Practice Test #2 Questions

Question 1

A network administrator needs to allow employees to upload files to a remote server securely. What port must be allowed through the firewall?

a) 25
b) 21
c) 161
d) 22

Answer 1

d) 22

• To securely upload a file, the employees could use SFTP (Secure FTP) or SCP (Secure Copy). Both SFTP and SCP operate over port 22, therefore port 22 must be opened by the firewall so that the employees can reach the file servers. Port 21 is used by the File Transfer Protocol, but it is not a secure method of sending files. There is a more secure version of FTP known as FTPS, but that uses port 990. Port 25 is reserved for the simple mail transfer protocol (SMTP), which is an internet standard communication protocol for electronic mail transmission. Port 161 is reserved for simple network management protocol (SNMP), which is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks.*

Question 2

Which of the following policies or plans would describe the access requirements for connecting a user’s laptop to the corporate network?

a) Remote access policy
b) Password policy
c) Onboarding policy
d) BYOD policy

Answer 2

d) BYOD policy

A bring your own device (BYOD) policy allows, and sometimes encourages, employees to access enterprise networks and systems using personal mobile devices such as smartphones, tablets, and laptops.
A remote access policy is a document that outlines and defines acceptable methods of remotely connecting to the internal network.
A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. This document promotes strong passwords by specifying a minimum password length, complexity requirements, requiring periodic password changes, and placing limits on the reuse of passwords.
An onboarding policy is a documented policy that describes all the requirements for integrating a new employee into the company and its cultures, as well as getting that new hire all the tools and information they need to begin their job successfully.

Question 3

A user is having an issue with an application on their Android device. Whenever the user attempts to launch the application, the app fails and generates an error message. When asked, other users say they are not having the same issue. Which of the following should the technician attempt FIRST to solve this issue?

a) Rollback the application to the previous version
b) Update the operating system of the smartphones
c) Reinstall the malfunctioning application
d) Clear the local application cache

Answer 3

d) Clear the local application cache

To solve an issue with a mobile application, you should normally attempt the following steps. First, clear the application cache since this locally stored information can become glitchy and cause an app to crash. If you have two of the same smartphones having the same issue, it is unlikely to be the application cache causing the issue but in this case, only one user is having the issue.
In this case, the technician would then attempt to update the OS of the smartphones. Updating the operating system can minimize compatibility issues and fix crashing applications.
Third, you can try reinstalling the application if the other two options don’t work.

Question 4

Which of the following types of wireless encryption uses a 40-bit encryption key with an RC4 encryption cipher?

a) WEP
b) WPA
c) WPA2
d) Open

Answer 4

a) WEP

The Wired Equivalent Privacy (WEP) encryption system is based on the RC4 encryption cipher. WEP uses a 40-bit encryption key and a 24-bit initialization vector by default, creating a 64-bit key. Newer versions of WEP support a 128-bit key size. A larger encryption key creates stronger encryption and is more difficult to attack. WEP is considered weak by today’s standards and should be replaced by WPA2 or strong encryption schemes. Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications designed to replace WEP.
WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard.
WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption.
An open network does not use an encryption key or preshared key to protect the network.

Question 5

What type of structure is “For Next” in scripting?

a) Branch
b) Loop
c) Constant
d) Variable

Answer 5

b) Loop

• In a loop, the computer repeats the task until a condition is met. Often implemented with For, For Next, While, or Do While statements*

Question 6

A computer was recently infected with a piece of malware. Without any user intervention, the malware is now spreading throughout the corporate network and infecting other computers that it finds. Which type of malware MOST likely infected these computers?

a) Trojan
b) Virus
c) Ransomeware
d) Worm

Answer 6

d) Worm

A worm is a standalone malware computer program that replicates itself to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. A worm can spread on its own, whereas a virus needs a host program or user interaction to propagate itself.
A virus is malicious software designed to infect computer files or disks when it is activated. A virus may be programmed to carry out other malicious actions, such as deleting files or changing system settings. A trojan is a type of malware that looks legitimate but can take control of your computer.
A Trojan is designed to damage, disrupt, steal, or in general, inflict some other harmful action on your data or network. The most common form of a trojan is a Remote Access Trojan (RAT), which allows an attacker to control a workstation or steal information remotely. To operate, a trojan will create numerous processes that run in the background of the system.
Ransomware is a type of malware designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Once infected, a system or its files are encrypted, and then the decryption key is withheld from the victim unless payment is received.

