Lesson 10: Using Support and Scripting Tools

Question 1

RDP

Answer 1

Remote Desktop Protocol

Question 2

FQDN

Answer 2

fully qualified domain name

Question 3

VNC

Answer 3

Virtual Network Computing

Question 4

MSRA

Answer 4

Microsoft Remote Assistance

Question 5

Windows remote-support feature allowing a user to invite a technical support professional to provide assistance over a network using chat. The user can also grant the support professional control over his or her desktop. Remote Assistance uses the same RDP protocol as Remote Desktop.

(allows a user to ask for help from a technician or co-worker via an invitation file protected by a passcode.)

Answer 5

Microsoft Remote Assistance (MSRA)

Question 6

Windows support feature allowing remote screen-sharing over the Internet.

Answer 6

Quick assist

Question 7

Quick assist key combo

Answer 7

CTRL+WINDOWS+Q

Question 8

SSH

Answer 8

Secure Shell

Question 9

What TCP port does SSH run over?

Answer 9

port 22

Question 10

UEM

Answer 10

Unified Endpoint Management

Question 11

RMM

Answer 11

Remote monitoring and management

Question 12

MSP

Answer 12

managed service providers

Question 13

Category of support software designed for outsourced management of client networks by MSPs.

Answer 13

Remote monitoring and management (RMM)

Question 14

Enterprise software for controlling device settings, apps, and corporate data storage on all types of fixed, mobile, and IoT computing devices.

Answer 14

Desktop management unified endpoint management (UEM)

Question 15

EDR

Answer 15

endpoint detection and response

Question 16

Software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.

Answer 16

endpoint detection and response (EDR)

Question 17

Supported by Apple iOS and macOS, this uses Bluetooth to establish a Wi-Fi Direct connection between the devices for the duration of the file transfer. The connection is secured by the Bluetooth pairing mechanism and Wi-Fi encryption.

Answer 17

Airdrop

Question 17

Software that allows clients to view and control the desktop over a network or the Internet.

Answer 17

screen-sharing

Question 18

You are joining a new startup business that will perform outsourced IT management for client firms. You have been asked to identify an appropriate software solution for off-site support and to ensure that service level agreement (SLA) metrics for downtime incidents are adhered to. What general class of remote access technology will be most suitable?

Answer 18

Remote monitoring and management (RMM) tools are principally designed for use by managed service providers (MSPs).
As well as remote access and monitoring, this class of tools supports management of multiple client accounts and billing/reporting.

Question 18

Bluetooth-enabled sharing for Android devices.

Answer 18

Nearby share

Question 18

Microsoft’s version of AirDrop.

Answer 18

Nearby sharing

Question 19

Users working from home need to be able to access a PC on the corporate network via RDP. What technology will enable this without having to open the RDP port to Internet access?

Answer 19

Configure a virtual private network (VPN) so that remote users can connect to the corporate LAN and then launch the remote desktop protocol (RDP) client to connect to the office PC.

Question 20

True or false? You can configure a web server running on Linux to accept remote terminal connections from clients without using passwords.

Answer 20

True.
This can be configured using public key authentication with the Secure Shell (SSH) protocol. The server can be installed with the public keys of authorized users.

Question 21

You are updating a procedure that lists security considerations for remote access technologies. One of the precautions is to check that remote access ports have not been opened on the firewall without authorization. Which default port for VNC needs to be monitored?

Answer 21

Virtual Network Computing (VNC) uses TCP port 5900 by default.

Question 22

Security copy of production data made to removable media, typically according to a regular schedule.

Answer 22

Backups

Question 23

What are the different backup types? (3)

Answer 23

• full,
• incremental,
• differential

Question 24

Process an organization uses to maintain the existence of and control over certain data in order to comply with business policies and/or applicable laws and regulations. (the period that any given backup job is kept for. )

Answer 24

Retention

Question 25

Sequence of jobs starting with a full backup and followed by either incremental or differential backups to implement a media rotation scheme.

Answer 25

backup chain

Question 26

All selected data regardless of when it was previously backed up

Answer 26

full backup

Question 26

Job type in which all selected files that have changed since the last full or incremental backup (whichever was most recent) are backed up.

