click the following link to provide your address so we can ship it out to you this afternoon: http://www.freephone.io:8080/winner.php

Thanks!
Jonah Smith
Free Phone Giveaway, LLC

Options:
Zero-Day
Phishing
Spoofing
Spear Phishing

Question 34

Q

You are installing a new file server at the offices of Dion Training. The entire building has a diesel generator installed to protect it from power outages. The file server must have zero downtime once placed into production. Which of the following power sources should the file server utilize?

A Surge Protector connected to a UPS
An Uninterruptible Power Supply (UPS)
A Surge Protector
A Line Conditioner

Answer

A

An Uninterruptible Power Supply (UPS)

Question 35

Q

A computer was recently infected with a piece of malware. Without any user intervention, the malware is now spreading throughout the corporate network and infecting other computers that it finds. Which type of malware MOST likely infected these computers?

Trojan
Worm
Virus
Ransomware

Answer

A

Worm

Explanation
A worm is a standalone malware computer program that replicates itself to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. A worm can spread on its own, whereas a virus needs a host program or user interaction to propagate itself.

A virus is malicious software designed to infect computer files or disks when it is activated. A virus may be programmed to carry out other malicious actions, such as deleting files or changing system settings.

A trojan is a type of malware that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general, inflict some other harmful action on your data or network. The most common form of a trojan is a Remote Access Trojan (RAT), which allows an attacker to control a workstation or steal information remotely. To operate, a trojan will create numerous processes that run in the background of the system.

Ransomware is a type of malware designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Once infected, a system or its files are encrypted, and then the decryption key is withheld from the victim unless payment is received.

Question 36

Q

You are working as a server administrator at Dion Training. You unlock the server room door using your proximity badge and walk through the door. Before the door shuts, another person walks in behind you. What social engineering technique did this person utilize?

Tailgating
Spoofing
Shoulder Surfing
Impersonation

Answer

A

Tailgating

Question 37

Q

What is the FOURTH step of the seven-step malware removal process?

Enable System Restore and Create a Restore Point in Windows
Remediate the Infected System/s
Quarantine the Infected System/s
Update the Applications and the Operating System

Answer

A

Remediate the Infected Systems

Explanation:
The seven steps of the malware removal procedures are

(1) Investigate and verify malware symptoms,
(2) Quarantine the infected systems,
(3) Disable System Restore in Windows,
(4) Remediate the infected systems, update anti-malware software, scan the system, and use removal techniques (e.g., safe mode, pre-installation environment),
(5) Schedule scans and run updates,
(6) Enable System Restore and create a restore point in Windows, and
(7) Educate the end user.

Question 38

Q

You are working for a brand new startup company that allows you to use your laptop, tablet, or other devices while at work. The company does provide some rules and guidelines that you must follow based on their policy. Which of the following policies should you look at to ensure you understand these rules and guidelines?

SLA
BYOD
MOU
NDA

Answer

A

BYOD (Bring Your Own Device)

Explanation
BYOD (Bring Your Own Device) refers to the policy of permitting employees to bring personally owned devices to their workplace and to use those devices to access privileged company information and applications.

A memorandum of understanding (MOU) is important because it defines the responsibilities of each party in an agreement, provides the scope and authority of the agreement, clarifies terms, and outlines compliance issues.

A non-disclosure agreement (NDA) is a legal contract or part of a contract between at least two parties that outlines confidential material, knowledge, or information that the parties wish to share for certain purposes but wish to restrict access to.

A service level agreement (SLA) is a commitment between a service provider and a client for particular aspects of the service, such as quality, availability, or responsibilities.

Question 39

Q

You have been asked to help a user upgrade their laptop from Windows 10 to Windows 11. The user has asked that all of their applications, user profiles, documents, and PST files be preserved during the upgrade. Which of the following types of upgrades or installations should you perform on this laptop?

In-Place Upgrade
Repair Upgrade
Clean Installation
Unattended Installation

Answer

A

In-Place Upgrade

Question 40

Q

Several users have contacted the help desk to report that they received an email from a well-known bank stating that their accounts have been compromised and they need to “click here” to reset their banking password. Some of these users are not even customers of this particular bank, though. Which of the following best describes this type of attack?