Question 7

Which of the following types of attacks are usually used as part of an on-path attack?

a) Spoofing
b) DDOS
c) Tailgaiting
d) Brute force

Answer 7

a) Spoofing

Spoofing is often used to inject the attacker into the conversation path between the two parties. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. An on-path attack is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other. The attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection. The attacker will intercept all relevant messages passing between the two victims and inject new ones.
A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
Tailgating is a social engineering technique to gain access to a building by following someone unaware of their presence.
A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly.

Question 8

You are partitioning a 1 TB hard drive on a new workstation. The hard disk has been partitioned into four different partitions with 100 GB, 150 GB, 250 GB, and 500 GB. How many different file system types could you support on this 1 TB hard drive?

a) 2
b) 3
c) 1
d) 4

Answer 8

d) 4

Partitioning is the act of dividing a physical disk into logically separate storage areas, often referred to as drives. Each partition can be formatted with any file system type. Since there are 4 distinct partitions on this single hard drive, it can support up to 4 different file systems.

Question 9

Which RAID solution will provide the BEST speed and redundancy for a backup and disaster recovery server?

a) RAID 0
b) RAID 1
c) RAID 5
d) RAID 10

Answer 9

d) RAID 10

RAID 10 (also known as RAID 1+0) combines the benefits of both RAID 1 (mirroring) and RAID 0 (striping). Redundancy: RAID 10 provides excellent redundancy because data is mirrored (RAID 1) across multiple drives. This means that if one drive fails, the system can still operate using the mirrored copy without data loss.
Speed: RAID 10 also provides high performance because data is striped across multiple drives (RAID 0), which speeds up both read and write operations by distributing data across multiple disks. This results in fast data access, which is important for backup and disaster recovery tasks.

Comparison with other RAID levels:
RAID 0: Offers the best speed because of striping but has no redundancy. If one drive fails, all data is lost, making it unsuitable for backup and disaster recovery.
RAID 1: Provides redundancy through mirroring, but it does not offer the same level of performance as RAID 10, as there’s no striping to enhance read/write speed.
RAID 5: Provides a good balance between speed, redundancy, and storage efficiency (using parity for redundancy), but it is slower than RAID 10 for both read and write operations, especially when rebuilding after a failure.

Question 10

You are configuring a SOHO network and only allowing specific IP addresses to access the network while blocking any IP addresses that are not on the list. Which of the following should be implemented?

a) Port forwarding
b) MAC filtering
c) Allow list
d) Block list

Answer 10

c) Allow List

An allow list lets you specify which IP addresses are allowed to access the network. All other IP addresses are blocked by default. This is exactly what you need if you only want certain IP addresses to access your network.

Why not the others?
a) Port forwarding: This is used to redirect traffic from one port to another, not for controlling access by IP address.
b) MAC filtering: This controls access based on device hardware addresses, not IP addresses.
d) Block list: A block list just blocks certain IP addresses, but doesn’t restrict all others like an allow list does.

Question 11

You are renting space in another company’s data center. To protect your server from being physically accessed when you are not in the building, what device should you use?

a) USB lock
b) Entry control roster
c) Smart card
d) Server lock

Answer 11

d) Server lock

A server lock is a physical security device designed specifically to secure a server or other hardware in place, preventing unauthorized access to the device itself. It typically involves a cable that attaches to the server’s chassis and locks it to a fixed object, such as a rack or a secure location in the data center. This protects the server from being physically tampered with or stolen when you’re not in the building.

