Operational Procedures Flashcards
(38 cards)
A technician needs to perform after-hours service starting at 10:00 p.m. The
technician is currently 20 minutes late. The customer will also be late. Which of the
following should the technician do considering proper communication techniques and professionalism?
A. Do not notify the customer if arriving before the customer.
B. Dismiss the customer and proceed with the after-hours work.
C. Contact the customer if the technician is arriving late.
D. Disclose the experience via social media
C. Contact the customer if the technician is arriving late.
Explanation:
Proper communication and professionalism require informing the customer about
any delays.
Breakdown of Each Choice:
* A. Do not notify the customer if arriving before the customer.
o Incorrect: Fails to communicate and can create confusion.
* B. Dismiss the customer and proceed with the after-hours work.
o Incorrect: Disregards the customer’s involvement and needs.
* C. Contact the customer if the technician is arriving late.
o Correct: Ensures clear communication and professionalism.
* D. Disclose the experience via social media.
o Incorrect: Unprofessional and violates privacy
An organization is creating guidelines for the incorporation of generative AI solutions. In which of the following would these guidelines be published?
A. Standard operating procedure
B. Acceptable use policy
C. Security protocols
D. Data flow diagram
B. Acceptable use policy
Explanation:
Guidelines for incorporating generative AI solutions would be published in the organization’s Acceptable Use Policy, which outlines acceptable and unacceptable
technology use.
Breakdown of Each Choice:
* A. Standard operating procedure:
o Incorrect: Typically outlines routine tasks, not AI guidelines.
* B. Acceptable use policy:
o Correct: Defines acceptable technology use, including guidelines for AI solutions.
* C. Security protocols:
o Incorrect: Focuses on security measures, not AI guidelines exclusively.
* D. Data flow diagram:
o Incorrect: Illustrates data flow, not AI guidelines specifically
A technician needs to back up a small business’s entire network that includes ten
workstations. Which of the following methods should the technician use to safely and securely back up the business’s network?
A. Cloud storage
B. RAID
C. Tape drive
D. Local backups
A. Cloud Storage
Explanation:
Cloud storage offers secure, off-site backup with accessibility from anywhere,
providing redundancy and scalability.
Breakdown of Each Choice:
* A. Cloud storage:
o Correct: Provides secure off-site backup with accessibility and
scalability.
* B. RAID:
o Incorrect: Provides disk redundancy but is not a backup solution on
its own.
* C. Tape drive:
o Incorrect: Less common and slower compared to cloud storage.
* D. Local backups:
o Incorrect: Lacks off-site protection offered by cloud storage.
A user reports being unable to access a sports team’s website on an office computer. The administrator tells the user this blocked access is intentional and based on company guidelines. Which of the following is the administrator referring to?
A. NDA
B. AUP
C. VPN
D. SOP
B. AUP
Explanation:
An Acceptable Use Policy (AUP) outlines the rules and guidelines for using the organization’s network and resources. It often includes restrictions on accessing certain types of websites, such as sports sites, to ensure appropriate use of company resources.
Breakdown of Each Choice:
* A. NDA (Non-Disclosure Agreement):
o Incorrect: An NDA is a legal contract to keep certain information
confidential, not related to website access policies.
* B. AUP (Acceptable Use Policy):
o Correct: Defines acceptable use of the organization’s resources,
including internet access restrictions.
* C. VPN (Virtual Private Network):
o Incorrect: A VPN provides secure remote access to a network but
does not set usage policies.
* D. SOP (Standard Operating Procedure):
o Incorrect: An SOP outlines standard procedures for tasks but does not typically address internet usage policies.
Which of the following items require special e-waste recycling? (Choose two.)
A. Solid-state drive
B. A/C adapter
C. Surge protector
D. Laptop battery
E. CRT monitor
F. Power supply
D. Laptop Battery
E. CRT Monitor
Laptop Battery:
* Why it requires special recycling:
Laptop batteries contain hazardous materials, including lithium-ion
cells.