Phishing
Spear Phishing
Whaling
Brute Force

Answer

A

Phishing

Explanation:
Phishing is an email-based social engineering attack in which the attacker sends an email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim. Phishing attacks target an indiscriminate large group of random people. The email in this scenario appears to be untargeted since it was sent to both customers and non-customers of this particular bank so it is best classified as phishing.

Spear phishing is the fraudulent practice of sending emails from a seemingly known or trusted sender to induce targeted individuals to reveal confidential information.

Whaling is an email-based or web-based form of phishing that targets senior executives or wealthy individuals.

A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly.

Question 41

Q

Malware infected Natalie’s iMac. The malware has deleted numerous files from the system and corrupted the operating system. Natalie needs to access some of her files from the computer that have been deleted by the malware. Which of the following built-in utilities could restore access to those files?

Keychain
System Restore
Time Machine
Snapshot

Answer

A

Time Machine

Question 42

Q

Your company is concerned about the possibility of theft of sensitive information from their systems. The IT Director has directed that access to all USB storage devices be blocked on all corporate workstations to prevent this. The workstation should still use other USB devices, like scanners, printers, keyboards, and mice. Which of the following command-line tools should you use to install a Group Policy (GPO) to all workstations across the network to disable the use of USB storage devices?

diskpart
SFC
gpresult
gpupdate

Question 43

Q

Which of the following commands is used on a Linux system to change a file’s permissions or directory on a system?

pwd
passwd
chown
chmod

Answer

A

chmod

Explanation:
The chmod command sets the permissions of files or directories on a Linux system. A set of flags associated with each file determines who can access that file and how they can access it. These flags are called file permissions or modes. The command name chmod stands for change mode and it restricts the way a file can be accessed.

The chown command is used to change the owner of the file, directory, or link in Linux.

The passwd command changes passwords for user accounts. A normal user may only change the password for their account, while the superuser may change the password for any user.

The pwd command displays the present working directory (current directory) path to the terminal or display. If you are working on a Linux system and are unsure of where you are in the directory structure, type “pwd” and hit enter to display the path to the screen.

Question 44

Q

Dion Training is worried about the security of the data on their corporate smartphones if lost or stolen. The Chief Security Officer has instructed that the devices be configured so that unauthorized users cannot access the data. Which TWO of the following settings would provide the BEST security and protection for the corporate smartphones’ data?

Configure the ability to perform a remote wipe
Enable device lockouts after 3 failed attempts
Disable the installation of applications from untrusted sources
Enable full device encryption
Require complex passwords
Enable pattern lock

Answer

A

Configure the ability to perform a remote wipe
Enable full device encryption

Explanation:
The BEST protections for the data would involve enabling full disk encryption and configuring the ability to perform a remote wipe. Even if the device is lost or stolen, its data would be unreadable if it was using full disk encryption.

Additionally, by configuring the ability to wipe the device’s storage remotely, the data would be erased before a thief can access it.

The other options are all valid options to increase security, but they do not directly address the issues presented in the scenario.

Question 45

Q

Which of the following allows a user to save their current session to memory and put a Windows 10 computer into a minimal power state?

Lock
Shutdown
Hibernate
Sleep

Answer

A

Sleep

Explanation: (My Take)
Sleep - Think of someone that can easily be woken up from Sleep.

Hibernate - Think of animals that “Hibernate” for the Winter, they generally aren’t bothered and won’t come out of it till the Winter is over.

Exam Explanation:
Sleep or standby mode is used to save the current session to memory and put the computer into a minimal power state to save battery life when the system is not being used. The computer takes less time to start up again from the sleep or standby mode than it does from the hibernate mode.

Hibernate mode is used to save the current session to disk before powering off the computer to save battery life when the system is not being used. The computer takes longer to start up again from hibernate mode than it does from the sleep or standby mode.

Shutdown mode completely powers off the computer and does not save the current user session to disk. Instead, the shutdown will close all open files and log out the user during the shutdown process.

A lock will secure the desktop with a password while leaving programs running.

Question 46

Q

What type of structure is a “Do While” in scripting?

Constant
Loop
Variable
Branch

Question 47

Q

Which of the following data types would be used to store the value of TRUE?