Why not the others?
a) USB lock: A USB lock is used to physically block USB ports to prevent unauthorized devices from being connected to the server, but it doesn’t prevent physical access to the server.
b) Entry control roster: This is a list of authorized people who can enter the building or data center, but it doesn’t secure the server itself once inside.
c) Smart card: A smart card is used for authentication, typically to access systems, but it does not provide physical security for a server.

Question 12

Mark’s laptop is running Windows 10 and appears to become slower and slower over time with use. You decide to check the current CPU utilization and observe that it remains in the 95% to 100% range fairly consistently. You close three of Mark’s open applications and recheck the CPU utilization. You notice the utilization dropped to the 30% to 35% range. A week later, Mark calls you again and says the computer is extremely slow. Which of the following tools can you use to check the CPU utilization and manage any high-resource processes?

a) Task Manager
b) Msconfig
c) PerfMon
d) RDS

Answer 12

a) Task Manager

Task Manager is for quick checks of current system performance, while Performance Monitor is for in-depth, long-term monitoring and analysis of system health and performance.

Question 13

Peter is attempting to print to his office printer, but nothing comes out. Yesterday, his printer was working just fine. Peter does not notice any errors on the taskbar’s printer icon. Which of the following actions should Peter try FIRST to solve this issue?

a) Check the status of the print server queue
b) Check that the printer is not offline
c) Check to ensure the printer selected is the default printer
d) Cancel all documents and print them again

Answer 13

a) Check the status of the print server queue

When this issue occurs, it is often because the system properly sent the print job to the print queue, but the print queue has become stuck.
If no error is shown in the taskbar’s printer icon, the user should open the print queue to determine if the print job has become stuck. If it is, then the print queue can be emptied or reset.

Question 14

A customer has requested you install an external video card into their gaming PC. Which of the following tools should you utilize to protect the video card as you carry it from the storage room to your workbench?

a) Antistatic bag
b) ESD strap
c) Latex gloves
d) Air filter mask

Answer 14

a) Antistatic bag

Question 15

Elizabeth was replacing a client’s security device that protects their screened subnet. The client has an application that allows external users to access the application remotely. After replacing the devices, the external users cannot connect remotely to the application anymore. Which of the following devices was MOST likely misconfigured and is now causing a problem?

a) DNS
b) Firewall
c) Content filter
d) DHCP

Answer 15

b) Firewall

Firewalls are responsible for controlling incoming and outgoing traffic to and from a network. If the firewall is misconfigured after being replaced, it might be blocking the specific ports or protocols required for remote users to connect to the application. The firewall could have been set to block access to the external application or failed to allow necessary port forwarding or access rules for remote connections.

*Why not the others?
a) DNS: While DNS issues can prevent remote users from resolving the application’s domain name, it doesn’t typically stop users from connecting once the address is resolved. DNS issues would usually result in an error indicating the site is unreachable.
c) Content filter: Content filters control access to specific types of content (like websites or apps) but would not typically block the application’s ability to connect, especially if it’s related to network-level access.
d) DHCP: The DHCP server assigns IP addresses to devices on the network. While a misconfigured DHCP could cause internal network issues, it wouldn’t typically affect remote access to an external application unless the internal network setup was misconfigured, which doesn’t seem to be the case here.

Question 16

During the reconnaissance phase of a penetration test, you have determined that your client’s employees all use Android smartphones that connect back to the corporate network over a secure VPN connection. Which of the following methods would MOST likely be the best method for exploiting these?

a) Identify a jailbroken device for easy exploitation
b) Use web-based exploits against the device’s web interfaces
c) Use a tool like ICSSPLOIT to target specific vulnerabilities
d) Use social engineering to trick a user into opening a malicious APK

Answer 16

d) Use social engineering to trick a user into opening a malicious APK

When targeting mobile devices, you must first determine if the company uses iPhones or Android-based devices. If they are using Android-based devices, you can use social engineering to trick a user into installing a malicious APK.
As a penetration tester, you can create a malicious APK using msfvenom in the Metasploit framework. The user can install it directly from your website instead of the Google Play store.