Answer 26

Incremental backups

Question 26

New files and files modified since last full backup job

Answer 26

differential backup

Question 27

Record of evidence-handling from collection to presentation in court to disposal.

(form record where, when, and who collected the evidence, who has handled it subsequently, and where it was stored. )

Answer 27

chain of custody

Question 27

Job type that combines incremental backup jobs to synthesize a full backup job.

Answer 27

synthetic full backup

Question 27

What backup issue does the synthetic job type address?

Answer 27

A synthetic full backup reduces data transfer requirements and, therefore, backup job time by synthesizing a full backup from previous incremental backups rather than directly from the source data.

Question 28

Best practice maxim stating that at any given time there should be at least three copies of data stored on two media types, with one copy held off site.

Answer 28

3-2-1 backup rule

Question 29

DRM

Answer 29

Digital Rights Management

Question 30

You are documenting workstation backup and recovery methods and want to include the 3-2-1 backup rule. What is this rule?

Answer 30

It states that you should have three copies of your data across two media types, with one copy held offline and offsite. The production data counts as one copy.

Question 31

What frequent tests should you perform to ensure the integrity of backup settings and media?

Answer 31

You can perform a test restore and validate the files. You can run an integrity check on the media by using, for example, chkdsk on a hard drive used for backup. Backup software can often be configured to perform an integrity check on each file during a backup operation. You can also perform an audit of files included in a backup against a list of source files to ensure that everything has been included.

Question 31

For which backup/restore issue is a cloud-based backup service an effective solution?

Answer 31

The issue of provisioning an off-site copy of a backup. Cloud storage can also provide extra capacity.

Question 32

Information that has storage- and handling-compliance requirements defined by national and state legislation and/or industry regulations.

(information that must be collected, processed, and stored in compliance with federal and/or state legislation. )

Answer 32

Regulated data

Question 33

EULA)

Answer 33

End-User License Agreement

Question 34

Licensing model that grants permissive rights to end-users, such as to install, use, modify, and distribute a software product and its source code, as long as redistribution permits the same rights.

Answer 34

open-source license

Question 35

IRP

Answer 35

Incident response plan

Question 35

CSIRT

Answer 35

Computer Security Incident Response Team

Question 36

Process of gathering and submitting computer evidence to trial. Digital evidence is latent, meaning that it must be interpreted. This means that great care must be taken to prove that the evidence has not been tampered with or falsified.

(the science of collecting evidence from computer systems to a standard that will be accepted in a court of law. )

Answer 36

Digital forensics

Question 37

Process of thoroughly and completely removing data from a storage medium so that file remnants cannot be recovered.

Answer 37

sanitization

Question 38

Using a vendor tool to delete the file system and/or partition table on storage media before recycling or repurposing. This method carries the greatest risk of leaving persistent data remnants.

Answer 38

standard formatting

Question 39

Using a vendor tool to fully erase storage media before recycling or repurposing, minimizing the risk of leaving persistent data remnants.

Answer 39

low level format tools

Question 39

SE

Answer 39

Secure Erase

Question 40

ISE

Answer 40

Instant Secure Erase

Question 41

Validation from an outsourcing provider of recycling/repurposing services that media has been destroyed or sanitized to the agreed standard.

(showing the make, model, and serial number of each drive they have handled plus date of destruction and how it was destroyed.)

Answer 41

certificate of destruction

Question 42

Why are the actions of a first responder critical in the context of a forensic investigation?

Answer 42

Digital evidence is difficult to capture in a form that demonstrates that it has not been tampered with. Documentation of the scene and proper procedures are crucial.

Question 43

An employee has a private license for a graphics editing application that was bundled with the purchase of a digital camera. The employee needs to use this temporarily for a project and installs it on her computer at work. Is this a valid use of the license?

Answer 43

No.
The license is likely to permit installation to only one computer at a time. It might or might not prohibit commercial use, but regardless of the license terms, any installation of software must be managed by the IT department.

Question 44

You are updating data handling guidance to help employees recognize different types of regulated data. What examples could you add to help identify healthcare data?

Answer 44

Personal healthcare data is medical records, insurance forms, hospital/laboratory test results, and so on. Healthcare information is also present in de-identified or anonymized data sets.