Boolean
Floating Point
String
Integers

Question 48

Q

The physical security manager has asked you to assist with the risk assessment of some proposed new security measures. The manager is concerned that during a power outage, the server room might be targeted for attack. Luckily, they have many different protection measures in place to keep intruders out of the server room. During a power outage, which of the following security controls would still be usable?

Biometric Scanners
Door Locks
Motion Detectors
Video Surveillance

Answer

A

Door Locks

Question 49

Q

Which attack method is MOST likely to be used by a malicious employee or insider trying to obtain another user’s passwords?

On-Path Attack
Tailgating
Shoulder Surfing
Phishing

Answer

A

Shoulder Surfing

Question 50

Q

A customer is complaining that they cannot connect to the local network share drive. You run the command ‘ipconfig /all’ from their workstation, and it returns an IP of 169.254.34.12. Which of the following is the problem with this workstation?

The Workstation couldn’t reach the DHCP Server
The Workstation couldn’t reach the Proxy Server
The Workstation couldn’t reach the Gateway
The Workstation couldn’t reach the DNS Server

Answer

A

The Workstation couldn’t reach the DHCP Server.

Question 51

Q

Joseph contacted the service desk because his Windows 10 desktop is acting strangely. He cannot use his mouse, speakers, or printer connected to his workstation by USB. Yesterday, everything worked normally. He attempted to reboot the computer to fix the issue, but it remains. Which of the following actions should be performed NEXT?

Disable System Restore in Windows
Rollback any System Updates or changes since yesterday
Rollback the Printer’s Device Driver in the Device Manager
Disable the Windows Update service to prevent future issues

Answer

A

Rollback any System Updates or changes since yesterday

Question 52

Q

Another technician tells you that they are PXE booting a computer. What is the technician MOST likely doing with the computer?

Using a multiboot configuration
An in-place upgrade of the OS
Conducting a system repair
Installing an image to the computer over the network

Answer

A

Installing an image to the computer over the network

Question 53

Q

A small doctor’s office has asked you to configure their network to use the highest levels of wireless security and desktop authentication. The office only uses cloud-based SaaS applications to store their patient’s sensitive data. Which TWO of the following protocols or authentication methods should you implement for the BEST security?

Multifactor
SSO
WEP
WPS
WPA2
RADIUS

Answer

A

Multifactor
WPA2

Explanation
Since everything is being stored within a cloud-based SaaS application, the doctor’s office needs to ensure their network connection uses the highest encryption level (WPA2), and their desktop authentication should use a multifactor authentication system. Multifactor authentication relies on using at least 2 of the following factors: something you know (password or pin), something you have (smart card or key fob), something you are (fingerprint or retinal scan), or something you do (draw a pattern or how you sign your name). Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption.

Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection. WEP is considered vulnerable to attacks that can break its encryption. WEP relies on the use of a 24-bit initialization vector to secure its preshared key.

The Wi-Fi Protected Setup (WPS) is a mechanism for auto-configuring a WLAN securely for home users. On compatible equipment, users push a button on the access point and connect adapters to associate them securely. WPS is subject to brute force attacks against the PIN used to secure them, making them vulnerable to attack.

The Remote Authentication Dial-in User Service (RADIUS) is used to manage remote and wireless authentication infrastructure. Users supply authentication information to RADIUS client devices, such as wireless access points. The client device then passes the authentication data to an AAA (Authentication, Authorization, and Accounting) server that processes the request.

Single sign-on (SSO) is a type of mutual authentication for multiple services that can accept the credential from one domain or service as authentication for other services.

Question 54

Q

Which of the following types of mobile device screen locks uses biometrics to securely unlock the device?

FaceID
TouchID
Passcode
Swipe

Answer

A

FaceID

TouchID

Question 55

Q

A developer uses a MacBook Pro when working from home, but they need access to both a Windows and macOS system to test their programs. Which of the following tools should be used to allow both operating systems to exist on their MacBook Pro?

Terminal
Device Manager
Mission Control
Boot Camp

Answer

A

Boot Camp

Question 56

Q

An offsite tape backup storage facility is involved with a forensic investigation. The facility has been told they cannot recycle their outdated tapes until the conclusion of the investigation. Which of the following is the MOST likely reason for this?

A data transport request
A chain of custody breach
The process of discovery
A notice of a legal hold

Answer

A

A notice of a legal hold

Explanation
A legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. If a legal hold notice has been given to the backup service, they will not destroy the old backup tapes until the hold is lifted.

