Practice Exams Flashcards
A system administrator is installing a new server into the metal racks in
a data center. During the installation process, the administrator can feel a
faint tingling sensation when mounting the server. Which of the following
safety systems should be tested and verified FIRST?
❍ A. Equipment grounding
❍ B. Lighted exit signs
❍ C. Cable management
❍ D. Waste disposal regulations
The Answer: A. Equipment grounding
Electrical safety is one of the highest priorities because of its association
with personal safety. Before a single computer can be turned on, the facility
has to be properly grounded and the power systems must be installed
properly.
The incorrect answers:
B. Lighted exit signs
Most building codes will require lighted exit signs, but it’s more important
to test the electrical system so that nobody is injured during equipment
installation.
C. Cable management
Proper cable management will help prevent any trip hazards. Before
addressing the cable management system, it will be more important to
resolve any electrical problems in the facility.
D. Waste disposal systems
The waste disposal system would not be a cause of the electrical issues
described this in question.
A user has opened a help desk ticket regarding the battery life on their
mobile phone. The battery in the phone held a charge for most of the day
prior to connecting to the corporate network. The battery now only lasts
about half a day and the back of the phone is warmer than usual.
The phone is configured as follows:
Storage: 116.2 GB of 256 GB used
Display and Brightness: Automatic
Wi-Fi: Enabled
Auto-lock: Disabled
VPN: Not connected
Low Power Mode: Disabled
Battery Maximum Capacity: 100%
Which of the following changes would have the BEST impact on
battery performance?
❍ A. Enable auto-lock
❍ B. Connect to the VPN
❍ C. Increase available storage space
❍ D. Disable Wi-Fi
The Answer: A. Enable auto-lock
The backlight of a mobile phone requires constant battery use, and the
phone in an active state will use more battery than one that is locked or in
a standby state.
The incorrect answers:
B. Connect to the VPN
Connecting to a VPN would most likely increase the amount of battery
used due to the encryption and decryption that would need to occur.
C. Increase available storage space
The battery life on a phone is not based on the amount of storage space in
use. Increasing storage space would not extend the life of the battery.
D. Disable Wi-Fi
Wi-Fi does not have a significant impact on battery performance when
compared to the screen backlight and active phone services.
A user in the accounting department has received this error message:
“The print spooler service is not running.” The user contacts the help desk
and opens a ticket for assistance. The help desk technician performs some
testing and identifies the issue. Which of these would be the best
NEXT step?
❍ A. Reinstall all printer drivers
❍ B. Restart the spooler service
❍ C. Reboot the computer
❍ D. Power cycle the printer
The Answer: B. Restart the spooler service
The spooler operates as a background service in Windows. Once the
problem is identified and corrected, the spooler service would need to be
restarted.
The incorrect answers:
A. Reinstall all printer drivers
The print spooler service is not dependent on the print drivers.
Reinstalling print drivers would not commonly resolve a problem with the
print spooler not running.
C. Reboot the computer
Although rebooting the computer may cause the services to restart, it’s an
unnecessary step that takes time away from problem resolution. It’s much
easier and faster to simply restart the service.
D. Power cycle the printer
If the print spooler service isn’t running, then the printer won’t receive a
print job. Power cycling the printer won’t cause the print spooler to restart.
A student would like to prevent the theft of their laptop while studying at
the library. Which of the following security methods would be the BEST
choice to protect this laptop?
❍ A. Biometrics
❍ B. Locking cabinet
❍ C. USB token
❍ D. Cable lock
The Answer: D. Cable lock
A cable lock is portable, it can be installed and uninstalled quickly, and it
can be wrapped around an existing table or chair to prevent a computer
from theft.
The incorrect answers:
A. Biometrics
Biometrics, such as fingerprints or face scanning, is useful for preventing
access through a door or to an operating system. However, biometrics
won’t stop someone from physically taking a laptop from a table.
B. Locking cabinet
A locking cabinet would certainly prevent a laptop from theft, but it’s not
a practical security device to carry to a library.
C. USB token
A USB token is often used to control the use of certain applications. A
USB token will not protect a laptop from being stolen.
Rodney, a desktop technician, is cleaning the outside of computers used
on a manufacturing assembly line. The assembly line creates sawdust
and wood chips, so most of the computers are protected with enclosed
computer cases. Which of the following would be the MOST important
item for Rodney to include during this cleaning process?
❍ A. Surge suppressors
❍ B. Temperature sensors
❍ C. Face masks
❍ D. ESD mats
The Answer: C. Face masks
A technician working in an area of dust or debris in the air should use a
face mask to prevent any particles in the air from entering their lungs.
The incorrect answers:
A. Surge suppressors
Surge suppressors would protect systems from power surges, but it
wouldn’t help with the cleaning process on an assembly line.
B. Temperature sensors
There’s no mention in this question of any temperature issues, so
monitoring the temperature during the cleaning process would not be the
most important item to include.
D. ESD mats
If the technicians were working inside of a computer, then an ESD mat
may be important to include. However, this question only mentioned
cleaning the outside of the computers.
George, a sales manager, has recently replaced a broken mobile phone
with a newer version. After receiving the new phone, he restored all of
his apps and data from a recent backup. However, when he attempts to
download any new email messages he receives a message, “Unable to
decrypt email.” Which of the following steps should a technician follow
to resolve this issue?
❍ A. Install the latest operating system patches
❍ B. Delete the email app and reinstall
❍ C. Restart the phone
❍ D. Install the user’s private keys
The Answer: D. Install the user’s private keys
A user’s private keys are used to decrypt any messages that have been
encrypted with the corresponding public keys. Installing these private keys
onto the mobile device will allow the user to view their encrypted email
messages.
The incorrect answers:
A. Install the latest operating system patches
Operating system updates would not provide any decryption functionality
for email messages.
B. Delete the email app and reinstall
Fortunately, simply deleting an email app and reinstalling will not provide
a method for reading encrypted messages. In this example, reinstalling the
app would not resolve the current issue.
C. Restart the phone
Restarting the phone can solve many issues, but it won’t get around email
decryption issues. The only way to decrypt these messages is to install the
proper decryption key on the phone.
The motherboard of a server in the corporate data center has started
smoking, and flames can be seen inside the computer case. Which of the
following would be the BEST way to extinguish this fire?
❍ A. An extinguisher with water
❍ B. A foam-based extinguisher
❍ C. Disconnect the power
❍ D. A carbon dioxide extinguisher
The Answer: D. A carbon dioxide extinguisher
For an electrical fire, it’s best to use carbon dioxide, FM-200, or other dry
chemicals to extinguish any flames.
The incorrect answers:
A. An extinguisher with water
Water and electricity don’t go well together, and that applies just as
strongly if a fire is involved.
B. A foam-based extinguisher
Foam-based extinguishers have a similar effect as a water extinguisher, and
you shouldn’t use them with electrical equipment.
C. Disconnect the power
Although it’s important to disconnect the power source, the more
important task will be to put out the fire. Removing the power source
would not extinguish an electrical fire once it has started.
Which of these Windows features provides full disk encryption for all data on a storage drive? ❍ A. Domain Services ❍ B. EFS ❍ C. BranchCache ❍ D. BitLocker
The Answer: D. BitLocker
BitLocker provides full disk encryption (FDE) for Windows operating
system volumes.
The incorrect answers:
A. Domain Services
Windows Domain Services are used as a centralized database for
management of large-scale Windows implementations. Domain Services
itself is not an encryption mechanism.
B. EFS
EFS (Encrypting File System) is a feature of the NTFS (NT File System)
that provides encryption at the file system level. Individual files and folders
can be encrypted in Windows using EFS.
C. BranchCache
BranchCache is a technology that can minimize the use of slower wide
area network links to remote sites. Files used often are kept onsite with
BranchCache rather than transmitted over the wide area network.
Which of the following governmental policies manages the use of personal data? ❍ A. PCI DSS ❍ B. EULA ❍ C. GDPR ❍ D. FOSS
The Answer: C. GDPR
GDPR (General Data Protection Regulation) is a European regulation
that provides data protection and privacy for individuals in the European
Union.
The incorrect answers:
A. PCI DSS
PCI DSS (Payment Card Industry Data Security Standard) is a set of
guidelines for protecting credit card data. PCI DSS are industry guidelines
and are not directly associated with governmental regulation.
B. EULA
EULA (End User Licensing Agreement) determines how software can be
used by the end user. This agreement is not a governmental policy.
D. FOSS
FOSS (Free and Open Source) software is freely available and commonly
includes the source code of the software. FOSS is not associated with a
governmental policy
A user in the accounting department has recently installed a new app on
their Android tablet. The app was not downloaded from the central app
store, but instead was downloaded directly from a website as an .apk file.
Which of the following would describe this installation process?
❍ A. Cloud service
❍ B. Sideloading
❍ C. Biometrics
❍ D. Encrypted
The Answer: B. Sideloading
Apps that are not downloaded from a central app store are called
sideloaded apps. A good security best-practice is to use trusted app stores
and to avoid sideloading any unknown or untrusted software.
The incorrect answers:
A. Cloud service
Cloud services would describe the use of an app or service that is located
on an external device. Locally downloaded apps would not be described as
a cloud service.
C. Biometrics
Biometrics describes measurements based on human characteristics, such
as a fingerprint or facial recognition.
D. Encrypted
Android .apk files are not necessarily encrypted by default, and sideloading
the file does not imply any level of cryptographic functionality
A help desk technician has been given a network diagram that shows
switch interfaces grouped by VLAN. Which of the following would
BEST describe this documentation?
❍ A. Logical diagram
❍ B. Knowledge base
❍ C. Inventory management
❍ D. Operational procedures
The Answer: A. Logical diagram
A network VLAN (Virtual LAN) diagram is a logical view of a network
configuration. A diagram that documented the individual switch interfaces
would be a physical diagram.
The incorrect answers:
B. Knowledge base
A knowledge base is a database of processes, procedures, and technical
troubleshooting steps. Network documentation is considered confidential
information and would not commonly be stored in a knowledge base.
C. Inventory management
An inventory management system would include computer serial numbers,
location information, asset tag numbers, and other physical inventory
details. VLAN information would not commonly be stored in an inventory
management database.
D. Operational procedures
It’s always important to have a list of operational procedures, but storing
VLAN information in a procedural document isn’t a best practice.
A system administrator is troubleshooting an older application on a
Windows 10 computer and needs to modify the UAC process. Which of
the following options would provide access to these settings?
❍ A. Device Manager
❍ B. System Information
❍ C. Event Viewer
❍ D. User Accounts
The Answer: D. User Accounts
UAC (User Account Control) settings are contained in the Control
Panel’s User Accounts applet.
The incorrect answers:
A. Device Manager
The Device Manager allows a user to enable, disable, and manage device
drivers, but it doesn’t provide any access to the UAC settings.
B. System Information
The System Information utility can provide information about a system’s
hardware, components, and software environment. UAC controls are not
located in the System Information utility.
C. Event Viewer
The Event Viewer provides a consolidated view of all system logs, but it
doesn’t provide any access to the User Account Control settings.
An office power system occasionally experiences minor voltage spikes
during the business day. Which of the following would be the BEST way
to address this power issue?
❍ A. Power down when not actively working
❍ B. Confirm that the building has an electrical ground
❍ C. Connect a surge suppressor to each system
❍ D. Maintain an inventory of replacement power supplies
The Answer: C. Connect a surge suppressor to each system
A surge suppressor can help even out voltage spikes in an electrical system.
It’s common to use a surge suppressor at each workstation to limit the
effect of these voltage spikes.
The incorrect answers:
A. Power down when not actively working
Although powering down a system would certainly protect it from voltage
issues, it would not be a very efficient way of working.
B. Confirm that the building has an electrical ground
A good ground is an important part of any building’s electrical system, but
the ground won’t help filter out the occasional voltage spike.
D. Maintain an inventory of replacement power supplies
If you don’t use surge suppressors and you have constant power spikes,
you might need replacement power supplies. However, it would be more
effective to use surge suppressors instead of replacing power supplies.
What is the maximum amount of RAM supported by a 32-bit version of an operating system? ❍ A. 4 GB ❍ B. 8 GB ❍ C. 16 GB ❍ D. 192 GB
The Answer: A. 4 GB
The limited address space of a 32-bit operating system can only support
4 GB of system memory.
The incorrect answers:
B. 8 GB
A 32-bit operating system hits a limit at 4 GB of addressable memory.
Although there are some techniques to work around this 4 GB limitation,
they’re not often implemented in practice.
C. 16 GB
4 GB is the limit for 32-bit operating systems.
D. 192 GB
192 GB would be well over the limit for 32-bit operating systems.
Daniel, a user, is attempting to start an application on his laptop
computer. Each time the application shows the starting graphic, it
suddenly disappears and the application icon disappears from the taskbar.
A technician would like to get more information about each previous
occurrence of the application crash. Which of these choices would
provide these details?