Question 17

A macOS user is browsing the internet in Google Chrome when they see a notification that says, “Windows Enterprise Defender: Your computer is infected with a virus, please click here to remove it!” What type of threat is this user experiencing?

a) Phising
b) Worm
c) Rogue anti-virus
d) Pharming

Answer 17

c) Rogue anti-virus

Rogue anti-virus is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and to pay money for a fake malware removal tool (that actually introduces malware to the computer). It is a form of scareware that manipulates users through fear and a form of ransomware. Since the alert is being displayed on a macOS system but appears to be meant for a Windows system, it is obviously a scam or fake alert and most likely a rogue anti-virus attempting to infect the system.
Phishing is an email-based social engineering attack in which the attacker sends an email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.

Question 18

You are trying to copy a 4.7 GB file from your Windows laptop to an external hard drive using USB 3. The external hard drive is formatted with FAT32. Every time you attempt this copy, you receive an error. What is MOST likely the issue?

a) Files over 4 GB cannot be stored on a FAT32 formatted drive
b) USB 3 is too slow to transfer a file this large
c) The laptop must be reformatted as FAT32 to support this transfer
d) The external hard drive must be formatted as APFS to support this transfer

Answer 18

a) Files over 4 GB cannot be stored on a FAT32 formatted drive

Since this file is 4.7 GB in size, it cannot be stored as a single file on the FAT32 hard drive. The file allocation table 32-bit (FAT32) is the 32-bit file system supported by Windows, macOS, and Linux computers. FAT32 can support maximum volume sizes of up to 2 TB and maximum file sizes of up to 4 GB.

Question 19

Which of the following should be implemented to allow wireless network access for clients in the lobby using a shared password as the key?

a) Geofencing
b) WPA2
c) IPsec
d) Firewall

Answer 19

b) WPA2

Wi-Fi Protected Access 2 Pre-Shared Key or WPA2-PSK is a system of encryption used to authenticate users on wireless local area networks using a shared password as the key. WPA2-PSK [AES] is the recommended secure method of making sure no one can listen to your wireless data while it is being transmitted back and forth between your router and other devices on your network.
Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network and is used in virtual private networks.

Question 20

A user contacts the service desk, stating their account is locked out, and they are unable to login to their local workstation. Which of the following log files should you review to determine the source of the lockout on the local workstation?

a) Security log
b) Application log
c) Setup
d) System log

Answer 20

a) Security log

The security log contains information regarding audit data and security on a system. For example, the security log contains a list of every successful and failed login attempt.
The system log contains information about service load failures, hardware conflicts, driver load failures, and more.

Question 21

Jason has an old 2017 Dell Laptop that he uses to connect to his office network while traveling. The computer is slow and is running Windows 7. The laptop’s screen was recently cracked and needs replacement. Jason brings the laptop to the computer store you work at and asks for your assistance. Which of the following do you recommend?

a) Sell him an external 15” tablet/monitor to connect to the laptop as a workaround
b) Purchase a new laptop as the cost to repair might be more than a new laptop
c) Replace the display and contact the manufacturer for reimbursement
d) Replace the display and charge him for the parts/installation

Answer 21

b) Purchase a new laptop as the cost to repair might be more than a new laptop

• In this scenario, you should recommend that he purchase a new laptop. Since the laptop is 5-7 years old, it is unlikely to be worth the cost of repair since he could buy a new laptop for $200 to $500. This new laptop would be faster, more secure, and last longer than repairing this old laptop. As a technician, you should weigh the benefits and drawbacks of a particular repair and provide a good recommendation to your customer.*

Question 22

Which of the following backup rotation schemes uses a three-tiered approach to ensure at least one monthly full backup is conducted?

