languages & security and related

Question 1

Which area of concern falls under the operations and planning category in IT documentation?

Answer 1

inventory management ( There are four broad categories of IT documentation: Policies, Operations, Projects, and User documentation. Operations is concerned with inventory management.)

Question 2

Which one of these languages is a scripting language and which one is a compiled language?
C++, VBScript, Java, C#, Python, JavaScript

Answer 2

Scripting languages:
VBScript, Python, JavaScript
Compiled Languages:
C++, Java, C#
(Scripting languages include Windows batch files, PowerShell, Linux shell script, VBScript, JavaScript, and Python. Compiled languages include C, C++, C#, and Java.)

Question 3

A third-party security firm is performing a security audit of a company and recommends the company utilize the Remote Desktop Protocol. What are two characteristics of the Microsoft Remote Desktop Protocol (RDP)?

Answer 3

RDP uses an encrypted session.
RDP connects on TCP port 3389.
( The Remote Desktop protocol (RDP) is used to remotely access a Windows OS. It is a client/server protocol.The port number for RDP is TCP port 3389 and it uses encryption.)

Question 4

Which port number is used by Virtual Network Computing (VNC) to provide remote screen sharing between devices?

Answer 4

5900 (Virtual Network Computing (VNC) is a freeware product that is similar in functionality to RDP and works over port 5900.)

Question 5

Which subject area describes collecting and analyzing data from computer systems, networks, and storage devices, as part of an investigation of alleged illegal activity?

Answer 5

computer forensics (The field of computer forensics involves collecting and analyzing data from computer systems, networks, wireless communications, and storage devices.)

Question 6

In a computer forensics investigation, which type of data is considered volatile data and can be lost if power is removed from the computer?

Answer 6

data in transit between RAM and the CPU (Volatile data is a data that is lost when power is turned off, and is located in temporary storage such as RAM, cache, CPU or in transit between them.)

Question 7

What is the difference between a scripting language and a compiled language?

Answer 7

Scripting languages are interpreted and executed line by line when a script is run, while compiled languages need to be converted into executable code. (A scripting language is different than a compiled language because each line is interpreted and then executed when the script is run. Compiled languages need to be converted into executable code using a compiler. Another difference between the two types of languages is that compiled languages are executed by the CPU while scripting languages are executed by a command interpreter or by the operating system.)

Question 8

Which methods can be used to implement multifactor authentication?

Answer 8

passwords and fingerprints (A cybersecurity specialist must be aware of the technologies available that support the CIA triad.)

Question 9

The CIO wants to secure data on company laptops by implementing file encryption. The technician determines the best method is to encrypt each hard drive using Windows BitLocker. Which two things are needed to implement this solution?

Answer 9

at least two volumes, TPM (Windows provides a method to encrypt files, folders, or entire hard drives depending on need. However, certain BIOS settings and configurations are necessary to implement encryption on an entire hard disk.)

Question 10

What is an accurate description of asymmetric encryption technology?

Answer 10

It is an encryption process that uses a public and private key pair to encrypt/decrypt data.

Question 11

Which type of security threat can be transferred through email and is used to gain sensitive information by recording the keystrokes of the email recipient?

Answer 11

virus (Adware does not record keystrokes. A worm self-replicates across the network. A Trojan appears to be a legitimate program while carrying malware, and grayware is a general term for software that may be malware.)

Question 12

A manager reports that unusual things are happening on a Windows computer. The technician determines that malware is the culprit. What can the technician do to remove stubborn malware?

Answer 12

Enter Safe Mode and do a system restore. (Booting the computer in Safe Mode prevents most drivers from loading. Additional antimalware software can then be installed to remove or quarantine malware. Sometimes the storage drive must be wiped, the operating system reinstalled, and data restored from a backup.)

Question 13

An employee that has worked at the company for many years has started a home-based business selling crafts. While leaving an office meeting, a company supervisor notices the employee buying supplies for the personal crafting business of the employee. What section of the security policy should the supervisor review when determining how to handle this situation?

Answer 13

acceptable use policies (The acceptable use policies section of a security policy commonly identifies network resources and usages that are acceptable to the organization. They might also state the ramifications that can occur if this security policy is violated.)

Question 14

What Windows utility should be used to configure password rules and account lockout policies on a system that is not part of a domain?

Answer 14

Local Security Policy tool (A technician must be aware of the technologies and measures that are used as countermeasures to protect the organization from threats and vulnerabilities. A Windows Domain Security Policy is used and applied when a user logs in to a computer that is on a corporate network. A Windows Local Security Policy is used for stand-alone computers to enforce security settings.)

Question 15

A customer brings in a computer that is asking for a password as soon as it powers on, even before the operating system boots. Which type of password is enabled?

Answer 15

A BIOS password is configured by entering the BIOS Setup program. If unknown, it can be removed by placing a jumper over two motherboard pins. Some motherboards support BIOS password removal by removing the CMOS battery, but if this is done, all BIOS settings will be reset to the default values.

Question 16

Users in a company have complained about network performance. After investigation, the IT staff has determined that the attacker was using a specific technique that affected the TCP three-way handshake. What is the type of network attack?

Answer 16

SYN flood

Question 17

Users in a company have complained about network performance. After investigation, the IT staff has determined that the attacker is using a technique that compares hashed passwords to potential hashes the hacker has. What is the type of network attack?