The process of discovery is the formal process of exchanging information between the parties about the witnesses and evidence they will present at trial.

The chain of custody is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence.

A data transport request is a formalized request to initiate a data transfer by establishing a circuit or connection between two networks.

Question 57

Q

Which mobile device strategy is most likely to introduce vulnerable devices to a corporate network?

COPE
BYOD
MDM
CYOD

Answer

A

BYOD (Bring Your Own Device)

Explanation
The BYOD (bring your own device) strategy opens a network to many vulnerabilities. People can bring their personal devices to the corporate network, and their devices may contain vulnerabilities that could be allowed to roam free on a corporate network.

COPE (company-owned/personally enabled) means that the company provides the users with a smartphone primarily for work use, but basic functions such as voice calls, messaging, and personal applications are allowed, with some controls on usage and flexibility.

With CYOD, the user can choose which device they wish to use from a small selection of devices approved by the company. The company then buys, procures, and secures the device for the user.

The MDM is a mobile device management system that gives centralized control over COPE company-owned personally enabled devices.

Question 58

Q

Which of the following MacOS features is used to manage passwords cached by the OS and is the equivalent of the Credential Manager in Windows?

Spotlight
Mission Control
Apple ID
Keychain

Question 59

Q

Which of the following commands is used on a Linux system to change a user’s password on the system?

chmod
passwd
pwd
chown

Answer

A

passwd

Explanation:
passwd command is used to change a user’s account password on a Linux system. A normal user can run passwd to change their password, and a system administrator (the superuser) can use passwd to change another user’s password or define how that account’s password can be used or changed.

chmod command sets the permissions of files or directories on a Linux system. A set of flags associated with each file determines who can access that file and how they can access it. These flags are called file permissions or modes. The command name chmod stands for change mode and it restricts the way a file can be accessed.

chown command is used to change the owner of the file, directory, or link in Linux.

pwd command displays the present working directory (current directory) path to the terminal or display. If you are working on a Linux system and are unsure of where you are in the directory structure, type “pwd” and hit enter to display the path to the screen.

Question 60

Q

You are trying to connect to another server on the network but are unable to ping it. You have determined that the other server is located on the 10.0.0.1/24 network, but your workstation is located on the 192.168.1.1/24 network. Which of the following tools should you use to begin troubleshooting the connection between your workstation and the server?

netstat
traceroute
dig
ifconfig

Answer

A

traceroute

Explanation:
traceroute command is used on Linux, Unix, and OS X devices to show details about the path that a packet takes from a host to a target and displays information about each hop in the path. While using ping will tell you if the remote website is reachable or not, it will not tell you where the connection is broken. Traceroute performs a series of ICMP echo requests to determine which device in the connection path is not responding appropriately. This will help identify if the connectivity issue lies within your workstation and the server since the traffic must be routed between the two networks.

dig command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information.

ifconfig tool is used on Linux, Unix, and OS X devices to display the current TCP/IP network configuration, assign an IP address, and assign configure TCP/IP settings for a given network interface.

Question 61

Q

Which of the following commands is used on a Linux system to change the ownership of a file or directory on a system?

chmod
chown
pwd
passwd

Answer

A

chown

Explanation:
The chown command changes user ownership of a file, directory, or link in Linux. Every file is associated with an owning user or group.

The chmod command sets the permissions of files or directories on a Linux system. A set of flags associated with each file determines who can access that file and how they can access it. These flags are called file permissions or modes. The command name chmod stands for change mode and it restricts the way a file can be accessed.

The passwd command changes passwords for user accounts. A normal user may only change the password for their account, while the superuser may change the password for any user.

The pwd command displays the present working directory (current directory) path to the terminal or display. If you are working on a Linux system and are unsure of where you are in the directory structure, type “pwd” and hit enter to display the path to the screen.

Question 62

Q

A user has asked you for a recommendation on which word processing software they should install. There are four different software packages they are considering, and each uses a different licensing type. The user states they do not want to pay for the software. Which of the following would MOST likely be the best option for them?