❍ A. Event Viewer
❍ B. Task Manager
❍ C. Startup Repair
❍ D. Safe Mode
The Answer: A. Event Viewer
Event Viewer contains a consolidated log of all system and application
logs. A technician can use Event Viewer to review all past events on the
system.
The incorrect answers:
B. Task Manager
Task Manager provides a real-time view of performance across many
different system metrics, but it doesn’t provide a way to review historical
performance or events.
C. Startup Repair
Startup Repair is a useful tool when a system is not able to boot. Startup
Repair does not resolve problems with applications that will not properly
start.
D. Safe Mode
Safe Mode useful for testing in a minimal operating system environment,
but it doesn’t provide any additional method of viewing application crash
event logs.
Which of the following would be unnecessary if a rainbow table is used? ❍ A. Spoofing ❍ B. Social engineering ❍ C. Brute force attack ❍ D. DDoS
The Answer: C. Brute force attack
A rainbow table is an optimized, pre-built set of hashes. Since the hashing
calculation has already been completed, it’s not necessary to brute force the
original password from the hash. It simply takes a quick search through
the rainbow table to quickly match a hash with a password.
The incorrect answers:
A. Spoofing
Spoofing is a technique where one device pretends to be another device. A
rainbow table would not be associated with an attacker that is spoofing.
B. Social engineering
Social engineering is an attack method that uses many different
psychological techniques to obtain access or information. A rainbow table
is not part of a social engineering attack.
D. DDoS
DDoS (Distributed Denial of Service) is an attack type that uses many
different and distributed systems to force a service to fail. A rainbow table
is not used with a DDoS attack.
A system administrator is upgrading an email service in the corporate
data center. During the upgrade, an error message appears and the
upgrade fails. Subsequent attempts to perform the upgrade also fail.
Which of the following processes should the system administrator follow
to return the email server to its previous state?
❍ A. Backout plan
❍ B. Disaster recovery plan
❍ C. Incident response plan
❍ D. Power plan
The Answer: A. Backout plan
Even with the best planning, there can always be unexpected events. Every
planned change needs to have a backout plan to return the environment to
its original state.
The incorrect answers:
B. Disaster recovery plan
A disaster recovery plan is written for major events that impact a large
portion of an organization. An email upgrade that goes badly does not
meet the scope of needing a disaster recovery plan.
C. Incident response plan
An incident response plan is commonly used to address a security event.
Issues discovered during the planned upgrade of an email server would not
be associated with an incident response plan.
D. Power plan
The Windows operating system allows users to modify the power use on
their systems using built in power plans. These environmental controls are
not associated with the change control process.
A user in the shipping department has opened a help desk ticket for
problems found when browsing to certain Internet sites. The user also has
slow access to other sites and difficulty sending and receiving emails from
the local email server. A technician performs some basic troubleshooting
and finds that CPU utilization is low, memory usage is minimal, and half
of network pings return a response. Which of the following would be the
best NEXT troubleshooting step?
❍ A. Remove all startup applications and reboot the computer
❍ B. Restart in Safe Mode and repeat the tests
❍ C. Check the statistics on the user’s switch port
❍ D. Scan with an anti-malware utility
The Answer: C. Check the statistics on the user’s switch port
The only significant issue that appeared during the diagnostics process
is that half of the ping tests were rejected. Checking the switch statistics
would likely provide some additional information about the issue.
The incorrect answers:
A. Remove all startup applications and reboot the computer
None of the CPU or memory checks appeared to show any issues with
application use or resource utilization. There would be no immediate need
to remove all startup applications or restart the system
B. Restart in Safe Mode and repeat the tests
The operating system does not appear to be restricting the access to other
websites, so restarting in Safe Mode would not be the most likely next step
in troubleshooting this issue.
D. Scan with an anti-malware utility
Although malware can certainly be a significant concern, there’s nothing
in the CPU or memory statistics that would show an immediate concern
of malware.
A system administrator has created a shared folder on a server to store
operating system images. Technicians will access the shared folder
to download the latest images when performing large-scale system
installations. Which of the following will be the MOST likely method of
accessing this data?
❍ A. Map the shared folder to an available drive letter
❍ B. Download the shared folder through a proxy
❍ C. Link the images to a cloud storage service
❍ D. Access the folder using a remote access client
The Answer: A. Map the shared folder to an available drive letter
The easiest and most efficient way for technicians to access the drive share
is to map a drive letter to the share and transfer the files directly.
The incorrect answers:
B. Download the shared folder through a proxy
There’s no mention of a proxy in the question, and adding a proxy to this
process would not provide any additional features or benefits.
C. Link the images to a cloud storage service
Operating system images are relatively large, and transferring them to an
external cloud-based service would add additional time and bandwidth to
resources that are already located on a local file server.
D. Access the folder using a remote access client
The installation of an operating system requires direct access to the
installation files, and a remote access client would not provide direct
access to the files.
A desktop administrator is installing a 64-bit version of Windows 10
Pro on a workstation, but the installation will not start. The workstation
configuration is:
1 GHz CPU
2 GB of RAM
15 GB of free storage space
1280 x 720 video resolution
Which of the following would allow this installation to proceed?
❍ A. Increase free storage space to 20 GB
❍ B. Decrease resolution to 800 x 600
❍ C. Upgrade to a faster processor
❍ D. Increase RAM to 4 GB
The Answer: A. Increase free storage space to 20 GB
Windows 10 x64 requires a minimum of 20 GB free storage space.
The incorrect answers:
B. Decrease resolution to 800 x 600
The only video requirement for the Windows 10 installation process is a
Microsoft DirectX 9 graphics device with a WDDM driver.
C. Upgrade to a faster processor
The minimum supported processor to install Windows 10 is
a 1 GHz CPU.
D. Increase RAM to 4 GB
The minimum RAM required to install Windows 10 x64 is 2 GB.
A security technician has identified malware that is running as part of the
OS kernel. Traditional anti-malware scans were not able to identify any
problems on the computer. Which of the following would be the BEST
description of this malware?
❍ A. Rootkit
❍ B. Worm
❍ C. Botnet
❍ D. Crypto-malware
The Answer: A. Rootkit
A rootkit is a type of malware that modifies core system files and can be
invisible to the operating system. In this example, malware that runs as
part of the kernel and can’t be seen by traditional anti-malware is a rootkit.
The incorrect answers:
B. Worm
A virus commonly needs a user to click on a file or to execute an
application. A worm is a type of virus that doesn’t need any human
intervention and can self-replicate between systems.
C. Botnet
A botnet (robot network) is a group of computers that are under the
control of a third-party. Botnets can be used to provide large-scale
distributed attacks.
D. Crypto-malware
Crypo-malware is a broad categorization of malware that involves
a cryptographic function. One common type of crypto-malware is
ransomware that encrypts your files and holds them for a cash ransom.
A help desk technician has been called to a training room that uses
Android tablets as presentation devices. An application used for
the training program will not start on any of the tablets. When the
application is selected, the splash screen appears for a moment and then
completely disappears with no error message. Which of the following
would be the best NEXT troubleshooting step?
❍ A. Install all operating system updates
❍ B. Uninstall the application
❍ C. Power cycle the tablets
❍ D. Roll back to the previous application version
The Answer: C. Power cycle the tablets
Before making any changes to the operating system or application
software, it would be useful to know if power cycling the tablets would
have an effect. If the symptom was to disappear after the restart, then no
immediate changes would be required.
The incorrect answers:
A. Install all operating system updates
Making a change to the system without understanding the issue would
be a blind guess. It would be a better practice to gather more information
about the problem before making changes.
B. Uninstall the application
Uninstalling the application would make it very difficult to troubleshoot
the application, and it’s not the best possible option before gathering more
information about the problem.
D. Roll back to the previous application version
A technician wouldn’t want to make significant changes to the application
or the operating system until they knew more about the problem and tried
to resolve the issue without installing or uninstalling any software.
A user on the headquarters network has opened a help desk ticket about
their Windows desktop. When starting their computer, the login process
proceeds normally but the Windows desktop takes fifteen minutes to
appear. Yesterday, the desktop would appear in just a few seconds. Which
of the following would be the MOST likely reason for this issue?
❍ A. Slow profile load
❍ B. Incorrect boot device order
❍ C. Faulty RAM
❍ D. Incorrect username and password
The Answer: A. Slow profile load
A roaming user profile is commonly used on enterprise Windows
networks to allow a user’s desktop to follow them to any computer. When
a user logs in, their profile is downloaded to the local computer. If there is
any network latency to the domain controller, the login process could be
significantly slower.
The incorrect answers:
B. Incorrect boot device order
A BIOS setting of an incorrect boot device order would cause the
computer to boot a completely different operating system or no operating
system at all. This would not be associated with a slow login process.
C. Faulty RAM
Faulty RAM would cause the system to fail or crash. Bad RAM would not
commonly cause a login process to perform slowly.
D. Incorrect username and password
Incorrect login credentials would present an error message instead of
slowing down the login process.
A system administrator has been asked to install a new application on a
server, but the application is 64-bit and the server operating system
is 32-bit. Which of the following describes the issue associated with
this installation?
❍ A. File permissions
❍ B. OS compatibility
❍ C. Installation method
❍ D. Available drive space
The Answer: B. OS compatibility
Although 32-bit applications will run on a 64-bit operating system, the
reverse is not true. A 64-bit application will require a 64-bit operating
system to work.
The incorrect answers:
A. File permissions
File permissions between a 32-bit operating system and a 64-bit operating
system are effectively identical.
C. Installation method
There isn’t any significant difference when installing an application on a
32-bit operating system or a 64-bit operating system.
D. Available drive space
Although there will be a slight difference in drive space requirements
between a 32-bit application and a 64-bit application, the differences
would not be enough to cause an issue with free drive space.
A security guard has reported that a person was seen passing through a
secure door without using a door badge. The intruder slipped through the
door by closely following the person in front of them. Which of these
would best describe these actions?
❍ A. Dumpster diving
❍ B. Brute force
❍ C. Phishing
❍ D. Tailgating
The Answer: D. Tailgating
Using someone else to gain access to a building or through a locked door
is tailgating.
The incorrect answers:
A. Dumpster diving
An attacker that digs through an outdoor trash bin is a dumpster diver.
Digging through the garbage does not allow access through a secure door.
B. Brute force
A brute force attack is a software attack that attempts many different
combinations until the original data is discovered. A brute force attack is
not a physical attack against locked doors or restricted areas.
C. Phishing
Phishing is a method of coercing private information from unsuspecting
individuals. This process commonly uses a combination of social
engineering and spoofing.
A Linux administrator needs to create a system image of a laptop used
by the help desk for network troubleshooting. Which of the following
utilities would provide this functionality?
❍ A. dd
❍ B. sudo
❍ C. ifconfig
❍ D. apt-get
The Answer: A. dd
The Linux dd command is used to copy and convert files. It’s commonly
used to backup and restore an entire Linux partition as a disk image.
The incorrect answers:
B. sudo
The sudo command allows a Linux user to execute a command as the
superuser or as any other user on the system. The sudo command on its
own does not provide any backup or imaging functionality.
C. ifconfig
The Linux ifconfig command is similar in function to the Windows
ipconfig command. The output of ifconfig will display network interface
and IP address configuration details.
D. apt-get
The Linux apt-get is an Advanced Packaging Tool command that handles
the management of application packages on the system.
An internal audit has found that a server in the DMZ has been
participating in DDoS attacks against external devices. What type of
malware would be MOST likely found on this server?
❍ A. Worm
❍ B. Rootkit
❍ C. Keylogger
❍ D. Spyware
❍ E. Botnet
The Answer: E. Botnet
A botnet (robot network) is a collection of systems that are under the
control of a third-party. It’s common for those controlling the botnet to
use them for DDoS (Distributed Denial-of-Service) or other large-scale
network tasks.
The incorrect answers:
A. Worm
A worm is a type of malware that can replicate between systems without
any human intervention. A worm would not commonly participate in a
DDoS attack
B. Rootkit
A rootkit is a type of malware that modifies core system files and is often
invisible to the operating system. A system participating in a DDoS would
not commonly be categorized as a rootkit.
C. Keylogger
A keylogger will store all of the input made from a keyboard and transmit
this information to a third-party. The attacker will commonly use these
logged keystrokes to gain unauthorized access to other sites.
D. Spyware
Spyware is a type of malware that monitors browsing locations, captures
keystrokes, and watches user activity.
A user has delivered a broken laptop to the help desk, and he’s visibly
upset and quite vocal about the problem he’s having. He’s also asking for
a very specific repair that doesn’t appear to have any relationship to his
issue. What’s the best way to handle this situation?
❍ A. Repeat your understanding of the issue to the customer and
provide an estimate and follow-up time
❍ B. Refuse the repair until the customer calms down
❍ C. Inform the customer of his mistake with the proposed repair
❍ D. Refuse to make any commitments until the computer is examined
The Answer: A. Repeat your understanding of the issue to the customer
and provide an estimate and follow-up time
The best response in a stressful situation is to listen, ask questions, and
refrain from arguing or acting defensive. In this situation, the technician
should gather as much information about the problem and keep all
responses focused on resolving the problem.