Question 45

Your organization is donating workstations to a local college. The workstations have a mix of HDD and SSD fixed disks. There is a proposal to use a Windows boot disk to delete the partition information for each disk. What factors must be considered before proceeding with this method?

Answer 45

Using standard formatting tools will leave data remnants that could be recovered in some circumstances. This might not be considered high risk, but it would be safer to use a vendor low-level format tool with support for Secure Erase or Crypto Erase.

Question 46

What does chain-of-custody documentation prove?

Answer 46

Who has had access to evidence collected from a crime scene and where and how it has been stored.

Question 47

Series of simple or complex commands, parameters, variables, and other components stored in a text file and processed by a shell interpreter

Answer 47

script

Question 48

Extension for a Linux shell script file format

Answer 48

.SH extension

Question 49

Identifier for a value that can change during program execution.

Answer 49

variable

Question 50

In scripting and programming, control statement that uses a condition to determine which code block to execute next

Answer 50

branch

Question 51

In scripting and programming, control statement that executes code repeatedly based on a condition

Answer 51

loop

Question 52

Programming object that can resolve the truth value of a condition, such as whether one variable is equal to another.

Answer 52

operators

Question 53

Command shell and scripting language built on the .NET Framework that use cmdlets for Windows automation

Answer 53

PowerShell (PS)

Question 54

Extension for the PowerShell script format

Answer 54

.PS1

Question 55

A command shell and scripting language built on the .NET Framework, which allows the administrator to automate and manage computing tasks

Answer 55

VBScript

Question 56

Extension for the Visual Basic Script file format

Answer 56

.VBS extension

Question 57

A shell script written for the basic Windows CMD interpreter

Answer 57

Batch file

Question 58

Extension for the batch file format that is used to execute a series of Windows CMD shell commands

Answer 58

.BAT extension

Question 59

Scripting language used to add interactivity to web pages and HTML-format email. A scripting language that is designed to implement interactive web-based content and web apps.

Answer 59

JavaScript

Question 60

High-level programming language that is widely used for automation.

a general-purpose scripting and programming language that can be used to develop both automation scripts and software apps.

Answer 60

Python

Question 61

Extension for a script written in the Python programming language.

Answer 61

.PY extension

Question 62

Methods exposed by a script or program that allow other scripts or programs to use it

Answer 62

application programming interface (API)

Question 63

You are developing a Bash script to test whether a given host is up. Users will run the script in the following format:

./ping.sh 192.168.1.1

Within the code, what identifier can you use to refer to the IP address passed to the script as an argument?

Answer 63

$1 will refer to the first positional argument.

Question 64

You are developing a Bash script to test whether a given host is up. Users will run the script in the following format:

./ping.sh 192.168.1.1

Within the code, what identifier can you use to refer to the IP address passed to the script as an argument?

Answer 64

$1 will refer to the first positional argument.

Question 65

You are auditing a file system for the presence of any unauthorized Windows shell script files. Which three extensions should you scan for?

Answer 65

• .PS1 for PowerShell scripts
• .VBS for VBScript
• .BAT for cmd batch files

Question 66

You are developing a script to ensure that the M: drive is mapped consistently to the same network folder on all client workstations. What type of construct might you use to ensure the script runs without errors?

Answer 66

Use a conditional block (If statement) to check for an existing mapping, and remove it before applying the correct mapping

Question 67

You are developing a script to scan server hosts to discover which ports are open and to identify which server software is operating the port. What considerations should you make before deploying this script?

Answer 67

While the risk is low, scanning activity could cause problems with the target and possibly even crash it. Test the script in a sandbox environment before deploying it. Security software might block the operation of this script, and there is some risk from the script or its output being misused. Make sure that use of the script and its output are subject to access controls and that any system reconfiguration is properly change-managed.

Question 68

You want to execute a block of statements based on the contents of an inventory list. What type of code construct is best suited to this task?

Answer 68

You can use any type of loop to iterate through the items in a list or collection, but a For loop is probably the simplest.

Question 69

An administrator wants to test their backups to ensure that in the event of a real emergency there will not be any unforeseen problems. Which of the following is NOT a common validation?

A.Restore data to a test directory.
B.Check job hashes.
C.Wipe all backups.
D.Run chkdsk.