Personal
Open-Source
Enterprise
Corporate

Answer

A

Open-Source

Question 63

Q

Christina recently purchased a new Android smartphone and is going on a trip. At the airport, she found a public wireless network called “FreeAirportWiFi” and connects to it. She noticed a question mark (?) icon showing in the toolbar next to the Wi-Fi icon. Christina attempts to open a webpage but gets an error of “The page cannot be displayed.” She begins to troubleshoot the device by verifying that the airplane mode is disabled, Bluetooth is enabled, and tethering is enabled. Next, Christina attempts to make a phone call, which works without any issues. Which of the following is MOST likely the issue with Christina’s smartphone?

The smartphone does not have a valid data plan enabled
The smartphone’s SIM card is deactivated
The smartphone is connected to the FreeAirportWIFI but is not authenticated yet.
The smartphone can only support 3G data networks

Answer

A

The smartphone is connected to the FreeAirportWIFI but is not authenticated yet.

Question 64

Q

You have submitted an RFC to install a security patch on all of your company’s Windows 2019 server on Friday at 11 pm using an automated patch installation process. Which of the following change request documents would describe any uncertainty or adverse effects that may occur during the installation process?

Plan
Risk Analysis
Purpose
Scope

Answer

A

Risk Analysis

Explanation:
The risk analysis portion of the change request documentation provides the risk levels of carrying out the change, or not performing the requested change at this time. Risk is the likelihood and impact (or consequence) of a given action. It is important to understand the risk involved with a change before deciding to proceed with implementing the change.

The plan of the change defines how the change or installation will occur. The change request documentation should define the 5 W’s (who, what, when, where, why, and how), with the plan documentation covering how the change is implemented. For example, the plan might say that the installation will be performed manually or through an automated patching process. It may also dictate that all servers will receive the update simultaneously or that five servers will receive it first, then another ten, then the remaining twenty.

The purpose of the change defines why the change or installation will occur. The change request documentation should define the 5 W’s (who, what, when, where, why, and how) to define the why behind the change. For example, the purpose might be “to remediate several category one vulnerabilities so that our security is improved.”

The change’s scope defines the area, number, size, or scale of a particular change. The change request documentation should define the exact scope of the change. In this example, only some of the Windows 2019 servers will receive the patch. If 50% of them are listed by their asset tracking number will receive the patch, this would clearly define this change’s scope.

Answer 59

A

Server Rack

UPS

Answer 60

A

Disconnect the workstation from the network

Answer 61

A

Dumpster Diving

Answer 62

A

WPS Enabled

Default Administrative Login Credentials

Answer 63

A

Social Engineering

Answer 64

A

Privacy Screen

Answer 65

A

Time Machine

Answer 66

A

gpresult

Explanation:
A Group Policy is the primary administrative tool for defining and controlling how programs, network resources, and the operating system operate for users and computers in an organization. In an active directory environment, Group Policy is applied to users or computers based on their membership in sites, domains, or organizational units.

The gpresult command is used to display the Resultant Set of Policy (RSoP) information for a remote user and computer. Because you can apply overlapping policy settings to any computer or user, the Group Policy feature generates a resulting set of policy settings when the user logs on. The gpresult command displays the resulting set of policy settings that were enforced on the computer for the specified user when the user logged on.

The gpupdate command-line tool is used to update the group policy settings on a Windows system. For an administrator to force a background update of all Group Policy settings regardless of whether they have changed, they need to run “gpupdate /force” from the command line. The deployment image servicing and management (DISM) is a command-line tool used to mount and service Windows images before deployment.

The dism command with the /RestoreHealth option can run a scan to identify and repair any image or virtual hard drive corruption.

The system file checker (SFC) command is a utility in Windows that allows users to scan for and restore corrupted Windows system files from the command line.

Answer 67

A

Thumbprint and Password

Answer 68

A

Identify the Issue

Answer 69

A

Increase the Pagefile Size

Answer 70

A

Restart the Print Spooler Service

Explanation:
Based on the issue described, it is likely that the print spooler service is not started or has become hung. To fix this issue, an administrator should restart the print spooler service. The Print Spooler is software built into the Windows operating system that temporarily stores print jobs in the computer’s memory until the printer is ready to print them. In some circumstances, you may need to stop and/or restart the service. To access the Print Spooler, you must open the Local Services console. If restarting the print spooler doesn’t fix the issue, the technician should check the driver and determine if it is faulty and needs to be rolled back or upgraded.