The incorrect answers:
B. Refuse the repair until the customer calms down
It’s always preferable to avoid any comments that would be associated with
emotion. Technical problems can be stressful enough on their own, and
adding additional stress is not going to help repair the system.
C. Inform the customer of his mistake with the proposed repair
This isn’t a game, and there are no winners or losers. The technician will be
left to resolve the issue, regardless of the root cause. It’s not necessary to
comment or speculate on any proposed repair process.
D. Refuse to make any commitments until the computer is examined
The technician is ultimately responsible for resolving the issue,
and it would help everyone involved to maintain a constant line of
communication.
Daniel, a user in the finance department, has purchased a new Android
smartphone and has installed a number of productivity apps. After a day
of use, Daniel finds that the battery is draining rapidly, even when the
phone is not being used. Which of the following tasks should Daniel
perform after completing a factory reset?
❍ A. Disable Bluetooth
❍ B. Check app sharing permissions
❍ C. Run a speed test on the cellular connection
❍ D. Scan each app before installation
The Answer: D. Scan each app before installation
An App scanner can provide information about the legitimacy and
functionality of an app before it is installed onto a mobile device. Before
an unknown app is installed, it’s always a best practice to gather as much
information as possible. In this example, it’s likely that one of the apps
installed onto the phone was using more resources and battery life than a
typical app.
The incorrect answers:
A. Disable Bluetooth
Given the limited information in the question, there’s no evidence that
Bluetooth was related to any of the battery issues on this smartphone.
B. Check app sharing permissions
Sharing permissions can limit an app’s access to personal data, but it
would not cause the battery to drain faster than normal.
C. Run a speed test on the cellular connection
The speed of a cellular network connection would not have a significant
impact on the battery life of a smartphone.
A network administrator has configured all of their wireless access points
with WPA2 security. Which of the following technologies would be
associated with this configuration?
❍ A. RC4
❍ B. TACACS
❍ C. TKIP
❍ D. AES
The Answer: D. AES
AES (Advanced Encryption Standard) is the encryption algorithm used in
WPA2 (Wi-Fi Protected Access version 2).
The incorrect answers:
A. RC4
The first version of WPA used RC4 (Rivest Cipher 4) to encryption
wireless traffic.
B. TACACS
TACACS (Terminal Access Controller Access-Control System) is an
authentication protocol used to control access to network resources.
TACACS is not part of the WPA2 protocol.
C. TKIP
TKIP (Temporal Key Integrity Protocol) is the underlying security
protocol used in the initial WPA encryption standard.
A user has reported that all Google search results in their Internet
browser are displaying a non-Google website. This redirection occurs each
time a Google search is attempted. Which of the following would be the
BEST way to prevent this issue in the future?
❍ A. Windows Firewall
❍ B. MAC filtering
❍ C. Port security
❍ D. Certificate-based authentication
❍ E. Anti-malware utility
The Answer: E. Anti-malware utility
A browser hijack is a very specific attack type that is commonly the result
of a malware infection.
The incorrect answers:
A. Windows firewall
The Windows firewall is useful for preventing inbound connections, but
most malware is installed by the user. This installation process circumvents
the firewall and it’s the reason we rely on both a firewall and anti-malware
software.
B. MAC filtering
MAC filtering is commonly used on a network device to limit which
devices can communicate on a network. MAC filtering would not be
related to a browser hijack.
C. Port security
Port security prevents unauthorized users from connecting to a switch
interface. Port security is not associated with a browser hijack.
D. Certificate-based authentication
Certificate-based authentication provides a method to verify a user during
the authentication process. This authentication mechanism is not related
to browser hijacking.
A user has installed multiple applications over the last week. During the
startup process, the computer now takes over fifteen minutes to display
the Windows desktop. Which of the following utilities would help the
system administrator troubleshoot this issue?
❍ A. defrag
❍ B. dism
❍ C. msconfig
❍ D. robocopy
The Answer: C. msconfig
The msconfig (System Configuration) command is useful for managing
the startup process of services. Prior to Windows 8.1, System
Configuration can also be used to manage applications during the startup
process.
The incorrect answers:
A. defrag
Although a fragmented drive can cause minor inefficiencies when
accessing data, it would not cause a system delay of over fifteen minutes
during the boot process.
B. dism
The dism (Deployment Image Servicing and Management) utility allows
the administrator to manage Windows Imaging Format (WIM) files. The
delays occurring on this system do not appear to be related to any issue
with a system image.
D. robocopy
Robocopy (Robust Copy) is an advanced copy utility that can be used to
transfer files between folders or systems. The robocopy utility would not
provide any significant troubleshooting assistance with this slowdown
issue.
A server administrator is replacing the memory in a database server.
Which of the following steps should be followed FIRST?
❍ A. Remove the existing memory modules
❍ B. Wear an air filter mask
❍ C. Disconnect all power sources
❍ D. Connect an ESD strap
The Answer: C. Disconnect all power sources
The first step when working inside of a computer or printer is to remove
all power sources.
The incorrect answers:
A. Remove the existing memory modules
Prior to removing the existing modules, the power source would need
to be disconnected and an ESD strap would need to be attached to the
computer case.
B. Wear an air filter mask
A filtered mask would not commonly be required for replacing memory
modules. If the environment is very dusty or dirty, then a filtered mask
may be necessary.
D. Connect an ESD strap
An ESD (Electrostatic Discharge) strap would allow the technician
to minimize the potential of an electrostatic discharge. However,
disconnecting the power source takes a higher priority
A technician is dismantling a test lab for a recently completed project,
and the lab manager would like to use the existing computers on a new
project. However, the security administrator would like to ensure that
none of the data from the previous project is accessible on the existing
hard drives. Which of the following would be the best way to
accomplish this?
❍ A. Quick format
❍ B. Deguass the drives
❍ C. Regular format
❍ D. Reinstall the operating system
The Answer: C. Regular format
A standard Windows format with the regular formatting option
overwrites each sector of the drive with zeros. After this format is
complete, the previous data on the drive is unrecoverable.
The incorrect answers:
A. Quick format
A standard Windows format with the quick format option clears the
master file table, but it doesn’t overwrite any data on the drive. With the
right software, the previous data could be recovered.
B. Degauss the drives
Degaussing the drives would remove the magnetic fields necessary for
the drives to work properly. Although this would make the previous data
unrecoverable, it would also cause the hard drives to be unusable.
D. Reinstall the operating system
Reinstalling the operating system may not overwrite any of the previous
user data on the drive. Recovery software would be able to identify and
“undelete” the previous drive data.
A system administrator needs to view a set of application log files
contained in a folder named “logs.” Which of the following commands
should be used to make this the current active directory?
❍ A. cd logs
❍ B. mv logs
❍ C. dir logs
❍ D. md logs
The Answer: A. cd logs
The “cd” command is short for change working directory, and it can be
used in Windows or Linux to move around the file system.
The incorrect answers:
B. mv logs
The mv command is commonly used in Linux to “move” a file from one
place to another, or to rename an existing file from one name to another.
C. dir logs
The dir (directory) command will list files and directories in a folder. If the
command specifies additional text, then the results will be filtered for that
specific text.
D. md logs
The Windows md command is an abbreviation of the mkdir (make
directory) command. The md command will create a folder in the file
system.
Which of the following technologies would be the best choice to boot
computers in a training room over the network?
❍ A. MBR
❍ B. NTFS
❍ C. Dual boot
❍ D. PXE
The Answer: D. PXE
PXE or “Pixie” (Preboot eXecution Environment) is a method of booting
a computer from a device over the network instead of from operating
system files on a local storage device. This method is especially useful when
managing large groups of devices, such as a training room.
The incorrect answers:
A. MBR
MBR (Master Boot Record) describes the information contained on the
first sector of a drive. MBR is not used to boot devices across the network.
B. NTFS
NTFS (NT File System) is a file system designed for Windows
computers. Although a system may store files using NTFS, the file system
does not include any features that would allow it to be booted over the
network.
C. Dual boot
A dual boot system contains a storage device with multiple operating
systems, and each operating system can be individually selected and
booted when starting the computer.
Which of these OS installation types uses an XML file that answers all of
the questions normally provided during the installation?
❍ A. Unattended
❍ B. Image
❍ C. PXE
❍ D. Clean
The Answer: A. Unattended
An unattended Windows installation requires the administrator to answer
the normal installation questions in a single XML file. This allows the
installation process to continue from the beginning to end without any
user intervention.
The incorrect answers:
B. Image
A system image is a complete backup of a volume or drive. The process for
installing a system image is to copy the entire contents of the image to the
drive of the computer. The normal operating system setup is not used, so
an XML file would not answer installation questions.
C. PXE
PXE, or “Pixie,” (Preboot eXecution Environment) is a method of booting
a computer across the network. Booting with PXE does not answer files
during an operating system installation.
D. Clean
A clean install is used to completely replace an existing operating system
with a fresh version. Although this can be used with an unattended
answer file, a clean installation by itself does not include an XML file with
answers to installation questions.
A user has noticed that their system has been running very slowly over
the last few days. They have also noticed files stored on their computer
randomly disappear after the files are saved. The user has rebooted
the computer, but the same problems continue to occur. Which of the
following should the user perform to resolve these issues?
❍ A. Boot to Safe Mode
❍ B. Release and renew the network connection
❍ C. Install anti-malware software
❍ D. Upgrade the system RAM
The Answer: C. Install anti-malware software
A system that’s running slowly and has files that randomly disappear
are clear indications of malware. The best step to follow would be the
installation of anti-malware software to identify and hopefully remove any
existing malware from the system.
The incorrect answers:
A. Boot to Safe Mode
Booting to Safe Mode might be a troubleshooting step during the
malware removal phase, but it won’t commonly stop malware from
exhibiting the symptoms identified in the question.
B. Release and renew the network connection
Releasing and renewing the network connection will cause the DHCP
(Dynamic Host Configuration Protocol) assignment process to complete,
but that won’t resolve any issues with slowdowns and files disappearing.
D. Upgrade the system RAM
Upgrading the RAM might address slowdown issues, but it wouldn’t
resolve any problems related to files randomly disappearing from the
storage drive.
A user in the sales department has opened a help desk ticket to report
a dim display on their tablet. When they use the tablet in the office, the
screen brightness is normal. In meetings with customers, the display
appears much dimmer. Which of these would be the MOST likely reason
for this difference?
❍ A. The tablet display is faulty
❍ B. The tablet is brighter when connected to power
❍ C. The tablet backlight is on a timer
❍ D. Indoor LED lighting is causing the display to dim
The Answer: B. The tablet is brighter when connected to power
The power profiles on the tablet are most likely configured to provide a
brighter backlight when connected to a power source. Since the backlight
uses relatively large amounts of the battery, it’s often configured to be
dimmer when not connected to a power source.
The incorrect answers:
A. The tablet display is faulty
The display is working properly when connected to power, so the issue
would most likely not be related to faulty display hardware.
C. The tablet backlight is on a timer
The tablet backlight appears to be changing based on the availability of a
power source rather than a timer or time of day.
D. Indoor LED lighting is causing the display to dim
Although many tablets can change their brightness based on ambient
light, the LED lighting would not cause a tablet display to dim more than
other lighting types.
The hard drive in a macOS desktop has failed and none of the data on the
drive was recoverable. A new storage drive has now been installed. Which
of the following should be used to restore the data on the computer?
❍ A. Backup and Restore
❍ B. Boot Camp
❍ C. Time Machine
❍ D. Disk Utility
The Answer: C. Time Machine
The build-in backup and restore utility in macOS is appropriately called
Time Machine.
The incorrect answers:
A. Backup and Restore
The Windows operating system includes its own backup and restore utility
literally called “Backup and Restore.”
B. Boot Camp
Boot Camp is the utility that allows the macOS operating system to dualboot to a Windows operating system.
D. Disk Utility
Disk Utility is a macOS tool that allows the user to view, modify, and
manage storage drives.
A user purchased a copy of home tax software and has installed it on their
company computer. This morning, the user logs in and finds that the tax
software has been automatically removed from the system. Which of the
following would be the MOST likely reason for this result?
❍ A. The company per-seat licenses are all in use
❍ B. The software uses a FOSS license
❍ C. The user has installed a personal license
❍ D. The software is subject to the GDPR
The Answer: C. The user has installed a personal license
Personally licensed software can be difficult to audit on computers that are
owned by a company, and many organizations will not allow software to
be installed on company-owned systems if the company has not purchased
the license.
The incorrect answers:
A. The company per-seat licenses are all in use
This home tax software is not owned by the company, so the company
would not have per-seat licenses to distribute.
B. The software uses a FOSS license
A FOSS (Free and Open Source) license would not cause any licensing
issues, and many companies will install FOSS software on their systems.