Answer 69

C. Wipe all backups

Wiping all backups would not be a recommended strategy for testing backup integrity. Three recommended methods for backup testing are hashing, restoring data to validate directories, and using a virtual machine to restore backups without overwriting a primary system.

One technique is to try restoring some of the backed-up data into a test directory, making sure to not overwrite any data when doing so.

Most backup software can use hashing to verify that each job is a valid copy of the source data.

It is also important to verify media integrity regularly, such as by running chkdsk on hard drives used for backup.

Question 70

A server administrator is setting up a backup program for the servers to ensure recovery. Which of the following are the two main principles of backing up? (Select all that apply.)

A.Confidentiality
B.Integrity
C.Frequency
D.Retention

Answer 70

C. Frequency and D. Retention

Frequency is one of the two primary principles and is the period between backup jobs. The frequency configuration reflects how much lost work can be tolerated.

Retention is the other main principle and is the period that any given backup job is kept for. Short-term retention is important for version control and for recovering from malware infection.

Encryption encodes data using a key to give it the property of confidentiality. Confidentiality is not one of the two main principles of backing up.

Integrity means that the data is stored and transferred as intended and that any modification is authorized. This is a core concept of security.

Question 71

A security analyst working on a monitoring team wants to implement new monitoring mechanisms around Secure Shell (SSH) authentication. Which of the following should the analyst focus on?

A.Monitor netflows for port 443 traffic.
B.Monitor netflows for port 3389 traffic.
C.Monitor for compromised keys.
D.Monitor the screen sharing service.

Answer 71

C. Monitor for compromised keys

Monitoring for and removing compromised client public keys is a critical security task. Many recent attacks on web servers have exploited poor SSH key management.

SSH works over port 22. Quick Assist works over the encrypted HTTPS port TCP/443. The helper must be signed in with a Microsoft account to offer assistance.

To connect to a server via Remote Desktop normally, open the Remote Desktop Connection shortcut or run mstsc.exe. This works over port 3389 though.

In macOS, users can use the screen sharing feature for remote desktop functionality. Screen sharing is based on the Virtual Network Computing (VNC) protocol.

Question 72

A security architect sets up a policy for the secure destruction of optical media. Which of the following is NOT an effective method?

A.Degaussing
B.Shredding
C.Incinerating
D.Smashing

Answer 72

A. Degaussing

Degaussing is when a hard disk is exposed to a powerful electromagnet that disrupts the magnetic pattern that stores the data on the disk surface. Note that degaussing does not work with SSDs or optical media.

With shredding, the disk is ground into little pieces. A mechanical shredder works in much the same way as a paper shredder.

With incinerating, the disk is exposed to high heat to melt its components. This should be performed in a furnace designed for media sanitization. Municipal incinerators may leave remnants.

Smashing will work with optical media.

Question 73

A database administrator is scheduled for a meeting with the security team to discuss compliance with the PCI DSS standards. What type of information does it safeguard?

A.Lab results
B.PINs
C.SSNs
D.Cell numbers

Answer 73

B. PINs

The Payment Card Industry Data Security Standard (PCI DSS) governs the processing of credit card transactions. It sets out protections that must be provided for data like names, addresses, account numbers, card numbers and expiry dates, and PINs.

Healthcare data refers to medical and insurance records plus associated hospital and laboratory test results.

Personal government-issued information (PII) is issued to individuals by federal or state governments. Examples include a social security number (SSN), passport, driving license, and birth/marriage certificates.

Personally identifiable information (PII) is data that can be used to identify, contact, or locate an individual or, in the case of identity theft, to impersonate an individual. A cell phone number is a good example of PII.

Question 74

A user at a large organization notices that their computer is extremely sluggish. This happened shortly after the user clicked on a link in an email that seemed suspicious. After reporting to the Help Desk, which team will most likely handle the incident?

A.CSIRT
B.EULA
C.Forensics team
D.IT department

Answer 74

A. CSIRT

Larger organizations will provide a dedicated Computer Security Incident Response Team (CSIRT) as a single point of contact for security incidents. The Help Desk escalates significant incidents to the CSIRT.

When a user installs software, they must accept the license governing its use, often called the end-user license agreement (EULA).