a) Grandfather-father-son (GFS)
b) FIFO backup
c) Tower of Hanoi
d) 3-2-1 backup

Answer 22

a) Grandfather-father-son (GFS)

The grandfather is a full backup that is stored off-site once per month. The father is a weekly full backup that is conducted. The son is an incremental or differential backup conducted each day.
The 3-2-1 backup rule states that an organization should create (3) one primary backup and two copies of the data, (2) save the backups to two different types of media, and (1) keep at least one backup copy off-site.
The Tower of Hanoi is a backup rotation scheme that rotates backup media sets throughout the backup process to minimize wear and failure of tape backup media.
The First In First Out (FIFO) backup scheme uses a set number of tapes and overwrites the oldest tape with the newest information.

Question 23

Which of the following backup rotation schemes requires at least one monthly full backup to be stored safely off-site?

a) GFS
b) FIFO backup
c) 3-2-1 backup
d) Tower of Hanoi

Answer 23

c) 3-2-1 backup

The 3-2-1 backup rule states that an organization should create (3) one primary backup and two copies of the data, (2) save the backups to two different types of media, and (1) keep at least one backup copy off-site.

The grandfather-father-son (GFS) backup rotation scheme is widely used to combine full and incremental backups to reduce backup time and enhance storage security. Most often, the GFS is paired with the 3-2-1 rule to create a backup system with the best of both techniques. For example, the grandfather can be a full backup that is stored off-site once per month, the father is a full backup that is conducted weekly, and the son is an incremental or differential backup conducted each day. For example, each Monday a full backup can be conducted which becomes the father. Then, each day of the week a son is created by performing an incremental or differential backup. Once per month, a full backup is conducted to become the grandfather and could be moved off-site.

The Tower of Hanoi is a backup rotation scheme that rotates backup media sets throughout the backup process to minimize wear and failure of tape backup media. For example, when using this method with four backup tapes labeled A, B, C, and D, a total of 16 days of backups can be maintained with just 4 tapes. Tape A is used every odd-numbered day for 16 days. Tape B is used on days 2, 6, 10, and 14. Tape C is used on days 4 and 12. Tape D is used on days 8 and 16. This allows Tape A to be overwritten every other day, while Tape B is overwritten every four days and Tapes C and D are overwritten every 8 days.

The First In First Out (FIFO) backup scheme uses a set number of tapes and overwrites the oldest tape with the newest information. For example, if there are 7 tapes in use, every evening a new backup is conducted over the previous week’s daily backup. To have a longer amount of days of backups, a technician simply needs to increase the number of tapes from 7 to 14 or 21.

Question 24

What permissions would be represented by the octal 517?

a) rwx–xr-x
b) –xr-xrwx
c) r-xrwx–x
d) r-x–xrwx

Answer 24

d) r-x–xrwx

R-X is 5, –X is 1, and RWX is 7. In Linux, you can convert letter permissions to octal by giving 4 for each R, 2 for each W, and 1 for each X. R is for read-only, W is for write, and X is for execute. The permissions strings are written to represent the owner’s permissions, the group’s permissions, and the other user’s permissions.

Question 25

You are troubleshooting an issue with multiple workstations that are having network connectivity issues. The network also has two servers connected to the network, but they do not have any connectivity issues. You look at the network configuration of the two servers and notice they are using static IP addresses. Based on what you know so far, what is most likely the cause of the workstation’s network connectivity issue?

a) The network’s router is currently down
b) The wireless network adapter for each workstation was accidentally disabled
c) The internet connection for the network is down
d) The workstations are most likely configured to use dynamically assigned IP addresses and DHCP is not working properly

Answer 25

d) The workstations are most likely configured to use dynamically assigned IP addresses and DHCP is not working properly

Based on the symptoms provided, it appears that the servers are using static IP addresses, and the workstations are using dynamically assigned ones. If the DHCP is not functioning properly for the network, any workstations that rely on a dynamically assigned IP address will have connectivity problems. This issue would not affect statically assigned machines such as the servers. To fix this issue, the DHCP services need to be restored and be available to accept connections from the clients on the network who require dynamic IP assignments.