Answer 17

rainbow table

Question 18

Users in a company have complained about network performance. After investigation, the IT staff has determined that the DNS server was sent with an enormous amount of false requests, thus overwhelming the server. What is the type of network attack?

Answer 18

DoS

Question 19

Users in a company have complained about network performance. After investigation, the IT staff has determined that the attacker is using a vulnerability that is known to the software vendor, but not patched yet. What is the type of network attack?

Answer 19

zero-day

Question 20

Users in a company have complained about network performance. After investigation, the IT staff has determined that zombies were used to attack the firewall. What is the type of network attack?

Answer 20

DDoS

Question 21

Users in a company have complained about network performance. After investigation, the IT staff has determined that zombies were used to attack the firewall. What is the type of network attack?

Answer 21

DDoS

Question 22

Users in a company have complained about network performance. After investigation, the IT staff has determined that the attacker is using a table of words that potentially could be used as passwords. What is the type of network attack?

Answer 22

dictionary

Question 23

Users in a company have complained about network performance. After investigation, the IT staff has determined that the attacker injected false records on the server that translates IP addresses to domain names. What is the type of network attack?

Answer 23

DNS poisoning

Question 24

Which situation can be prevented by creating a UEFI password?

Answer 24

an unauthorized person acting as the logged in user on an unlocked computer

Question 25

A PC technician has been asked by a supervisor to recommend a security solution for a company that wants a device to monitor incoming and outgoing traffic and stop any malicious activity. Which security technique should the technician recommend?

Answer 25

Buy an IPS.

Question 26

A PC technician has been asked by a supervisor to recommend a security solution for a machine where the antimalware software cannot remove all of the malware. Which security technique should the technician recommend?

Answer 26

Use Windows Safe Mode.

Question 27

A PC technician has been asked by a supervisor to recommend a security solution for preventing tailgating. Which security technique should the technician recommend?

Answer 27

Use a mantrap.

Question 28

A PC technician has been asked by a supervisor to recommend a security solution for drive redundancy. Which security technique should the technician recommend?

Answer 28

Implement a RAID.

Question 29

A PC technician has been asked by a supervisor to recommend a security solution for phishing. Which security technique should the technician recommend?

Answer 29

Provide security awareness training.

Question 30

A PC technician has been asked by a supervisor to recommend a security solution for protecting a computer used to log in at a dental clinic from someone using a bootable disk containing hacking tools. Which security technique should the technician recommend?

Answer 30

Disable ports.

Question 31

A PC technician has been asked by a supervisor to recommend a security solution for a manager traveling who needs access to internal corporate resources. Which security technique should the technician recommend?

Answer 31

Use a VPN.

Question 32

A PC technician has been asked by a supervisor to recommend a security solution for a small company that wants stateful firewall services. Which security technique should the technician recommend?

Answer 32

Buy an ASA. (The ASA in Cisco ASA stands for Adaptive Security Appliance. In brief, Cisco ASA is a security device that combines firewall, antivirus, intrusion prevention, and virtual private network (VPN) capabilities. It provides proactive threat defense that stops attacks before they spread through the network.)

Question 33

What are two symptoms that indicate that a computer system may be a victim of DNS spoofing?

Answer 33

The output of the nslookup command reports an unknown resolver name and IP address.
Entering www.cisco.com in a browser displays a popular gaming site instead of the Cisco homepage.

Question 34

A PC technician has been asked by a supervisor to recommend a security solution for preventing tailgating. Which security technique should the technician recommend?

Answer 34

Use a mantrap.

Question 35

What are two features of protocols used within the TCP/IP protocol stack?

Answer 35

TCP mechanisms retransmit data when an acknowledgment is not received from the destination system within a set period of time.
UDP is used when an application must be delivered as quickly as possible and some loss of data can be tolerated.

Question 36

Describe the IT policy type:
acceptable use policies
security policies
regulatory compliance policies
disaster recovery policies

Answer 36

acceptable use policies — outlines how technology and applications can be used within the organization.
security policies — includes password complexity requirements and incident response methods
regulatory compliance. policies — describes all government and industry statutes that apply to the company.
disaster recovery policies — provides detailed plans of what must be done to restore IT services quickly

Question 37

A college uses Microsoft 365 Office and email services for its faculty, staff, and students. Data storage, custom applications, and Microsoft Active Directory services are delivered by virtual servers leased from a local data center. Single sign-on is implemented for both environments for authentication and authorization. Access control is managed locally. What type of cloud service implementation is the college using?

Answer 37

private cloud

Question 38

Which cloud computing characteristic enables multiple tenants to share the same storage, processing, and network bandwidth?

Answer 38

on-demand provisioning

Question 39

Refer to the exhibit. Which two hypervisor software products are suitable for the virtualization environment shown in the exhibit?https://itexamanswers.net/wp-content/uploads/2020/10/Which-two-hypervisor-software-products-.jpg

Answer 39

VMware vSphere

Oracle VM Server

Question 40

A user wants VirtualBox to run automatically when Windows 10 starts up. Which action will enable VirtualBox to load and run on system startup?

Answer 40

Copy the shortcut for VirtualBox from its location to the startup folder.