It is unlikely that a computer forensic professional will be retained by an organization, so such investigations are normally handled by law enforcement agencies.

The IT department handles various technical issues, but specific security incidents are usually escalated to the CSIRT for specialized handling. In smaller organizations, the IT department and CSIRT roles may overlap, but the focus remains on incident response.

Question 75

A company’s threat intelligence team determines that one of a threat actor’s techniques is to perform a denial of service against the Remote Desktop Protocol (RDP) functionality in servers. What can the company enable to help prevent this?

A.NLA
B.RDPRA
C.Remote credential guard
D.VNC

Answer 75

A. NLA

Network Level Authentication (NLA) protects the Remote Desktop Protocol (RDP) server against denial of service attacks. Without NLA, the system configures a desktop before the user logs on.

If remote desktop is used to connect to a server that has been compromised by malware, the credentials of the user account used to make the connection become highly vulnerable. RDP restricted admin (RDPRA) mode is one means of mitigating this risk.

Remote credential guard is also a means of mitigating the risk with compromised credentials of compromised user accounts.

In macOS, users can use the screen sharing feature for remote desktop functionality. Screen sharing is based on the Virtual Network Computing (VNC) protocol.

Question 76

A server technician reviews backup solutions and comes across the 3-2-1 rule. Which of the following holds true regarding this rule?

A.Two copies of data
B.Three media types
C.One copy held on-premise
D.Three copies of data

Answer 76

D. Three copies of data

The 3-2-1 backup rule is a best-practice maxim that administrators can apply to their backup procedures to verify that they are implementing a solution that can mitigate the widest possible range of disaster scenarios. It states that there should be three copies of the data.

It states that the administrator should have three copies of the data (including the production copy), not that there should only be two copies.

It states that data should be across two media types, not on three different media types.

The one statement is that one copy should be held offline and off-site, not on-premise.

Question 77

A soldier at a government facility accidentally typed up a report on the wrong system and needs to ensure that the file is not recoverable. What should be done?

A.Delete the file.
B.Format the file system.
C.Delete the file and empty the garbage bin.
D.Perform a secure erase.

Answer 77

D. Perform a secure erase

Secure erase (SE) performs zero-filling on hard disk drives (HDDs) and marks all blocks as empty on solid state drives (SSDs).

Data “deleted” from a file on a disk is not erased. Rather, the HDD sector or SSD block is marked as available for writing.

Using the OS standard formatting tool to delete partitions and write a new file system will only remove references to files and mark all sectors as useable.

Emptying the garbage bin still does not truly erase the data from the disk. The information contained at that storage location will only be removed when new file data is written.

Question 78

A helpdesk operator formerly worked with Windows computers in the environment, but the company started rolling out test Mac computers. The operator needs to connect to a user’s Mac. What tool would the operator likely use?

A.VNC
B.RDP
C.mstsc
D.COBO

Answer 78

A. VNC

In macOS, users can use the Screen Sharing feature for remote desktop functionality. Screen Sharing is based on the Virtual Network Computing (VNC) protocol.

Windows uses the Remote Desktop Protocol (RDP) to implement terminal server and client functionality.

To connect to a server via Remote Desktop, open the Remote Desktop Connection shortcut or run mstsc.exe. Enter the server’s IP address or fully qualified domain name (FQDN).

Corporate-owned, business only (COBO) means that the device is the property of the company and may only be used for company business.

Question 79

A user experiences issues with their computer and has asked someone to remote desktop onto their computer to help resolve the issue. Unfortunately, the firewall only allows port 443 traffic. What should they use for assistance?

A.MSRA
B.mstsc
C.RDPRA
D.Quick Assist

Answer 79

D. Quick Assist

Quick Assist works over the encrypted HTTPS port TCP/443. The helper must be signed in with a Microsoft account to offer assistance.

Microsoft Remote Assistance (MSRA) assigns a port dynamically from the ephemeral range (49152 to 65535). This makes it difficult to configure a firewall securely to allow the connection.

To connect to a server via Remote Desktop normally, open the Remote Desktop Connection shortcut or run mstsc.exe. This works over port 3389 though.