D. The software is subject to the GDPR
The GDPR (General Data Protection Regulation) are rules in the
European Union that are specific to a user’s control of their personal data.
The GDPR regulations would not be the most likely reason for removing
this software.
A system administrator is upgrading four workstations from Windows
8.1 to Windows 10. All of the user files and applications are stored on
the server, and no documents or settings need to be retained between
versions. Which of these installation methods would be the BEST way to
provide this upgrade?
❍ A. Factory reset
❍ B. Repair installation
❍ C. Clean install
❍ D. Multiboot
The Answer: C. Clean install
A clean install of Windows 10 will completely delete the previous
operating system and install a new installation of the Windows 10
operating system. The previous Windows 8.1 operating system will no
longer be available on the computer.
The incorrect answers:
A. Factory reset
A factory reset will restore the computer to the configuration from the
original purchase. In this example, the factory reset will refresh the existing
Windows 8.1 installation (or a previous version), instead of installing
Windows 10.
B. Repair installation
A repair installation installs the current version of the operating system
over itself in an effort to repair files that may have been deleted or
damaged. This repair installation will not upgrade an operating system to a
newer version.
D. Multiboot
A multiboot system will have multiple operating systems installed, and
the user can choose the operating system during the boot process. In this
scenario, the user would like to upgrade to Windows 10 and there is no
requirement to maintain a Windows 8.1 installation.
A computer on a manufacturing floor has been identified as a malwareinfected system. Which of the following should be the best NEXT step
to resolve this issue?
❍ A. Disconnect the network cable
❍ B. Perform a malware scan
❍ C. Disable System Restore
❍ D. Download the latest anti-malware signatures
The Answer: A. Disconnect the network cable
After identifying a system that may be infected with malware, it’s
important to quarantine that system and restrict any access to the local
network or devices. Disconnecting the network cable would be an
important step during the quarantine process.
The incorrect answers:
B. Perform a malware scan
Although a malware scan should eventually be performed, it’s more
important to limit the scope of the malware by quarantining the system.
C. Disable System Restore
The System Restore feature makes it easy to restore from a previous
configuration, but it also makes it easy for malware to reinfect a system.
Although it’s important to disable System Restore to remove the restore
points, it’s more important to quarantine the system to prevent the spread
of any malware.
D. Download the latest anti-malware signatures
Before scanning for malware, it’s important to use the latest signatures.
However, it’s more important that the computer is quarantined to prevent
the spread of any potential malware.
A technician has been called to resolve an issue with a networked laser
printer that is not printing. When the technician arrives on-site, they find
the printer will require a hardware replacement. All hardware is managed
by a third-party and will take a week before the printer is operational
again. Which of the following would be the technician’s best NEXT step?
❍ A. Work on the next ticket in the queue
❍ B. Add a follow-up event for one week later
❍ C. Inform the user of the repair status
❍ D. Order a printer maintenance kit
The Answer: C. Inform the user of the repair status
One of the most important skills for any technician is communication.
Information about the delays should be shared with the customer, and the
customer can then decide how they might want to proceed.
The incorrect answers:
A. Work on the next ticket in the queue
Before moving on, it’s important to inform everyone involved of the
current status and recommend any workarounds while waiting on the
replacement hardware.
B. Add a follow-up event for one week later
It’s certainly important to follow-up on this hardware replacement, but it’s
more important that the customer is informed of the plans going forward.
D. Order a printer maintenance kit
There’s no mention in this question that the printer needs maintenance,
although it would certainly be a good time to perform one if needed.
However, it’s more important to keep the customer informed of the status
of their printer repair.
An administrator is upgrading a Windows 8.1 Enterprise x64 computer
to Windows 10. The user would like to maintain all applications and files
during the upgrade process. Which of the following upgrade options
would meet this requirement?
❍ A. Windows 10 Enterprise x86
❍ B. Windows 10 Pro x64
❍ C. Windows 10 Enterprise x64
❍ D. Windows 10 Pro x86
The Answer: C. Windows 10 Enterprise x64
A Windows upgrade that maintains applications and settings requires
the destination version to be the same Windows edition or higher. Since
the original Windows 8.1 is the Enterprise edition, the Windows 10
edition should also be the Enterprise version. It’s also not possible to
upgrade from a 32-bit version to 64-bit (or vice versa), so the Windows 10
operating system needs to be the x64 version.
The incorrect answers:
A. Windows 10 Enterprise x86
A 64-bit operating system cannot upgrade to a 32-bit version (or vice
versa).
B. Windows 10 Pro x64
Since the starting Windows 8.1 edition is the Enterprise version, the final
operating system must also be the same or higher. Windows 10 Pro is not
the same or higher edition as Windows 8.1 Enterprise edition.
D. Windows 10 Pro x86
As with option B, the Pro edition of Windows 10 is not the same or
higher edition as Windows 8.1 Enterprise.
A user in the marketing department is using an application that randomly
shuts down during normal use. When the problem occurs, the application
suddenly disappears and no error messages are shown on the screen.
Which of the following would provide the system administrator with
additional information regarding this issue?
❍ A. System Configuration
❍ B. Event Viewer
❍ C. Device Manager
❍ D. Local Security Policy
❍ E. SFC
The Answer: B. Event Viewer
The Windows Event Viewer can provide extensive logs and information
about the system and the applications running in Windows.
The incorrect answers:
A. System Configuration
The System Configuration utility can provide an easy interface to modify
boot settings and services, but it won’t provide any additional details about
this application problem.
C. Device Manager
The Device Manager is used to control and manage hardware and device
drivers. Device Manager doesn’t contain any detailed information about
problematic applications.
D. Local Security Policy
The Windows Local Security Policy can be used to configure password
settings and login requirements, but it doesn’t provide any detailed
application troubleshooting information.
E. SFC
SFC (System File Checker) is used to verify that the core operating
system files are valid. Application information isn’t part of the SFC utility.
A workstation on a manufacturing floor is taking much longer than
normal to boot. Which of the following would be the BEST way to
troubleshoot this issue?
❍ A. Replace the CPU
❍ B. Disable the startup applications
❍ C. Upgrade the RAM
❍ D. Install the latest OS patches
The Answer: B. Disable the startup applications
Delays during the boot process can be caused by many issues, but a device
that was previously working properly most likely has been changed. A
single application install can create issues, so disabling startup applications
would be an easy way to remove those from the troubleshooting process.
The incorrect answers:
A. Replace the CPU
If the CPU was faulty, the computer would most likely not be operational.
C. Upgrade the RAM
Upgrading RAM can often resolve application performance issues, but this
computer was previously working with the existing amount of memory.
D. Install the latest OS patches
It’s possible that problems might occur after an OS patch update, but it
would not be most likely that these issues would occur prior to patching.
Without knowing more about the issue, it would not be a best practice to
make such a significant change to the system.
A Windows 10 user is installing a new application that also installs a
service. Which of the following permissions will be required for
this installation?
❍ A. Guest
❍ B. Power User
❍ C. Administrator
❍ D. Standard user
The Answer: C. Administrator
The Administrator account is the superuser of a Windows device. If
an installation needs to modify system files or install a service, then
Administrator access will be required.
The incorrect answers:
A. Guest
The Guest account has very limited access to the system. A guest account
cannot install applications or make any changes to the system, and the
Guest account is usually disabled by default.
B. Power User
The legacy “Power User” permissions were removed from Windows 7 and
later versions, so the Power User would have similar rights as a standard
user.
D. Standard user
The standard user permissions would allow the installation of simple
applications, but any changes to the operating system or services would
require Administrator access.
A user working from home is not able to print to a laser printer at the
corporate office. Which of the following would be the MOST likely
reason for this issue?
❍ A. DLP policy
❍ B. Outdated anti-virus signatures
❍ C. Disconnected VPN
❍ D. MDM configuration
The Answer: C. Disconnected VPN
Remote users will commonly connect to the corporate office over a VPN
(Virtual Private Network). This VPN is an encrypted tunnel that ensures
that all traffic between the locations is protected from anyone monitoring
the connection. If the VPN link is not active, then the remote user will be
unable to use any resources at the corporate office.
The incorrect answers:
A. DLP policy
DLP (Data Loss Prevention) policies are designed to monitor network
communication and prevent the transmission or storage of sensitive
information such as credit card numbers or social security numbers. A
DLP policy would not commonly be part of a printing problem.
B. Outdated anti-virus signatures
Anti-virus signatures would not commonly restrict the printing process,
and the age of the signatures would only affect the ability of the anti-virus
software to block known viruses.
D. MDM configuration
An MDM (Mobile Device Manager) is used to manage mobile tablets
and phones. MDM configurations would not commonly have an impact
on home users connecting to a corporate printer.
An employee has modified the NTFS permissions on a local file share
to provide read access to Everyone. However, users connecting from a
different computer do not have access to the file. Which of the following
is the reason for this issue?
❍ A. The NTFS permissions were not synchronized
❍ B. Share permissions restrict access from remote devices
❍ C. The user is an Administrator
❍ D. Remote users are connecting with Guest accounts
The Answer: B. Share permissions restrict access from remote devices
NTFS (NT File System) permissions are used to control access from
both local users and users over the network. For users connected over
the network, the Windows share permissions are also used to determine
access. If access is available locally but not across the network, then it’s
likely that the share permissions have additional access restrictions.
The incorrect answers:
A. The NTFS permissions were not synchronized
NTFS does not require any permissions to be synchronized or copied
between systems.
C. The user is an Administrator
A Windows Administrator would not commonly be restricted from
accessing local files, but this issue is not related to the local NTFS
permissions. Since the access problems are for users across the network,
the share permissions would most likely be the issue.
D. Remote users are connecting with Guest accounts
All remote access is managed through Windows share permissions. These
share permissions, combined with the NTFS permissions, determine the
rights that remote users will have to the resources.
A healthcare company has replaced some of their desktop computers
with laptops and will be disposing of the older computers. The security
administrator would like to guarantee that none of the existing data
on the hard drives could be recovered once the systems are sent to the
recycling center. Which of the following methods would meet
this requirement?
❍ A. Quick format
❍ B. Reinstall the OS
❍ C. Remove all user folders
❍ D. Shred the drives
The Answer: D. Shred the drives
Of the available choices, the only option that would guarantee all data
would be unrecoverable would be to physically destroy the drives in a
shredder.
The incorrect answers:
A. Quick format
A quick format simply clears the index and does not overwrite any of the
data on the drive. Recovery software would be able to restore data from a
quick formatted drive.
B. Reinstall the OS
Reinstalling the operating system does not necessarily overwrite all data
on the hard drive. Any data not overwritten could potentially be restored
with recovery software.
C. Remove all user folders
Removing user folders with the normal Windows delete does not
overwrite the section of the drive that contained the data. User folder data
could possibly be restored with the use of recovery software.
A technician has been assigned a support ticket that urgently requests a
laptop repair, but there are already many open support tickets ahead of
this request. The technician doesn’t recognize the name associated with
the ticket. Which of these choices would be the best path to take?
❍ A. Place the ticket into the queue as first-come, first-served
❍ B. Prioritize the support tickets by device type
❍ C. Triage the queue and prioritize the tickets in order of repair complexity
❍ D. Contact the end-user and determine the urgency of the repair
The Answer: D. Contact the end-user and determine the urgency of the repair
A support ticket marked as “urgent” should be evaluated to determine the
timeframe for resolving the issue and the complexity of the task. If the end
user feels that the issue is time-sensitive, then it’s important to contact
them and see what options might be available to get them up and running
as quickly as possible.
The incorrect answers:
A. Place the ticket into the queue as first-come, first-served
Not all support tickets have the same priority, and it’s the responsibility of
the technician to properly triage the cases to handle the most critical first.
It will usually involve some communication with the client to determine
the scope of the issue.
B. Prioritize the support tickets by device type
The urgency of a technical issue isn’t determined by the type of the device.
Instead, the priority of issues should be based on the needs of the end user
and the importance of their task.
C. Triage the queue and prioritize the tickets in order of repair complexity
The complexity of a repair doesn’t consider the importance of the repair
to the organization’s goals and objectives. An executive going into an
important presentation may have a simple problem, but their issue has
greater importance to the organization.
A technician has been assigned a support ticket that urgently requests a
laptop repair, but there are already many open support tickets ahead of
this request. The technician doesn’t recognize the name associated with
the ticket. Which of these choices would be the best path to take?
❍ A. Place the ticket into the queue as first-come, first-served
❍ B. Prioritize the support tickets by device type
❍ C. Triage the queue and prioritize the tickets in order of repair complexity
❍ D. Contact the end-user and determine the urgency of the repair
The Answer: D. Contact the end-user and determine the urgency of the repair
A support ticket marked as “urgent” should be evaluated to determine the
timeframe for resolving the issue and the complexity of the task. If the end
user feels that the issue is time-sensitive, then it’s important to contact
them and see what options might be available to get them up and running
as quickly as possible.