Question 26

Which Linux command is used to print the full contents of a file to the screen at once?

a) dig
b) cat
c) grep
d) ls

Answer 26

b) cat

The cat command allows the creation of single or multiple files, view file contents, concatenate files, and redirect output in the terminal to a file.
The grep is a command-line utility for searching plain-text data sets for lines that match a regular expression.
The dig command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information.
The ls command lists the files or directories in the current path of a Unix, Linux, or Mac operating system. When invoked without any arguments, ls lists the files in the current working directory.

Question 27

Which of the following file system formatting types should be used with older recordable optical discs?

a) FAT32
b) CDFS
c) NTFS
d) UDF

Answer 27

b) CDFS

The CD File System (CDFS or ISO 9660) is a legacy file system used for CD optical disc media (CD-ROM and CD-R).

Question 28

Which command-line tool is used on a Windows system to move upward in a directory within the system’s directory structure?

a) cd ..
b) dir
c) cd .
d) ls

Answer 28

a) cd ..

The cd command is used to change the directory. If used with the “cd ..” option, it will move up one directory in the file system’s directory structure.
If used with the “cd .” option, it will remain in the current directory.

Question 29

Several users have contacted the help desk to report that they received an email from a well-known bank stating that their accounts have been compromised and they need to “click here” to reset their banking password. Some of these users are not even customers of this particular bank, though. Which of the following best describes this type of attack?

a) Phishing
b) Spear phishing
c) Brute force
d) Whaling

Answer 29

a) Phishing

Phishing is an email-based social engineering attack in which the attacker sends an email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim. Phishing attacks target an indiscriminate large group of random people. The email in this scenario appears to be untargeted since it was sent to both customers and non-customers of this particular bank so it is best classified as phishing.
Spear phishing is the fraudulent practice of sending emails from a seemingly known or trusted sender to induce targeted individuals to reveal confidential information.

Question 30

A customer brought in a computer that has been infected with a virus. Since the infection, the computer began redirecting all three of the system’s web browsers to a series of malicious websites whenever a valid website is requested. You quarantined the system, disabled the system restore, and then perform the remediation to remove the malware. You have scanned the machine with several anti-virus and anti-malware programs and determined it is now cleaned of all malware. You attempt to test the web browsers again, but a small number of valid websites are still being redirected to a malicious website. Luckily, the updated anti-virus you installed blocked any new malware from infecting the system. Which of the following actions should you perform NEXT to fix the redirection issue with the browsers?

a) Reformat the system and reinstall the OS
b) Perform a System Restore to an earlier date before the infection
c) Verify the hosts file has not been maliciously modified
d) Install a secondary anti-malware solution on the system

Answer 30

c) Verify the hosts file has not been maliciously modified

*Browser redirection usually occurs if the browser’s proxy is modified or the hosts.ini file is modified. If the redirection occurs only for a small number of sites or occurs in all web browsers on a system, it is most likely a maliciously modified hosts file. *

Question 31

An Android user recently cracked their screen and had it replaced. If they are in a dark room, the phone works fine. If the user enters a room with normal lights on, then the phone’s display is dim and hard to read. What is MOST likely the problem?

a) Faulty ambient light sensor
b) Auto-brightness is enabled
c) Low battery
d) Defective display

Answer 31

a) Faulty ambient light sensor

The ambient light sensor appears to be broken or malfunctioning. The ambient light sensor may be too sensitive as it is taking in more light than usual. This can occur if the sensor is faulty or if the screen was replaced incorrectly, and the technician forgot to install the black gasket around the ambient light sensor.

Question 32

You are troubleshooting a user’s laptop that is unable to print a document. You have verified the printer is working and properly connected to the workstation by USB. Which log in Windows 10 would you review to determine if the print spooler service is causing this issue?

a) Application log
b) Security log
c) Setup
d) System log

Answer 32

d) System log

The system log contains information about service load failures, hardware conflicts, driver load failures, and more.
The security log contains information regarding audit data and security on a system. For example, the security log contains a list of every successful and failed login attempt.