These materials can be harmful to the environment if not disposed of properly.
CRT Monitor (Cathode Ray Tube):
* Why it requires special recycling:
CRT monitors contain leaded glass tubes.
Lead is toxic and poses environmental risks if not managed correctly.
Multiple users routinely record log-in information in readily accessible areas. Which of the following is the best way to mitigate this issue?
A. Trusted sources
B. Valid certificates
C. User training
D. Password manager
C. User Training
Explanation:
User training is the best way to address the issue of users recording log-in
information in easily accessible areas. Training can help users understand the
importance of password security and the risks associated with improper handling
of log-in information.
Breakdown of Each Choice:
* A. Trusted sources:
o Incorrect: Refers to ensuring software and data come from reliable
sources, not directly related to handling log-in information.
* B. Valid certificates:
o Incorrect: Relates to ensuring secure connections and data integrity,
not about user behavior with passwords.
* C. User training:
o Correct: Educates users on proper security practices, including the
risks of recording passwords in accessible areas.
D. Password manager:
o Incorrect: While useful for storing passwords securely, it does not
directly address the need to change user behavior through education.
A large company is changing its password length requirements. The Chief Information Officer is mandating that passwords now be at least 12 characters long, instead of 10. Which of the following should be used to adjust this setting?
A. Group Policy
B. User accounts
C. Access control lists
D. Authenticator applications
A. Group Policy
Explanation:
Group Policy is a feature in Windows that allows administrators to manage settings
and configurations for users and computers within an Active Directory
environment. Changing the password length requirement is a policy that can be
enforced using Group Policy.
Breakdown of Each Choice:
* A. Group Policy:
o Correct: Allows administrators to enforce password policies, including
length requirements, across all users in the organization.
* B. User accounts:
o Incorrect: This is where individual user settings are managed, but it
does not enforce password policies organization-wide.
* C. Access control lists:
o Incorrect: Used to define permissions for accessing resources, not for
setting password policies.
* D. Authenticator applications:
o Incorrect: These are used for multi-factor authentication, not for
setting password policies.
A developer reports that a workstation’s database file extensions have been changed from .db to .enc. The developer is also unable to open the database files manually. Which of the following is the best option for recovering the data?
A. Accessing a restore point.
B. Rebooting into safe mode
C. Utilizing the backups
D. Using an AV to scan the affected files
C.Utilizing the backups
Explanation:
The change of file extensions from .db to .enc suggests that the files may have been encrypted, possibly due to ransomware. The best way to recover the data in this scenario is to use backups that were made before the files were encrypted.
Breakdown of Each Choice:
* A. Accessing a restore point:
o Incorrect: Restore points might not recover the actual database files,
as they are more geared towards system settings and applications.
* B. Rebooting into safe mode:
o Incorrect: Safe mode helps in diagnosing and troubleshooting issues
but will not decrypt the files.
* C. Utilizing the backups:
o Correct: Restoring from backups made prior to the encryption is the
most reliable way to recover the original database files.
* D. Using an AV to scan the affected files:
o Incorrect: While an antivirus can remove the malware, it will not
decrypt or recover the already encrypted files.
A technician needs to configure security settings on a Windows 10 workstation.
Which of the following should the technician configure to limit password attempts?
A. Account Lockout Policy
B. User Access Control
C. System Protection
D. Firewall
A. Account Lockout Policy’
Explanation:
The Account Lockout Policy allows administrators to set limits on the number of incorrect password attempts a user can make before their account is locked out, effectively limiting password attempts.
Breakdown of Each Choice:
* A. Account Lockout Policy:
o Correct: Controls the number of failed login attempts before an account is locked out, limiting password attempts.
* B. User Access Control:
o Incorrect: User Access Control (UAC) is a security feature that controls
system prompts, not password attempts.
* C. System Protection:
o Incorrect: Manages system restore points, unrelated to limiting
password attempts.
* D. Firewall:
o Incorrect: Regulates network traffic, not related to limiting password
attempts.