The incorrect answers:
A. Place the ticket into the queue as first-come, first-served
Not all support tickets have the same priority, and it’s the responsibility of
the technician to properly triage the cases to handle the most critical first.
It will usually involve some communication with the client to determine
the scope of the issue.
B. Prioritize the support tickets by device type
The urgency of a technical issue isn’t determined by the type of the device.
Instead, the priority of issues should be based on the needs of the end user
and the importance of their task.
C. Triage the queue and prioritize the tickets in order of repair complexity
The complexity of a repair doesn’t consider the importance of the repair
to the organization’s goals and objectives. An executive going into an
important presentation may have a simple problem, but their issue has
greater importance to the organization.
A user has received a pop up message on their computer that states
applications on their computer are infected with a virus. A technician has
determined that the pop up message is a hoax that needs to be removed
from the computer. The technician has disabled System Restore to remove
all previous restore points. Which of the following tasks would be the best
NEXT step?
❍ A. Update the anti-virus signatures
❍ B. Educate the end-user
❍ C. Schedule anti-virus scans for midnight each day
❍ D. Boot the system with a pre-installation environment
The Answer: A. Update the anti-virus signatures
After disabling system restore, the next step in virus removal is to
remediate the system. To remove the malware, it’s important the
technician is using the latest set of signatures.
The incorrect answers:
B. Educate the end-user
This is one of the most important tasks for malware removal, but it’s
usually reserved for the final step when there’s no longer any urgency to
remove the malware.
C. Schedule anti-virus scans for midnight each day
Once the virus is removed, the system should be configured for ondemand scanning and additional scans each day. However, this would not
immediately follow the disabling of System Restore.
D. Boot the system with a pre-installation environment
A pre-installation environment may be required for more difficult
virus removal tasks, but this would only occur after the latest anti-virus
signatures were downloaded and installed.
A network administrator needs to manage a switch and firewall at a
remote location. Which of the following would be the BEST choice for
this requirement?
❍ A. RDP
❍ B. Telnet
❍ C. SSH
❍ D. VNC
The Answer: C. SSH
SSH (Secure Shell) provides encrypted console communication, and it’s
commonly used to manage devices across the network. If an
administrator is managing a server, switch, router, or firewall, they’re
probably using SSH.
The incorrect answers:
A. RDP
Microsoft RDP (Remote Desktop Protocol) is commonly used to share
the desktop of a Windows computer. Most switches and firewalls are
not Windows devices, so RDP would not be the best choice for this
connection.
B. Telnet
Telnet (Telecommunication Network) is very similar to SSH, but Telnet
does not use encrypted communication. Because Telnet traffic is sent in
the clear, it’s not a good choice for most networks. Don’t use Telnet!
D. VNC
VNC (Virtual Network Computing) is a screen sharing technology that
is common to many non-Windows operating systems. If a technician is
sharing the screen of a macOS or Linux desktop, they may be using VNC.
A user has placed a smartphone on their desk, and they occasionally hear
the sound of a camera shutter when the phone is not being used. Which
of the following should a technician follow to BEST resolve this issue?
❍ A. Put the phone into airplane mode
❍ B. Connect to the corporate network using a VPN connection
❍ C. Run an anti-malware scan on the smartphone
❍ D. Remove any paired Bluetooth devices
The Answer: C. Run an anti-malware scan on the smartphone
Pictures taken when the phone is not in use would be considered an
unauthorized use of the camera. This suspicious activity should be
researched further and an anti-malware scan should be used to start
testing for any security issues.
The incorrect answers:
A. Put the phone into airplane mode
Disconnecting all network connections may be part of the troubleshooting
process, but simply using airplane mode would not resolve the issue of
unauthorized camera use.
B. Connect to the corporate network using a VPN connection
Any connection to the corporate office from a remote location should use
a VPN (Virtual Private Network) connection, but using this encrypted
tunnel would not resolve a smartphone with unauthorized camera use.
D. Remove any paired Bluetooth devices
Although some Bluetooth devices can be used to take remove pictures, in
this situation the camera was active when the phone was not in use. This
almost certainly indicates malware or some other unauthorized process is
running on the smartphone.
Sam, a user on the research and development team, reports that her
computer displays the message “Missing operating system” during boot.
A technician runs hardware diagnostics and finds that the RAM, CPU,
storage drive, and power supply all pass the tests. The technician then
finds that a connected USB flash drive was causing the issue. Which of
the following would prevent this issue from occurring in the future?
❍ A. Update the BCD
❍ B. Install the latest OS patches
❍ C. Run SFC
❍ D. Modify the BIOS boot order
The Answer: D. Modify the BIOS boot order
If the BIOS is configured to boot from a USB interface prior to the
internal storage drive, then any bootable flash drive would be used as a
boot device. In this case, modifying the BIOS boot order would cause the
system to boot from an internal drive first before attempting to boot from
another device.
The incorrect answers:
A. Update the BCD
The BCD (Boot Configuration Data) is used by Windows to determine
the location of a valid Windows operating system. Updating the BCD
would not stop a flash drive from booting prior to the internal storage
drive.
B. Install the latest OS patches
Patching the operating system would not prevent the USB interface from
booting before the internal storage drive.
C. Run SFC
System File Checker is a Windows utility that will verify the integrity of
the core operating system files. Running the SFC utility will not prevent
the system from attempting to boot from a USB-connected drive.
Jack, a user, has opened a help desk ticket relating to email messages he’s
receiving. The messages appear to be replies to a message that Jack did
not send. Most of the messages contain information about third-party
product promotions and sales information. Which of the following is the
MOST likely cause of these messages?
❍ A. Man-in-the-middle
❍ B. Corrupted email database
❍ C. Adware
❍ D. Hijacked email
The Answer: D. Hijacked email
Of the available options, the most likely reason for these unusual email
replies is a hijacked email account. An attacker that gains access to an
email account can send spam, read messages, and effectively control
all emails associated with the account. Common responses to an email
hijacking are to change the passwords associated with the account and
scan for malware.
The incorrect answers:
A. Man-in-the-middle
A man-in-the-middle attack would include a third-party that was
intercepting and potentially modifying network data. In this situation,
there’s no evidence that a third-party is intercepting any network
communication.
B. Corrupted email database
A corrupted email database would cause the user’s emails to be unreadable
or would cause messages to be missing. Most email platforms will
recognize a corrupted database and would not allow the user to access
their mailbox.
C. Adware
Adware would show advertising and sales messages to the infected user
and would not commonly send email messages to other users.
In which of the following file types would a system administrator expect to see the command, “cd c:\source”? ❍ A. .sh ❍ B. .vbs ❍ C. .py ❍ D. .bat
The Answer: D. .bat
The .bat file extension refers to the Windows batch files. The “cd”
command can refer to many different operating systems, but the reference
to the drive letter “c:” is common to the Windows operating system.
The incorrect answers:
A. .sh
The .sh extension is a shell script. Scripts that run in Linux, Unix, or
macOS often use the .sh extension to designate a file as a shell script.
B. .vbs
Microsoft Visual Basic Scripting Edition scripts are commonly called
VBScript and use the extension .vbs. A VBScript would not use the cd
command and drive letters.
C. .py
Python scripts often use the .py extension. Python has its own method of
managing files and would not use the Windows “cd” command.
A malware infection has recently been removed from a computer. When
starting the operating system, Windows shows errors during the startup
process indicating some core operating system files are missing. Which of
the following should be used to restore these missing files?
❍ A. gpupdate
❍ B. dism
❍ C. sfc
❍ D. diskpart
The Answer: C. sfc
The sfc (System File Checker) command is used to scan and replace
any core operating system files that may be corrupted or missing. It’s
common to run the sfc utility after removing malware or after a significant
operating system issue.
The incorrect answers:
A. gpupdate
The gpupdate (Group Policy Update) command is used to force a Group
Policy update to computers in a Windows Active Directory domain. The
gpupdate command would not restore any missing operating system files.
B. dism
The dism (Deployment Image Servicing and Management) tool is used to
make changes to Windows Imaging Format (WIM) files. This question
did not specify that the computer was using a WIM file, so the dism utility
would not be the best choice to restore any missing files.
D. diskpart
An administrator can manage disk configurations and partitions with the
Windows diskpart utility. The diskpart utility is not used to restore or
modify files within the Windows operating system.
A desktop administrator has determined that an employee in the
corporate office has been using their computer to share copyrighted
materials to others on the Internet. Which of the following should be the
best NEXT step?
❍ A. Create a firewall rule to block Internet access to this computer
❍ B. Create a hash for each file that was shared
❍ C. Compile a list of licenses for each set of copyrighted materials
❍ D. Retrieve and securely store the computer
The Answer: D. Retrieve and securely store the computer
When a security incident has occurred, it’s important to securely collect
and store any evidence. The computer that was used to share copyrighted
materials should be collected and stored until the proper authorities can
take control of this evidence.
The incorrect answers:
A. Create a firewall rule to block Internet access to this computer
Creating a firewall rule would stop anyone from accessing the computer,
but it wouldn’t stop the user from modifying or deleting files and evidence
from the PC.
B. Create a hash for each file that was shared
Although creating hashes of the files may be part of the evidence
gathering process, the immediate need is to impound and protect the data
on the system used in this event.
C. Compile a list of licenses for each set of copyrighted materials
The determination of copyright is part of the process that will occur later.
The more important task will be to collect the evidence and protect its
integrity.
A system administrator would like to require a specific password
complexity for all Active Directory users. Which of the following would
be the BEST way to complete this requirement?
❍ A. Login script
❍ B. Folder redirection
❍ C. Port security
❍ D. Group Policy
The Answer: D. Group Policy
Group Policy is the centralized management feature of Active Directory,
and allows an administrator to define specific desktop and security policies,
including the minimum complexity of passwords.
The incorrect answers:
A. Login script
A login script is executed after a user has completed the initial login
process. The password complexity policy would need to be active prior to
the authentication process.
B. Folder redirection
Folder redirection allows a Windows administrator to redirect user storage
from a local folder to a server share. This allows for the centralized storage
of files and the ability to access the files from anywhere on the network.
The folder redirection would not change password complexity policies.
C. Port security
Port security is used to prevent unauthorized users from connecting to a
switch interface. Port security does not define any parameters for password
complexity.
A system administrator is creating a series of shared folders that should
not be visible when users browse the network for available shared
resources. What symbol should be added to the end of a share name to
provide this functionality?
❍ A. . (period)
❍ B. $ (dollar sign)
❍ C. ! (exclamation mark / bang)
❍ D. # (hash sign / number sign)
The Answer: B. $ (dollar sign)
Windows shares ending with a dollar sign ($) are hidden and won’t be
shown in the normal list of available shares. The hidden share can still be
accessed if the user knows the name of the share, so this should not be
considered a security feature.
The incorrect answers:
A. . (period)
Ending the Windows share with a period is not supported.
C. ! (exclamation mark / bang)
Using the exclamation mark in a share name is not supported.
D. # (hash sign / number sign)
The hash sign is not allowed in a share name.
Jack, a user, is having problems with the 802.11 wireless connection on
his iOS phone. Although there are names appearing in the network list,
his phone does not show any connectivity to a wireless network. Jack has
confirmed that airplane mode is not enabled, Bluetooth is on, and VPN is
not enabled. Which of the following is the MOST likely reason for this
lack of wireless connectivity?
❍ A. The phone does not include a data plan
❍ B. The wireless network is not active
❍ C. The Bluetooth connection is conflicting with the Wi-Fi
❍ D. The Wi-Fi password is incorrect
❍ E. The wireless radio is disabled
The Answer: D. The Wi-Fi password is incorrect
Since wireless network names are visible and Jack is not connected to one
of the available networks, it’s most likely that the authentication process
has failed.
The incorrect answers:
A. The phone does not include a data plan
The status of a cellular data plan does not have any effect on the
connectivity to Wi-Fi networks.
B. The wireless network is not active
Wireless network names are appearing in the network list, so the wireless
network is clearly active with multiple networks.
C. The Bluetooth connection is conflicting with the Wi-Fi
Bluetooth frequencies are commonly active on unused portions of the 2.4
GHz spectrum. Bluetooth will not conflict with Wi-Fi communication.
E. The wireless radio is disabled
Since network names appear in the phone’s list of available Wi-Fi
networks, we can assume that the wireless radio is active.
A desktop administrator is upgrading the video adapter in a CAD/CAM
workstation. Which of the following should the administrator use during
this process?
❍ A. Tone generator
❍ B. Anti-static strap
❍ C. Safety goggles
❍ D. Toner vacuum
The Answer: B. Anti-static strap
Electrostatic discharge (ESD) is always a concern when working with the
components inside of a computer. To minimize the potential for static
discharge, it’s always a good idea to use a static strap and other anti-static
mats and bags.
The incorrect answers:
A. Tone generator
A tone generator is used to locate the two ends of a copper cable. A tone
generator would not be used during a video adapter upgrade.