Question 33

Which command-line tool is used on a Windows system to erase all the data on a hard disk and ensure it is ready to accept new Windows files?

a) format /fs:NTFS
b) diskpart list disk
c) chkdsk /f
d) sfc /now

Answer 33

a) format /fs:NTFS

The format command creates a new root directory and file system for the disk. It can check for bad areas on the disk, and it can delete all data on the disk. To use a new disk, you must first use the format command to format the disk.

Question 34

Which of the following types of backups generates the recovered files from a complete copy of a file created at some point in time and one or more partial backups created at later times to merge them into the recovered data?

a) Differential
b) Synthetic
c) Full
d) Incremental

Answer 34

b) Synthetic

Synthetic backup is the process of generating a file from a complete copy of a file created at some past time and one or more incremental copies created at later times. The expression synthetic in this context refers to the fact that the assembled file is not a direct copy of any single current or previously created file. Instead, a synthetic file is merged or synthesized by a specialized application program from the original file and one or more modifications to it.

A full backup creates a copy of all the selected data regardless of when it was previously backed up. It takes the most time to complete a backup but is the fastest when conducting a restoral of all the data on a hard drive.

A differential backup only creates a copy of the selected data that has been modified since the last full backup. It is a good compromise in speed between a full backup (which takes the longest to backup and the least to restore) and an incremental backup (which takes the least to backup and the longest to restore).

An incremental backup only creates a copy of new files and files modified since the last full, incremental, or differential backup. Therefore, it takes the least amount of time to complete a backup. Unfortunately, it also takes the most time to restore since you have to first restore the full backup, then any differential and incremental backups until all your data is restored.

Question 35

A coworker is creating a file containing a script. You look over their shoulder and see “#!/bin/bash” as the first line in the file. Based on this, what type of file extension should this script use?

a) .sh
b) .vbs
c) .bat
d) .py

Answer 35

a) .sh

*A shell script is a file that contains a list of commands to be read and executed by the shell in Linux and macOS. A .sh file is used for a shell script and its first line always begins with #!/bin/bash that designates the interpreter. This line instructs the operating system to execute the script. Shell scripts allow you to perform various functions. These functions include automation of commands and tasks of system administration and troubleshooting, creating simple applications, and manipulating text or files. *

Question 36

You are troubleshooting a user’s workstation that is operating extremely slowly. You open the Task Manager and see that only Microsoft Word is currently running, but the CPU and network utilization is consistently running between 95-100%. Which of the following is MOST likely causing this issue?

a) The application is not compatible with this OS
b) The computer has become a zombie
c) The computer is the victim of a DoS attack
d) The network’s firewall is blocking outbound traffic

Answer 36

b) The computer has become a zombie

The workstation has most likely become a zombie. A zombie is any workstation running unauthorized software that directs the device to participate in a DDoS attack as part of a larger botnet. A botnet is a network of computers that have been compromised by a Trojan, rootkit, or worm malware. This workstation would then attempt to flood the victim’s computer with requests over the network. These requests would require CPU and network resources to make, causing the utilization to rise to 95-100% resource utilization. Since Microsoft Word can run macros, it is possible it has become infected and is now part of a larger botnet.

Question 37

Windows file servers commonly hold sensitive files, databases, passwords, and more. What common vulnerability is usually used against a Windows file server to expose sensitive files, databases, and passwords?

a) Cross-site scripting
b) CRLF injection
c) Missing patches
d) SQL injection

Answer 37

c) Missing patches

Missing patches are the most common vulnerability found on both Windows and Linux systems. When a security patch is released, attackers begin to reverse engineer the security patch to exploit the vulnerability. If your servers are not patched against the vulnerability, they can become victims of the exploit, and the server’s data can become compromised.