An administrator needs to select a method to dispose of SSDs containing sensitive data. Which of the following are the most appropriate methods? (Choose two.)
A. Degauss
B. Delete
C. Incinerate
D. Recycle
E. Format
F. Shred
C. Incinerate
F. Shred
Physical destruction is the best way to ensure disposal given the information.
An IT services company that supports a large government contract replaced the
Ethernet cards on several hundred desktop machines to comply with regulatory requirements. Which of the following disposal methods for the noncompliant cards is the most environmentally friendly?
A. Incineration
B. Resale
C. Physical destruction
D. Dumpster for recycling plastics
B. Resale
Explanation:
* A. Incineration: Not environmentally friendly as it releases pollutants and
wastes resources.
* B. Resale: Environmentally friendly because it extends the lifecycle of the
cards by allowing others to use them, reducing waste.
* C. Physical destruction: Not environmentally friendly as it prevents reuse
and may result in hazardous waste.
* D. Dumpster for recycling plastics: While better than incineration or
landfill, it may not properly handle all components of the Ethernet cards,
especially electronic parts.
A technician is installing RAM in a new workstation and needs to protect against
electrostatic discharge. Which of the following will best resolve this concern?
A. Battery backup
B. Thermal paste
C. ESD strap
D. Consistent power
C. ESD strap
Explanation:
An ESD (electrostatic discharge) strap is specifically designed to prevent static
electricity from damaging sensitive computer components during installation.
Breakdown of Each Choice:
* A. Battery backup: Protects against power loss, not ESD.
* B. Thermal paste: Used for heat conduction between CPU and cooler, not
related to ESD protection.
* C. ESD strap: Prevents electrostatic discharge, protecting components during
installation.
* D. Consistent power: Ensures stable power supply, but does not address
ESD concerns.
In an organization with a standardized set of installed software, a developer submits a request to have new software installed. The company does not currently have a license for this software, but the developer already downloaded the installation file and is requesting that the technician install it. The developer states that the management team approved the business use of this software. Which of the following is the best action for the technician to take?
A. Contact the software vendor to obtain the license for the user, and assist the user with installation once the license is purchased.
B. Run a scan on the downloaded installation file to confirm that it is free of malicious software, install the software, and document the software installation process.
C. Indicate to the developer that formal approval is needed; then, the IT team should investigate the software and the impact it will have on the organization before installing the software.
D. Install the software and run a full system scan with antivirus software to confirm that the operating system is free of malicious software.
C. Indicate to the developer that formal approval is needed; then, the IT team should investigate the software and the impact it will have on the organization before installing the software.
Breakdown:
* A. Contact vendor for license and assist installation: Skips formal approval and evaluation.
* B. Scan file, install, and document: Ignores licensing and approval.
* C. Require formal approval and IT evaluation: Ensures proper checks are done.
* D. Install and run antivirus scan: Ignores approval and licensing checks.
A company wants to remove information from past users’ hard drives in order to reuse the hard drives. Which of the following is the MOST secure method?
A. Reinstalling Windows
B. Performing a quick format
C. Using disk-wiping software
D. Deleting all files from command-line interface
C. Using disk-wiping software
Disk-wiping software securely overwrites all data on the drive, often multiple times, making it irretrievable. This ensures compliance with data security standards for reusing hard drives.
Why Other Options Are Incorrect:
A. Reinstalling Windows:
Only removes the operating system and resets partitions but leaves underlying data intact and potentially recoverable.
B. Performing a quick format:
Resets the file system metadata, but the actual data remains on the drive and can be recovered using forensic tools.
D. Deleting all files from the command-line interface:
Removes file directory entries but does not erase the actual data, leaving it easily recoverable.
A change advisory board just approved a change request. Which of the following is the MOST likely next step in the change process?