C. Safety goggles
Safety goggles may be necessary when toner or excessive dust particles
are in the air, but it’s not common to need safety goggles when replacing
adapter cards.
D. Toner vacuum
A toner vacuum would only be necessary if there was a toner spill that
needed to be cleaned. A toner vacuum would not be used during an
adapter card upgrade.
A help desk director would like to identify and track computer systems
that have been returned for service or moved from one location to
another. Which of the following would be the BEST solution for these
requirements?
❍ A. Cable labels
❍ B. Asset tags
❍ C. Topology diagrams
❍ D. Login names
The Answer: B. Asset tags
It’s common for equipment to move between users, buildings, or
departments. To keep track of this equipment, it’s common to attach an
internal asset tag to clearly show the equipment is owned by the company
and to track the equipment using the internal reference number.
The incorrect answers:
A. Cable labels
A cable label is commonly used to mark the two ends of a cable. This
allows the user to confirm the correct connectors without using a
tone generator or cable tester. Cable labels would not be used to track
equipment.
C. Topology diagrams
One common use of a topology diagram is for the network team to
document the traffic flow through the organization’s switches, routers, and
other infrastructure equipment. A topology diagram would not be used to
track other company assets.
D. Login names
Login names are not associated with any particular piece of hardware. It
would not be useful to track laptops, desktops, and other equipment using
login names.
A technician is troubleshooting a computer infected with a virus. The user
thought they were opening a spreadsheet, but the file was actually a virus
executable. Which of the following Windows options were MOST likely
associated with this issue?
❍ A. Always show icons, never thumbnails
❍ B. Display the full path in the title bar
❍ C. Always show menus
❍ D. Hide extensions for known file types
The Answer: D. Hide extensions for known file types
With extensions hidden, it’s difficult to know the type of file just based
on the filename. A filename named “Monthly Orders” might be a
spreadsheet, or it could be an executable containing a virus.
The incorrect answers:
A. Always show icons, never thumbnails
Showing icons instead of thumbnails can still be a way to hide
information. For example, it’s relatively easy to create an executable that
uses the same icon as a spreadsheet.
B. Display the full path in the title bar
The full path in the title bar shows where the file is located on the volume,
but it doesn’t provide any information about the contents of the file.
C. Always show menus
The Windows menus are useful, but the menus themselves don’t provide
any additional information about the contents of a particular file.
A financial management company would like to ensure that mobile
users are configured with the highest level of wireless encryption while
working in the office. They would also like to include an additional user
verification step during the login process. Which of the following would
provide this functionality? (Choose TWO)
❍ A. RADIUS
❍ B. WPS
❍ C. Multi-factor authentication
❍ D. TKIP
❍ E. TACACS
❍ F. RC4
❍ G. WPA2
The Answer: C. Multi-factor authentication, and G. WPA2
Multi-factor authentication requires the user to login using two different
methods, such as a password and a generated token. WPA2 ( Wi-Fi
Protected Access version 2) enables strong encryption for all wireless
communication.
The incorrect answers:
A. RADIUS
RADIUS (Remote Authentication Dial-in User Service) is an
authentication technology, but RADIUS itself does not provide an
additional user verification.
B. WPS
WPS (Wi-Fi Protected Setup) is a wireless authentication method that
is designed to make it easier for devices to connect to a wireless network.
WPS itself does not include any additional user verification or encryption
methods.
D. TKIP
TKIP (Temporal Key Integrity Protocol) was used with the initial version
of WPA to ensure data integrity and to prevent data tampering.
E. TACACS
TACACS (Terminal Access Controller Access-Control System) is an
authentication protocol. TACACS itself does not provide any additional
user verification or network encryption technologies.
F. RC4
RC4 (Rivest Cipher 4) was used with the first version of WPA to provide
data encryption. RC4 does not provide any additional user verification,
and vulnerabilities with RC4 have caused it be replaced with AES
(Advanced Encryption Standard) in WPA2.
A network consulting firm is creating a proposal to upgrade the Internet
firewalls for a large corporation. The proposal includes a description of
the project and the network topology changes that would be required
to support the upgrade. The proposal also describes the risks involved in
the process of making this upgrade. Which of the following should be
covered NEXT in the proposal?
❍ A. End-user approvals
❍ B. Backout plan
❍ C. Change control application
❍ D. Detailed upgrade plan
The Answer: D. Detailed upgrade plan
Before working through the remaining change control steps, it’s important
to have a detailed explanation of the steps that will be required to
complete the change. This detailed plan will provide decision-making
information to the change control board and provide the information
needed to create a backout plan.
The incorrect answers:
A. End-user approvals
Without a detailed plan, it’s difficult to determine who the end users are.
Since the end-user approvals are required to continue with the change
control process, the detailed plan will need to be created first.
B. Backout plan
A backout plan can’t be created until you know the specific changes that
are planned.
C. Change control application
The change control committee will need specific details about the
proposed changes so they can understand the scope of what they are
approving
An organization has been tasked with increasing the minimum password
length. A systems administrator has created a policy to require all
passwords to be at least ten characters long for all users. When testing
this policy in the lab, a laptop computer allowed the creation of eightcharacter passwords. Which of the following commands should be used
to apply this new policy on the laptop?
❍ A. net use
❍ B. gpupdate
❍ C. sfc
❍ D. tasklist
The Answer: B. gpupdate
The gpupdate (Group Policy Update) command forces centralized updates
to be activated on target devices. In this example, the policy was created
but the laptop computer had not yet received the new configuration.
The incorrect answers:
A. net use
The net use command assigns Windows shares to local drive letters. The
net use command will not process Group Policy changes or modify the
password policies on a computer.
C. sfc
The sfc (System File Checker) utility will scan protected system files to
make sure that the core operating system has integrity. The sfc utility will
not have any impact on the use of passwords.
D. tasklist
The Windows tasklist command displays a list of currently running
processes on a local or remote machine. Running tasklist will not change
any policies related to password complexity.
A technician has been tasked with removing malware on a training room
laptop. After updating the anti-virus software and removing the malware,
the technician creates a backup of the system. After the training class
ends, the technician is notified that the malware has returned.
Which of the following steps was missed and caused the system to be
infected again?
❍ A. Boot to a pre-installation environment
❍ B. Identify malware symptoms
❍ C. Disable System Restore before removal
❍ D. Update to the latest BIOS version
The Answer: C. Disable System Restore before removal
Malware does not like to be removed from a system, so it does everything
it can to stick around. When the malware infects the running operating
system, it also infects all of the previous restore points as well. If the
restore points aren’t removed with the malware, then going back in time to
a previous restore point will reinfect the system.
The incorrect answers:
A. Boot to a pre-installation environment
A pre-installation environment is often required during the remediation
phase to assist with the malware removal. The use of a pre-installation
environment does not commonly have any effect on future reinfections.
B. Identify malware symptoms
Since malware was previously removed from this system, we can assume
that the malware was originally identified.
D. Update to the latest BIOS version
Updating the BIOS isn’t commonly considered part of the malware
removal process, and using an older BIOS version doesn’t generally cause a
device to be more susceptible to malware infections.
A data center manager requires each server to maintain at least fifteen
minutes of uptime during a power failure. Which of these would be the
BEST choice for this requirement?
❍ A. Cloud-based storage
❍ B. UPS
❍ C. Redundant power supplies
❍ D. Surge suppressor
The Answer: B. UPS
A UPS (Uninterruptible Power Supply) provides short-term backup
power if a power outage or low-voltage situation was to occur.
The incorrect answers:
A. Cloud-based storage
The use of cloud-based storage does not provide any server uptime if a
power outage occurs.
C. Redundant power supplies
Some servers might use redundant power supplies to maintain uptime if
one of the power supplies was to fail. If there’s a power outage, then none
of the power supplies will be working properly.
D. Surge suppressor
A surge suppressor will protect a computer from spikes and noise, but it
won’t provide any uptime if the primary power source was to fail.
A financial corporation is deploying tablets to their salespeople in the
field. The company would like to ensure that the data on the tablets
would remain private if the devices were ever stolen or lost. Which of the
following would be the BEST way to meet this requirement?
❍ A. Use full device encryption
❍ B. Require multi-factor authentication
❍ C. Install a locator application
❍ D. Use a firewall app
The Answer: A. Use full device encryption
Full device encryption ensures that all of the information on the tablet
cannot be viewed by anyone outside of the company. If the tablet were lost
or stolen, all of the data on the device would remain private.
The incorrect answers:
B. Require multi-factor authentication
Multi-factor authentication adds additional login requirements, but that
doesn’t necessarily protect the data already stored on the tablet. If someone
was to bypass the multi-factor authentication process, the data would still
be at risk.
C. Install a locator application
A locator application would allow system administrators to view the
location of the tablet, but it wouldn’t provide any additional security for
the data on the device.
D. Use a firewall app
A firewall app would keep unauthorized users from accessing the tablet
over the network, but it would not provide any protection for the data that
is already stored on the tablet.
A system administrator is adding an additional drive to a server and
extending the size of an existing volume. Which of the following utilities
would provide a graphical summary of the existing storage configuration?
❍ A. Disk Management
❍ B. Performance Monitor
❍ C. Event Viewer
❍ D. Task Scheduler
❍ E. Device Manager
The Answer: A. Disk Management
The Disk Management utility provides a graphical overview of the current
disk configuration, status, free space, and other important metrics.
The incorrect answers:
B. Performance Monitor
The Performance Monitor provides a historical summary of system
performance and resource utilization.
C. Event Viewer
The Event Viewer maintains all of the application and system logs for
Windows devices.
D. Task Scheduler
The Windows Task Scheduler can automate scripts and applications to
run at predetermined times.
E. Device Manager
The Windows Device Manager is the management interface to the
device drivers and other hardware components. The storage drives are not
managed through the Device Manager
While using a laptop during presentations, a company vice president has
found that her system randomly locks up. While the problem is occurring,
the screen continues to display the last presentation slide but none of the
mouse or keyboard buttons will work. To regain control, the vice president
must power down and reboot her computer. Which of the following
would be the BEST option for troubleshooting this issue?
❍ A. Examine the Task Manager
❍ B. Install an anti-malware utility
❍ C. Run the presentation software in Safe Mode
❍ D. Check the Event Viewer
The Answer: D. Check the Event Viewer
Random lock-ups are always a mystery. The Windows Event viewer can
provide important information about events that may have occurred just
prior to the issue and afterwards.
The incorrect answers:
A. Examine the Task Manager
The Windows Task Manager will display a list of the currently running
processes, but it won’t provide any troubleshooting information about
application crashes or problems.
B. Install an anti-malware utility
Although the issue could be related to almost anything, it’s a bit too early
in the troubleshooting process to start making changes and installing
additional software.
C. Run the presentation software in Safe Mode
Without knowing more about the issue, running the system in Safe Mode
would not guarantee any particular benefit.
A system administrator has booted a computer using PXE. Which of the
following would be the MOST likely reason for this task?
❍ A. Monthly OS patch install
❍ B. OS installation from a network drive
❍ C. Boot to Safe Mode
❍ D. Control the computer remotely
The Answer: B. OS installation from a network drive
PXE (Preboot eXecution Environment), or “Pixie,” is a method of booting
a computer from an image file located on a network server. One common
use of PXE boots are to install an operating system across many systems at
the same time.
The incorrect answers:
A. Monthly OS patch install
It’s not necessary to boot from a network drive to install the monthly
Microsoft operating system patches.
C. Boot to Safe Mode
Booting into Safe Mode can be managed on a local computer without the
requirement of booting across the network using PXE.
D. Control the computer remotely
Remote control or remote desktop functionality is managed with
applications on the operating system. It is not necessary to boot with PXE
to control a device remotely
A user has opened a help desk ticket for application slowdowns and
unwanted pop-up windows. A technician updates the anti-virus software,
scans, and removes the malware. The technician then schedules future
scans and creates a new restore point. Which of the following should be
the NEXT step in the removal process?
❍ A. Disable System Restore
❍ B. Update the anti-virus signatures
❍ C. Quarantine the system
❍ D. Educate the end user
The Answer: D. Educate the end user
After the malware has been removed and the system is protected from
future infections, it’s important to educate the end user on how they could
prevent additional problems and when they should contact their support
team for additional help.
The incorrect answers:
A. Disable System Restore
The process of disabling System Restore to remove all of the existing
restore points is one of the first steps in the malware removal process and
should occur prior to the remediation phase.
B. Update the anti-virus signatures
The time to update the anti-virus signatures would be in the initial
remediation phase prior to scanning and removing the malware.
C. Quarantine the system
A system should be separated from the rest of the systems as soon as
malware is suspected. The system would not need to be quarantined after
the malware has been successfully removed.
A technician is setting up some new computers on an industrial
manufacturing floor that cuts wood boards for cabinets. Which of the
following would be the MOST important for this setup process?
❍ A. ESD mat
❍ B. UPS
❍ C. Anti-static bag
❍ D. Air filter mask
The Answer: D. Air filter mask
When working in an industrial area with particles in the air, it’s important
to protect your face and lungs by using a mask that will filter out the
contaminants.