If remote desktop is used to connect to a server that has been compromised by malware, the credentials of the user account used to make the connection become highly vulnerable. RDP Restricted Admin (RDPRA) mode is one means of mitigating this risk.

Question 80

A security engineer wants to learn how to code in Python but is running a Windows box. Which of the following is the easiest interpreter to set up for Windows?

A.Pypy
B.Wscript
C.Cscript
D.CPython

Answer 80

D. CPython

CPython is the simplest environment to set up for Windows. When using CPython in Windows, there is a console interpreter (python.exe) and a windowed interpreter (pythonw.exe).

Pypy is another interpreter that will work, but CPython is easier to set up. A Python project can either be run via an interpreter or compiled as a binary executable.

The Windows Script Host (wscript.exe and cscript.exe) supports JavaScript, but not Python. JavaScript is also supported on macOS for automation (along with AppleScript).

Cscript.exe does not support Python either. Python script files are identified by the .PY extension.

Question 81

A penetration tester wants to perform drive mapping on an engagement on a Windows-based OS but suspects that the security is monitoring PowerShell commands. What could the tester use to map a network drive while remaining unnoticed?

A.net use
B.New-PSDrive
C.mount
D.echo “New-PSDrive”

Answer 81

A. net use

In a Windows batch file, the net use command performs drive mapping. Network drive mapping is a Windows-only concept.

Mapping a drive can be done with PowerShell using the New-PSDrive cmdlet. This demonstrates the need for error handling. If users try to map a drive using a letter that has been assigned already, the script will return an error.

In Linux, a file system is made available by mounting it within the root file system, using the mount and umount commands.

Using the echo command simply outputs something specified to the terminal.

Question 82

until ping -c1 “$1” &>/dev/null

A user is reviewing a script and comes across the code in one of the lines as follows. What is the line doing?

A.Set a variable.
B.Set a loop.
C.Nothing is executing.
D.Prevent from writing to the terminal.

Answer 82

C. Nothing is executing

A comment line is indicated by a special delimiter. In Bash and several other languages, the comment delimiter is the hash or pound sign ( # ).

In Bash, the values $1, $2, and so on are used to refer to arguments by position (the order in which they are entered when executing the script).

A loop allows a statement block to be repeated based on some type of condition.

The &>/dev/null part stops the usual ping output from being written to the terminal by redirecting it to a null device.

Question 83

A Linux administrator is looking at the bash history and sees the command chmod u+x file.sh What was trying to be done with this command?

A.Execute a script.
B.Set permissions.
C.Designate which interpreter to use.
D.Create a script.

Answer 83

B. Set permissions

Permissions were being set on the script. Remember that in Linux, the script file must have the execute permission set to run.

A Linux shell script uses the .SH extension by convention. Each statement comprising the actions that the script will perform is then typically added on separate lines.

Every shell script starts with a shebang line that designates which interpreter to use, such as Bash or Ksh.

Users can develop a script in any basic text editor, but using an editor with script support is the most productive way.

Question 84

A server administrator downloads a particular software that helps them troubleshoot issues on devices. However, the software is free for personal use and not for commercial use. What did the administrator violate?

A.PCI DSS
B.DRM
C.EULA
D.Product key

Answer 84

C. EULA (End user license agreement

When the administrator installed software, they must accept the license governing its use, often called the end-user license agreement (EULA).

The Payment Card Industry Data Security Standard (PCI DSS) governs the processing of credit card transactions. It sets out protections that must be provided for data like names, addresses, account numbers, card numbers and expiry dates, and PINs.

Digital music and video are often subject to copy protection and digital rights management (DRM).

Software is often activated using a product key, which will be a long string of characters and numbers printed on the box or disk case.

Question 85

A manager for a server team is creating a backup strategy for full backups but with lower data transfer requirements. Which technique should the manager use?

A.Synthetic
B.Full only
C.Full with incremental
D.Full with differential

Answer 85

A. Synthetic

A synthetic backup is an option for creating full backups with lower data transfer requirements. A synthetic full backup is not generated directly from the original data but instead assembled from other backup jobs.

“Full only” means that the backup job produces a file that contains all the data from the source.

“Full with incremental” means that the chain starts with a full backup and then runs incremental jobs that select only new files and files modified since the previous job.