A. End user acceptance
B. Perform risk analysis
C. Communicate to stakeholders
D. Sandbox testing
A. End user acceptance
Explanation:
After a change advisory board (CAB) approves a change request, the next step is often end user acceptance to ensure the change meets the needs and expectations of the users before full implementation. This step validates that the change aligns with the desired outcomes.
Why the Other Options Are Incorrect:
B. Perform risk analysis:
Risk analysis occurs earlier in the process, before CAB approval, to assess potential impacts and inform the decision.
C. Communicate to stakeholders:
While communication is important, it typically happens alongside or after end-user acceptance testing, not as the immediate next step.
D. Sandbox testing:
Sandbox testing is performed before CAB approval to validate the technical aspects of the change.
A company is issuing smartphone to employees and needs to ensure data is secure if the devices are lost or stolen. Which of the following provides the BEST solution?
A. Anti-malware
B. Remote wipe
C. Locator applications
D. Screen lock
B. Remote wipe
Explanation:
Remote wipe allows the company to remotely erase all data from the smartphone if it is lost or stolen, ensuring that sensitive information is not exposed. This is the most secure solution for protecting data in the event of a lost or stolen device.
Why the Other Options Are Incorrect:
A. Anti-malware:
While useful for protecting against malicious software, anti-malware does not address the issue of lost or stolen devices.
C. Locator applications:
Locator apps help track the device but do not secure the data in case the device is not recoverable or accessed by an unauthorized party.
D. Screen lock:
A screen lock provides some security but does not ensure data protection if the device is lost and someone manages to bypass the lock.
A manager reports that staff members often forget the passwords to their mobile devices and applications. Which of the following should the systems administrator do to reduce the number of help desk tickets submitted?
A. Enable multifactor authentication.
B. Increase the failed log-in threshold.
C. Remove complex password requirements.
D. Implement a single sign-on with biometrics.
D. Implement a single sign-on with biometrics
Explanation:
Single sign-on (SSO) with biometrics allows users to authenticate with a single method, like fingerprint or facial recognition, reducing the need to remember multiple passwords and lowering help desk tickets.
Why the Other Options Are Incorrect:
A. Enable multifactor authentication:
Increases security but doesn’t solve the password forgetting issue.
B. Increase the failed log-in threshold:
Doesn’t address forgotten passwords and weakens security.
C. Remove complex password requirements:
Easier to remember but lowers security.
A technician is familiar with most personnel at a customer’s location and has clearance to work unsupervised. Which of the following describes how the technician should handle personal communication while on site?
A. Respond to calls and text messages while on site but not when working directly with personnel.
B. Respond to calls and text messages only from family.
C. Respond to calls and text messages only when an emergency situation requires a response.
D. Respond to calls and text messages discreetly while on site.
C. Respond to calls and text messages only when an emergency situation requires a response.
Explanation:
The technician should prioritize professionalism and minimize distractions while on-site. Responding to calls or messages only in an emergency ensures that the technician stays focused on the task at hand and maintains a professional demeanor.
Why the Other Options Are Incorrect:
A. Respond to calls and text messages while on site but not when working directly with personnel:
This can lead to interruptions and a lack of professionalism, even when not directly interacting with personnel.
B. Respond to calls and text messages only from family:
Limiting communication to family is overly restrictive and may still create distractions.
D. Respond to calls and text messages discreetly while on site:
While discreet, responding to calls and texts during work hours can still disrupt focus and efficiency.
Which of the following helps ensure that a piece of evidence extracted from a PC is admissible in a court of law?
A. Data integrity form
B. Valid operating system license
C. Documentation of an incident
D. Chain of custody.
D. Chain of custody.
The chain of custody documents the handling, transfer, and storage of evidence to ensure it is authentic and has not been tampered with. This is critical for evidence to be admissible in court.
Why Others Are Incorrect:
A. Data integrity form: While data integrity is important, it’s not the formal process required for legal admissibility.
B. Valid operating system license: This is unrelated to evidence handling or admissibility.
C. Documentation of an incident: Helpful for record-keeping but does not ensure legal evidence handling like a chain of custody does.