The incorrect answers:
A. ESD mat
An ESD (Electrostatic Discharge) mat is used when working with
individual computer components to protect them from damage. This
question references the setup of computers, and there’s no mention of
working inside of the systems or with individual components.
B. UPS
A UPS (Uninterruptible Power Supply) is used to maintain a backup
power source when the primary power is unavailable. There’s no
requirement in this question that would need a UPS during the computer
setup process, and it’s more important to be protected while installing the
new computers.
C. Anti-static bag
An anti-static bag is used to protect computer components when they are
outside of the computer or during transportation. An anti-static bag is not
needed during the computer setup process.
Sam, a user in the accounting department, has opened a help desk ticket
due to problems accessing the website of the company’s payroll service
provider. The help desk technician finds that other users in the accounting
department are able to successfully access the website. While testing other
website connections on Sam’s computer, the technician finds that many
pop-up windows are displayed. Which of the following would be the
BEST way for the technician to resolve this issue?
❍ A. Uninstall the browser and reinstall with a different version
❍ B. Restore the workstation from a known good backup
❍ C. Start in Safe Mode and connect to the payroll website
❍ D. Modify the browser’s proxy settings
The Answer: B. Restore the workstation from a known good backup
The help desk technician found the problem only appeared on Sam’s
workstation and the problems appeared to indicate a malware infection.
Given the available answers, the only one that would provide a resolution
is to restore the system from a known good backup.
The incorrect answers:
A. Uninstall the browser and reinstall with a different version
If a system is infected with malware, uninstalling the browser and
reinstalling another version will not resolve the issue. To guarantee removal
of the malware, the entire system must be deleted and reinstalled.
C. Start in Safe Mode and connect to the payroll website
Safe Mode does not prevent malware from running, and it’s unlikely that
Safe Mode would provide access to the third-party website.
D. Modify the browser’s proxy settings
There’s no evidence from the testing that the connectivity issue is related
to an incorrect proxy setting. In this example, the large number of pop-up
windows appears to indicate a malware infection.
A business partner in a different country needs to access an internal
company server during the very early morning hours. The internal firewall
will limit the partner’s access to this single server. Which of these would
be the MOST important security task to perform on this server?
❍ A. Install the latest OS patches
❍ B. Remove the server from the Active Directory domain
❍ C. Use only 64-bit applications
❍ D. Run a weekly anti-virus scan
The Answer: A. Install the latest OS patches
This system will be used during non-working hours from a location that
is not part of your organization, so keeping the operating system secure
will be important. Maintaining an aggressive patching schedule will ensure
that any known vulnerabilities are always removed before they could
possibly be exploited.
The incorrect answers:
B. Remove the server from the Active Directory domain
An Active Directory domain allows a domain administrator to centrally
manage security policies and to provide ongoing monitoring of a device.
The server would be less secure if it were removed from the AD domain.
C. Use only 64-bit applications
There’s no enhanced security with 64-bit applications, so ensuring the use
of those applications wouldn’t provide any significant security advantages.
D. Run a weekly anti-virus scan
The concern with this server is that it will be accessed by unknown thirdparties from the partner’s network. Running an anti-virus scan every week
would not provide any significant security benefit, and would probably be
delivered too late to be of use.
A Linux administrator has been asked to upgrade the web server software
on a device. Which of the following would provide the administrator with
the appropriate rights and permissions for this upgrade?
❍ A. chmod
❍ B. apt-get
❍ C. ifconfig
❍ D. sudo
The Answer: D. sudo
The sudo (superuser do) command will execute a command as
the superuser or any other user on the system. When performing
administrative tasks such as upgrading software, it’s often necessary to use
elevated rights and permissions.
The incorrect answers:
A. chmod
The chmod (change mode) command will modify the read, write, and
execution permissions for a file system object. The mode of a file or folder
would not commonly need to be modified during an upgrade.
B. apt-get
The apt-get (Advanced Packaging Tool) command is used to manage
application packages and software upgrades. The apt-get command does
not provide any additional rights and permissions, however.
C. ifconfig
The ifconfig (Interface Configuration) command displays or configures a
network interface and IP address configuration. No rights or permissions
are provided through the ifconfig command.
A system administrator has installed a new video driver on a laptop
computer, but the icons and text on the screen are larger than the previous
driver version. Which of the following should be modified to resolve
this problem?
❍ A. Resolution
❍ B. Color depth
❍ C. Refresh rate
❍ D. Video memory
The Answer: A. Resolution
The display resolution is the number of vertical and horizontal pixels on
the screen. As the screen resolution is lowered, the items on the screen will
appear larger.
The incorrect answers:
B. Color depth
The color depth determines how many colors can be represented on the
display. Modifying the color depth will not change the relative sizes of text
or icons on the display.
C. Refresh rate
The refresh rate refers to the number of updates that the display receives
each second. Modifying the refresh rate will not change the relative size of
items on the screen.
D. Video memory
Most video adapters will include memory that is used by the adapter card
to process the video used by the display. Using an adapter with a different
memory configuration will not change the size of items on the screen.
A network administrator is configuring a wireless network at a small
office. The administrator would like to allow wireless access for all
computers but exclude a single kiosk in the lobby. Which of the following
configuration settings would meet this requirement?
❍ A. SSID suppression
❍ B. Content filtering
❍ C. Static IP addressing
❍ D. WPS
❍ E. MAC filtering
The Answer: E. MAC filtering
MAC (Media Access Control) address filtering can be configured to
allow or deny access to the network based on the hardware address of
the wireless network adapter. Given the available options, MAC filtering
would be the only way to provide this type of device exclusion.
The incorrect answers:
A. SSID suppression
The SSID (Service Set Identifier) is the name of the wireless network, and
most access points allow the administrator to control the broadcasting of
the network name. This option would not display the name on a list of
available wireless networks, but a device could connect to the network if
the name was already known.
B. Content filtering
Content filtering refers to the control of information inside of an existing
data flow. This commonly controls based on the URLs (Uniform Resource
Locators) associated with websites, allowing the administrator to allow
or deny access to certain categories of online content. This functionality
would not be used to limit wireless network access for a single device.
C. Static IP addressing
Static IP addressing would require the administrator to manually assign IP
addresses to all of the devices on the network, but this manual assignment
is not a security feature and would not necessarily restrict access to the
network from any device.
D. WPS
WPS (Wi-Fi Protected Setup) is a configuration option on a wireless
access point that is designed to make it easier for other devices to connect
to the network. The use of WPS does not provide a way to limit or restrict
wireless network access if a device already has the proper credentials.
After booting, a laptop computer is showing a black screen instead of the
normal Windows login prompt. The logs from the update server show
drivers on the laptop were automatically updated overnight. Which of the
following would be the BEST way to resolve this issue?
❍ A. Reinstall the operating system
❍ B. Update the BCD
❍ C. Start in VGA mode and roll back the driver
❍ D. Upgrade the BIOS
The Answer: C. Start in VGA mode and roll back the driver
If a video driver has problems, it becomes difficult to troubleshoot without
any video output. In these cases, it’s useful to start in the generic VGA
mode to regain some use of the operating system. Using System Restore to
roll back the driver will restore the previous video driver and configuration.
The incorrect answers:
A. Reinstall the operating system
Reinstalling the operating system might also install a new video driver and
resolve the issue, but it would certainly modify many operating system files
and potentially remove user data and configurations from the system.
B. Update the BCD
The BCD (Boot Configuration Data) is the Windows boot manager that
launches the operating system. Modifying BCD configurations would not
modify the video driver configurations in an operating system.
D. Upgrade the BIOS
The BIOS does not contain any video drivers for the operating system, and
upgrading the BIOS would not resolve this issue.
A security administrator has received an alert that a user’s workstation in
the shipping department has attempted to communicate to a command
and control server for a well-known botnet. The logs on the workstation
show that the user manually installed a new Internet browser the
previous day. Which of the following would be the BEST next step for
troubleshooting this issue?
❍ A. Uninstall the new browser
❍ B. Backup the user’s documents
❍ C. Roll back to a previous restore point
❍ D. Disable the user’s account
The Answer: D. Disable the user’s account
The first step after identifying a malware infection is to quarantine the
system. This would include removing the system from the network and
preventing the user’s account from accessing other network resources.
The incorrect answers:
A. Uninstall the new browser
Once the new browser was installed, the malware undoubtedly made
significant changes to the user’s operating system. Uninstalling the
browser would not remove the existing malware infection.
B. Backup the user’s documents
Although it will be important to preserve as much of the data as possible,
performing a backup of the user’s documents would not be the best next
step given the available options.
C. Roll back to a previous restore point
If the system is infected with malware, then it’s very likely that the
previous restore points have also been infected. Rolling back to a previous
restore point will most likely not remove the malware.
A technician is installing a new wireless network in a small remote office.
Which of the following should the technician choose to provide the
highest level of security on the network?
❍ A. WPA2
❍ B. MAC filtering
❍ C. Static IP addressing
❍ D. SSID suppression
The Answer: A. WPA2
WPA2 (Wi-Fi Protected Access 2) encryption is used to protect the
data transmitted over the wireless network. WPA2 or similar encryption
would be considered to be the highest level of data protection on a wireless
network.
The incorrect answers:
B. MAC filtering
MAC (Media Access Control) filtering is used to allow or deny access
to the network based on the hardware address of the wireless adapter.
However, MAC filtering can be easily circumvented and is not considered
a security feature.
C. Static IP addressing
Static IP address would require the network administrator to manually
assign IP addresses to the network devices. Static IP addressing does not
provide any security features.
D. SSID suppression
SSID (Service Set Identifier) suppression will prevent the name of the
wireless network from appearing in lists of available networks. SSID
suppression does not prevent someone from connecting to the network if
they already know the name, and it’s not considered a security feature
A technician is delivering a new laptop to a user and moving the older
laptop to a different user. Which of the following would allow the existing
hard drive to be used but prevent recovery of any of the previous user’s
data?
❍ A. Regular format
❍ B. Run a defragmentation
❍ C. Connect the laptop to the Windows Domain
❍ D. Delete the \Users folder
The Answer: A. Regular format
A regular format in Windows will overwrite each sector with zeros and
prevent data recovery.
The incorrect answers:
B. Run a defragmentation
Although a defragmentation can overwrite some data, there’s no
guarantee that defragmenting the drive will result in overwriting all of
the data. Recovery software may still be able to undelete data after a
defragmentation has completed.
C. Connect the laptop to the Windows Domain
Associating a device to the Windows Domain allows it to be centrally
managed, but it does not provide it with any protection of data on the hard
drive.
D. Delete the \Users folder
The standard delete command in Windows does not overwrite any data
on the hard drive. Recovery software can be used to view and save the
previously deleted data.
A desktop technician is replacing all of the CRT displays on a
manufacturing line and replacing them with LCD displays. Which of the
following would be the BEST way to dispose of the old monitors?
❍ A. Take to a hazardous waste facility
❍ B. Return to the manufacturer
❍ C. Separate the parts and dispose of normally
❍ D. Contract with an incineration company
The Answer: A. Take to a hazardous waste facility
The glass in a CRT (Cathode-Ray Tube) can contain lead, so it’s
important to dispose of those older displays at a local hazardous waste
facility.
The incorrect answers:
B. Return to the manufacturer
The manufacturer of the equipment does not have a responsibility to
accept old product returns. Once the equipment is purchased, it’s the
owner’s responsibility to properly dispose of the equipment.
C. Separate the parts and dispose of normally
There’s no need to separate the parts inside of a CRT, and some CRTs
could potentially shock or electrocute someone touching the internal
components. Even if the CRTs were dismantled, they would not be
thrown out with the normal trash.
D. Contract with an incineration company
CRTs should not be incinerated, and instead should be properly disposed
of at a local hazardous waste utility
A user needs to modify a spreadsheet for an upcoming meeting. The
spreadsheet is currently stored on a remote computer in a shared drive.
The user would like to access the shared drive as a drive letter inside of
Windows File Explorer. Which of the following command line options
would provide this functionality?
❍ A. tasklist
❍ B. net use
❍ C. diskpart
❍ D. netstat
The Answer: B. net use
The net use command will assign a local drive letter to a network share.
Once the net use command is completed, the drive letter can be used to
reference the share in all applications and in the File Explorer.
The incorrect answers:
A. tasklist
The tasklist command will display a list of all running processes in the
operating system. The tasklist command will not associate a drive letter
with a Windows share.
C. diskpart
The diskpart command is used to manage disk configurations, partitions,
and volumes. The diskpart command is not used for drive letters and
shares.
D. netstat
The netstat utility will display network statistics relating to active
connections, application usage, and network activity. The netstat command
does not associate drive letters with Windows shares.
A macOS server administrator needs a backup system that will allow
the recovery of data from any point in the last thirty days. Which of the
following should be used for this requirement?