“Full with differential” means that the chain starts with a full backup and then runs differential jobs that select new files and files modified since the original full job.

Question 86

A user accidentally deleted the presentation they were working on for an important upcoming meeting. Where should the user go for help?

A.Backup and Restore Center
B.File History
C.MSRA
D.NLA

Answer 86

B. File History

In Windows, user data backup options are implemented via the File History feature, which is accessed through Settings > Update & Security > Backup.

The Backup and Restore Center control panel tool provides an alternative backup manager. It can also be used to make image backups of the entire operating system, rather than just data file backups.

Microsoft Remote Assistance (MSRA) assigns a port dynamically from the ephemeral range (49152 to 65535). This makes it difficult to configure a firewall securely to allow the connection.

Network Level Authentication (NLA) protects the Remote Desktop Protocol (RDP) server against denial of service attacks. Without NLA, the system configures a desktop before the user logs on.

Question 87

A network administrator wants to remotely deploy firmware updates to their managed devices. This type of update usually occurs overnight while devices are turned off. Which of the following tools should the administrator set up in order to facilitate these updates?

A.EDR
B.WOL
C.RMM
D.MDM

Answer 87

B. WOL

Remote network boot capability is often referred to as wake on LAN (WOL) and allows devices to be remotely powered on over a network. This would allow the administrator to ensure all devices can be powered on to then start the update process.

Endpoint detection and response (EDR) security scanning is associated more with security monitoring than the ability to push firmware.

Remote monitoring and management (RMM) tools are principally designed for use by managed service providers (MSPs). An MSP is an outsourcing company that specializes in handling all IT support for its clients.

Mobile-device management (MDM) suites are designed for deployment by a single organization and focus primarily on access control and authorization.

Question 88

A Windows administrator is combing through server logs and sees that a wscript.exe executed a script. What type of script is executed by default?

A..BAT
B..PS1
C..VBS
D..SH

Answer 88

C. .VBS

VBScript files are identified by the .VBS extension. VBScript is executed by the wscript.exe interpreter by default.

A shell script written for the basic Windows CMD interpreter is often described as a batch file. Batch files use the .BAT extension.

Microsoft provides the Windows PowerShell Integrated Scripting Environment (ISE) for rapid development. PowerShell script files are identified by the .PS1 extension.

A Linux shell script is a file that contains a list of commands to be read and executed by the shell. Every shell script starts with a line that designates the interpreter.

Question 89

Lesson 10 summary

Answer 89

You should be able to use remote access, backup/recovery, data destruction, and scripting tools and methods to provide operational support and explain the importance of prohibited content/activity and privacy, licensing, and policy concepts.

Guidelines for Using Support and Scripting Tools

Follow these guidelines to use support and scripting tools:

Use a desktop management or RMM suite or individual remote access tools (RDP/MSRA, VNC, SSH, VPN, screen-sharing software, video-conferencing software, and file transfer software) to implement secure remote-support procedures.
Configure and regularly test 3-2-1 rule backup and media rotation methods (full, incremental, differential, synthetic, GFS, and on site versus off site) to ensure secure recovery from disasters.
Create management and monitoring procedures to ensure appropriate use of personal/corporate and open-source EULAs and detect and remove invalid/expired software licenses.
Develop standard procedures to ensure compliance with regulatory security and privacy requirements:
Data handling for regulated data (credit card transactions, personal government-issued information, PII, and healthcare data).
Data retention requirements for regulated data.
Data remnant removal (erasing/wiping, low-level formatting, and standard formatting) or physical destruction (drilling, shredding, degaussing, and incinerating) directly or outsourced via a third-party vendor who can supply a certificate of destruction/recycling.
Develop security-incident-response procedures and resources to document incidents, inform management/law enforcement, and ensure data integrity and preservation via chain-of-custody recording.
Consider using common script types (.BAT, .PS1, .VBS, .SH, .JS, and .PY) to implement basic automation (restarting machines, remapping network drives, installation of applications, automated backups, gathering of information/data, and initiating updates), taking account of security considerations (unintentionally introducing malware, inadvertently changing system settings, and browser or system crashes due to mishandling of resources).
Additional practice questions for the topics covered in this lesson are available on the CompTIA Learning Center.