During a network outage, a technician discovers a new network switch that was not listed in the support documentation. The switch was installed during a recent change window when a new office was added to the environment. Which of the following would most likely prevent this type of mismatch after next month’s change window?
A. Performing annual network topology reviews
B. Requiring all network changes include updating the network diagrams
C. Allowing network changes once per year
D. Routinely backing up switch configuration files
B. Requiring all network changes include updating the network diagrams.
Updating network diagrams during any network change ensures accurate documentation of all devices and their locations. This helps prevent mismatches or confusion during troubleshooting, such as discovering unlisted devices.
Why the other options are incorrect:
A. Performing annual network topology reviews: Annual reviews are too infrequent to address changes made monthly or more often.
C. Allowing network changes once per year: This is impractical for dynamic environments requiring frequent updates.
D. Routinely backing up switch configuration files: Backups protect configurations but do not address mismatched or missing documentation.
A technician receives a personal text message while troubleshooting a customer’s PC. The technician does not reply to the message and
continues troubleshooting. Which of the following best describes the technician’s actions?
A. Avoiding distractions
B. Presenting a professional appearance
C. Setting and meeting timelines
D. Projecting confidence
A. Avoiding distractions.
By ignoring the personal text message and staying focused on troubleshooting, the technician is avoiding distractions and maintaining attention on the task at hand, which is essential for providing quality service and resolving the issue efficiently.
Why the other options are incorrect:
B. Presenting a professional appearance: While maintaining focus is professional, “appearance” typically refers to physical presentation, such as attire or demeanor.
C. Setting and meeting timelines: This relates to managing schedules and deadlines, not ignoring distractions.
D. Projecting confidence: Confidence involves displaying assurance in one’s abilities, but this action demonstrates focus rather than confidence.
A systems administrator is creating a new document with a list of the websites that users are allowed to access. Which of the following types of
documents is the administrator most likely creating?
A. Access control list
B. Acceptable use policy
C. Incident report
D. Standard operating procedure
B. Acceptable Use Policy
Explanation:
An Acceptable Use Policy (AUP) outlines the rules and guidelines for using an organization’s resources, such as allowed websites. By listing permissible websites, the administrator is defining acceptable usage for users.
Why the other options are incorrect:
A. Access control list (ACL): An ACL is a technical configuration for controlling access to networks, files, or systems, not a document defining usage rules.
C. Incident report: This is used to document security or operational incidents, not usage guidelines.
D. Standard operating procedure (SOP): An SOP details step-by-step instructions for performing specific tasks, not rules for allowed website access.
A company’s assets are scanned annually. Which of the following will most likely help the company gain a holistic view of asset cost?
A. Creating a database
B. Assigning users to assets
C. Inventorying asset tags
D. Updating the procurement account owners
A. Creating a Database
Creating a database allows the company to centralize and organize all asset information, including purchase cost, maintenance expenses, depreciation, and other associated costs. This provides a holistic view of asset costs over time.
Why the other options are incorrect:
B. Assigning users to assets: Helps with accountability but does not provide cost-related insights.
C. Inventorying asset tags: Tracks physical assets but focuses on identification, not costs.
D. Updating the procurement account owners: Ensures proper oversight but does not offer a complete view of asset costs.
A company is recycling old hard drives and wants to quickly reprovision the drives for reuse. Which of the following data destruction methods should the company use?
A. Degaussing
B. Standard formatting
C. Low-level wiping
D. Deleting
B. Standard formatting
Standard formatting is a quick way to prepare a hard drive for reuse by erasing the file system, which makes the data appear gone. It is fast and efficient for reprovisioning drives when data security is not a major concern.
A. Degaussing: This destroys the magnetic data on the drive, making it unusable, so it’s not suitable for reuse.
C. Low-level wiping: This securely overwrites data multiple times, but it’s time-consuming and unnecessary for quick reprovisioning.
D. Deleting: Simply removing files does not actually erase the data; it can still be recovered easily.