❍ A. Backup and Restore
❍ B. Boot Camp
❍ C. Spaces
❍ D. Time Machine
The Answer: D. Time Machine
The backup utility included with macOS is called Time Machine. Time
Machine will create backups automatically and maintain as many days as
the backup media’s free space can store.
The incorrect answers:
A. Backup and Restore
The Windows backup utility is called Backup and Restore. These backups
are not compatible with the macOS operating system.
B. Boot Camp
The Boot Camp utility allows the computer to dual boot between macOS
and Windows. Boot Camp does not provide any backup or restore
functionality.
C. Spaces
The Spaces utility can be used in macOS to create multiple desktops and
separate work “spaces” that can be used independently of each other.
Why would a technician use an ESD strap?
❍ A. Protects electronic parts from extreme heat
❍ B. Keeps electronic parts dry and free from moisture
❍ C. Prevents damage from static electricity
❍ D. Protects computer parts from dust
The Answer: C. Prevents damage from static electricity
An ESD (Electrostatic Discharge) strap, or anti-static strap, connects
a person to the equipment that they are working on. This commonly
connects a wire from a user’s wrist to a metal part on the computer or
device.
The incorrect answers:
A. Protects electronic parts from extreme heat
An ESD strap does not provide any protection for extreme heat or
temperature.
B. Keeps electronic parts dry and free from moisture
An anti-static strap does not provide any protection from the elements, so
it would not be used to protect against moisture or water.
D. Protects computer parts from dust
Anti-static straps do not cover or protect computer components, so it
would not protect a system from dust or debris.
A desktop administrator is upgrading an older computer to support the 64-bit version of Windows 10 Pro. The computer currently has: 1 GHz CPU 1 GB of RAM 50 GB of free storage space 1024 x 768 video resolution Which of the following should be upgraded to support the Windows 10 installation? ❍ A. CPU ❍ B. RAM ❍ C. Storage space ❍ D. Video resolution
The Answer: B. RAM
The 64-bit version of all Windows 10 editions require a minimum of
2 GB of system memory. Since this system only has 1 GB of RAM, it will
need a memory upgrade before Windows 10 x64 can be installed.
The incorrect answers:
A. CPU
A processor running at 1 GHz is supported by both the 32-bit and 64-bit
versions of Windows 10.
C. Storage space
The 64-bit version of Windows 10 requires 20 GB of free disk space. This
system has 50 GB of free storage space, so it can easily support an upgrade
to Windows 10 Pro x64.
D. Video resolution
Windows 10 Pro x64 requires a video resolution of 800 x 600, and this
system supports a resolution of 1024 x 768 pixels.
Jack, a technician, is scheduled to replace a faulty motherboard today,
but the motherboard delivery has been delayed and will not arrive until
tomorrow. The new motherboard will repair a laptop used by a company
executive. Which of the following would be the BEST way to handle
these events?
❍ A. Move the installation to the next business day
❍ B. Schedule another repair into today’s newly opened time slot
❍ C. Ask the delivery company for a refund on the shipping charges
❍ D. Contact the end user and inform them of the shipping issue
The Answer: D. Contact the end user and inform them of the
shipping issue
It’s important to always maintain an open line of communication with
everyone involved with a project. When the situation is running as
expected, a simple update may be all that’s necessary. If problems occur,
however, the other participants may want to make alternative plans. It’s up
to the technician to manage this open line of communication.
The incorrect answers:
A. Move the installation to the next business day
Moving the scheduled installation to the next business day without any
other input would not be the best way to manage this repair. If the repair
was time-sensitive, moving the installation may be the worst way to
proceed.
B. Schedule another repair into today’s newly opened time slot
Before prioritizing another repair into the existing time, it would be useful
to know if there might be another option for the customer rather than to
wait a day for the delivery to arrive.
C. Ask the delivery company for a refund on the shipping charges
Although there may be a case for refunding the shipping information, the
current problem that needs resolution is the motherboard repair. There will
be time after the repair is completed to determine if the shipping process
was properly managed.
A system administrator has been tasked with locating all of the log files
contained within an application folder. The folder currently contains over
a thousand files, and only a portion of them have a .log extension. Which
of these Windows commands would be the BEST way to find these files?
❍ A. sfc
❍ B. ls
❍ C. tasklist
❍ D. dir
The Answer: D. dir
The dir (directory) command will display a list of files from the command
line. The command includes filtering options, so using “dir *.log” would
display all files in the current directory with a .log extension.
The incorrect answers:
A. sfc
The sfc (System File Checker) command will scan the integrity of all
protected system files and correct any files that may have been changed
since their installation. The sfc command will not display a list of files in
the current directory.
B. ls
The ls (list) command is the Linux command to show a list of files in
the current directory. The ls command does not work from a Windows
command line.
C. tasklist
The tasklist command will display a list of currently running processes. The
tasklist command does not display a list of files in the current directory
A user runs a corporate app on their smartphone that downloads a
database each time the app is started. This download process normally
takes a few seconds, but today the download is taking minutes to
complete. Which of the following should a technician follow as the best
NEXT troubleshooting step?
❍ A. Disable Bluetooth
❍ B. Run a network speed check
❍ C. Evaluate the app with an app scanner
❍ D. Check the cloud storage resource usage
The Answer: B. Run a network speed check
Delays associated with the downloading process would initially indicate a
problem with the network connection. A speed check would evaluate the
network connectivity and provide a baseline for download speeds.
The incorrect answers:
A. Disable Bluetooth
The Bluetooth radio would not cause a delay in transmitting traffic
across the 802.11 network or cellular network. It’s unlikely that disabling
Bluetooth would provide any change to the download speed.
C. Evaluate the app with an app scanner
This app is a corporate published app, so using a third-party app scanner
to determine the safety and security of the app would be unnecessary.
D. Check the cloud storage resource usage
The resource usage of a cloud storage platform would not cause the delays
with this app
A system administrator is analyzing a problem with a USB flash drive
on a Windows 10 computer. When the flash drive is inserted, the CPU
utilization increases to 100%. The administrator would like to disable
one of the computer’s USB controllers for troubleshooting. Which of the
following would provide this functionality?
❍ A. Services
❍ B. Performance Monitor
❍ C. Event Viewer
❍ D. Device Manager
The Answer: D. Device Manager
The Windows Device Manager provides access to the device drivers that
manage the hardware on a computer. Individual drivers can be enabled,
disabled, and managed from the Device Manager utility.
The incorrect answers:
A. Services
The Services utility manages background service processes in Windows.
The Services utility does not manage or disable hardware components.
B. Performance Monitor
The Performance Monitor gathers long-term statistics and can alert or
create reports for ongoing performance metrics. Performance Monitor
does not manage hardware device drivers.
C. Event Viewer
The Event Viewer contains logs from the applications, operating system,
and other services. Although the Event Viewer may provide additional
details about this flash drive issue, the administrator would not manage the
device drivers from the Event Viewer utility
A user is reporting that some apps launched on their mobile phone
will show an error message and then disappear without starting. This
problem occurs with a group of apps that are normally used during the
work day. Which of the following tasks would be the FIRST step for
troubleshooting this issue?
❍ A. Install the previous version of the apps
❍ B. Connect the phone to a power source
❍ C. Power cycle the phone
❍ D. Disable the GPS radio
The Answer: C. Power cycle the phone
Before making any application or configuration changes, it’s useful to
power cycle a smartphone to reset the operating system. If the problem
continues, then additional changes might be considered.
The incorrect answers:
A. Install the previous version of the apps
There’s no evidence that the current version of the apps is the root cause
of the issue. Before making changes to the software, it would be useful to
perform some non-invasive troubleshooting and information-gathering
tasks.
B. Connect the phone to a power source
Lack of a power source would not commonly cause applications to fail.
This would therefore not be the best first step for troubleshooting these
application issues.
D. Disable the GPS radio
The GPS radio would not commonly cause an app to fail, so disabling the
GPS would not commonly be the first troubleshooting step.
A technician has been asked to power down and store a server that has
been exploited by an external attacker. The legal department will be
performing tests and gathering information from this server. Which of
the following would be MOST important to ensure the integrity of the
server data?
❍ A. Report the server location to the proper channels
❍ B. Compile all support tickets associated with the server
❍ C. Maintain a chain of custody
❍ D. Take photos of the server in the storage room
The Answer: C. Maintain a chain of custody
It will be important that the data on the server is not modified. To ensure
that all activity can be tracked, a chain of custody should be maintained at
all times.
The incorrect answers:
A. Report the server location to the proper channels
It’s useful for everyone to know where the server is located, but providing
that information to the proper channels doesn’t ensure that the data on
the server is not modified.
B. Compile all support tickets associated with the server
A list of server support tickets may be useful for the incident investigation,
but it won’t help to ensure the integrity of the existing data on the server.
D. Take photos of the server in the storage room
A photographic image of the server, regardless of its location, will not help
maintain the integrity of the data on the server.
Jack, a user, has opened a help desk ticket to remove malware from his
laptop. A previous removal occurred two weeks earlier with a similar
malware infection. Which of the following was missed during the first
malware removal?
❍ A. Restart the computer
❍ B. Educate the end-user
❍ C. Enable System Protection
❍ D. Quarantine infected systems
The Answer: B. Educate the end-user
Of the available possible answers, this is the only one that would have
resulted in a reinfection if not properly followed. The users aren’t malware
experts, and they may not realize that their actions can have a negative
effect on their system. Spending some quality time explaining antimalware best practices can help prevent future infections.
The incorrect answers:
A. Restart the computer
Restarting the computer is not a necessary step in the malware removal
process, and it wouldn’t cause the computer to be more susceptible to
another malware infection.
C. Enable System Protection
Enabling System Protection after malware has been removed does not
make it more likely to receive another infection.
D. Quarantine infected systems
The quarantine process would prevent other devices from infection.
Missing the quarantine process would not necessarily cause the original
system to become infected again.
Which of the following features would be found in Windows 10 Enterprise but not in Windows 10 Pro? (Choose TWO) ❍ A. Domain membership ❍ B. BitLocker ❍ C. BranchCache ❍ D. Hyper-V ❍ E. Remote Desktop host ❍ F. AppLocker
The Answer: C. BranchCache, and F. AppLocker
BranchCache provides a method of caching data at remote sites to save
time and bandwidth, and AppLocker provides administrative control
of what applications can run in Windows. Both features are available in
Windows 10 Enterprise but not in Windows 10 Pro.
The incorrect answers:
A. Domain membership
The ability to connect to an Active Directory domain is available in
Windows 10 Pro and higher editions.
B. BitLocker
The full disk encryption functionality of BitLocker is available in
Windows 10 Pro and higher.
D. Hyper-V
Running virtual machines with Microsoft’s Hyper-V is available in
Windows 10 Pro and higher.
E. Remote Desktop host
A Windows desktop can be configured with the Remote Desktop service
in Windows 10 Pro and higher editions.
A medical research company is using laptop computers when visiting
testing centers. The IT security team is concerned about a private medical
data breach if a laptop is lost or stolen. Which of the following would be
the BEST way to manage this issue?
❍ A. BIOS password
❍ B. Authenticator app
❍ C. Full disk encryption
❍ D. Biometric authentication
❍ E. Cable lock
The Answer: C. Full disk encryption
Encrypting all of the data on the laptop storage drives would prevent
access to any data if the laptops are lost or stolen.
The incorrect answers:
A. BIOS password
A BIOS password would prevent someone from booting the operating
system, but the data would still be accessible if the storage drive was
removed from the laptop and moved to another system.
B. Authenticator app
An authenticator app would provide another factor of authentication
during the login process, but it would not provide any additional security
for the data stored on the laptop drive.
D. Biometric authentication
Using biometrics during the authentication process would ensure that the
proper users were logging in, but it would not protect the data if the drives
were removed from the laptop.
E. Cable lock
A cable lock might help prevent the laptop from theft, but it would not
provide any data protection if the laptop was lost or stolen.
A user would like to encrypt a small group of files in a shared folder
without affecting other files on the drive. Which of the following would
be the BEST way to accomplish this?
❍ A. EFS
❍ B. Save the files “as Administrator”
❍ C. BitLocker
❍ D. Save the files with a dollar sign at the end of the filename
The Answer: A. EFS
EFS (Encrypting File System) allows a user to encrypt individual objects
at the file system level. With EFS, a single file or group of files can be
protected without encrypting any other items on the storage drive.
The incorrect answers:
B. Save the files “as Administrator”
Windows includes the option to execute an application with
Administrator rights, but saving files does not include this option. By
default, files are saved using the rights and permissions of the current user
and changing this option would not provide any encryption features.
C. BitLocker
BitLocker is a full disk encryption technology that protects all of the data
on the volume. BitLocker does not provide a feature to encrypt a single
file or group of files.
D. Save the files with a dollar sign at the end of the filename
Creating a Windows share with a dollar sign at the end of the share name
will hide the share from a public list. Saving a filename with a dollar sign
at the end does not provide any protection or encryption of the file.