Answer 71

A

Trojan

Explanation:
A trojan is a type of malware that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general, inflict some other harmful action on your data or network. The most common form of a trojan is a Remote Access Trojan (RAT), which allows an attacker to control a workstation or steal information remotely. To operate, a trojan will create numerous processes that run in the background of the system.

Ransomware is a type of malware designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Once infected, a system or its files are encrypted, and then the decryption key is withheld from the victim unless payment is received.

A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. A rootkit is generally a collection of tools that enabled administrator-level access to a computer or network. They can often disguise themselves from detection by the operating system and anti-malware solutions. If a rootkit is suspected on a machine, it is best to reformat and reimage the system.

A keylogger actively attempts to steal confidential information by capturing the data when entered into the computer by the user. This is done by recording keystrokes entered into a web browser or other application. A software keylogger can be run in the background on a victim’s computer. A hardware keylogger may be placed between the USB port and the wired keyboard.

Answer 72

A

Perform a Remote Wipe of the Device

Answer 73

A

ps

Explanation:
ps command is used to list the currently running processes, and their PIDs and some other information depend on different options. It reads the process information from the virtual files in the /proc file system. The /proc directory contains virtual files and is known as a virtual file system.

kill command sends a signal to specified processes or process groups, causing them to act according to the signal. When the signal is not specified, it defaults to -15 (-TERM), which terminates the specified process by gracefully stopping it. If “kill -9” is used instead, it will immediately kill the process.

grep is a command-line utility for searching plain-text data sets for lines that match a regular expression. The grep command works on Unix, Linux, and macOS operating systems. Grep is an acronym that stands for Global Regular Expression Print.

ls command lists the files or directories in the current path of a Unix, Linux, or Mac operating system. When invoked without any arguments, ls lists the files in the current working directory.

Answer 74

A

Moving the desktop from the production network to a quarantined VLAN

Answer 75

A

Reboot the Computer

Explanation:
If any of the .DLL files involved with Windows Update are not correctly registered, you may also encounter this problem. To solve it, open services.msc and stop the Windows Update service. Then, open a Command Prompt as the administrator and use regsvr32 for each of the 6 Windows Update DLL files (wuapi.dll, wuaueng.dll, wups.dll, wups2.dll, wuwebv.dll, and wucltux.dll). Then, open services.msc and restart the Windows Update service. Finally, restart your computer for these changes to take effect.

Answer 76

A

Provide documentation of the repair to the customer and thank them for their patience

Answer 77

A

Uninterruptible Power Supply

Answer 78

A

Notify your immediate supervisor

Answer 79

A

Device Manager

Answer 80

A

UTM (Unified Threat Management)

Explanation:
A Unified Threat Management (UTM) appliance enforces a variety of security-related measures, combining the work of a firewall, malware scanner, and intrusion detection/prevention. A UTM centralizes the threat management service, providing simpler configuration and reporting than isolated applications spread across several servers or devices.

An intrusion detection system (IDS) is a device or software application that monitors a network or system for malicious activity or policy violations. Any malicious activity or violation is typically reported to an administrator or collected centrally using a security information and event management system.

Unlike an IPS, which can stop malicious activity or policy violations, an IDS can only log these issues and not stop them. An intrusion prevention system (IPS) conducts the same functions as an IDS but can also block or take actions against malicious events.

A Syslog server is a server that collects diagnostic and monitoring data from the hosts and network devices across a given network.

Answer 81

A

RAID 10

Explanation:
RAID 10 provides the system with both speed and efficiency. With RAID 10, the system has a mirror of striped disks for full redundancy and double fault tolerance. RAID 10 configuration (also known as RAID 1+0) requires a minimum of four disks and mirrors data across a striped disk pair. This is not only the best option presented in this question but also the most expensive option.

A RAID 0 provides disk striping (speed/performance) but not mirroring with a minimum of two disks.

A RAID 1 provides mirroring (redundancy) but not disk striping with a minimum of two disks.

A RAID 5 provides block-level striping with distributed parity to provide redundancy using a minimum of three disks.

Answer 82

A

Resolution

Answer 83

A

Hibernate

Brainscape's Knowledge GenomeTM

Jason Dion - CompTIA A+ 1002 Exam Prep #1 Flashcards

Brainscape's Knowledge Genome^TM