Practice Test #5 Questions Flashcards
Your companies share drive has several folders that have become encrypted by a piece of ransomware. During your investigation, you found that only the Sales department folders were encrypted. You continue your investigation and find that a salesperson’s workstation was also encrypted. You suspect that this workstation was the original source of the infection. Since it was connected to the Sales department share drive as a mapped S:\ drive, it was also encrypted. You have unplugged the network cable from this workstation. What action should you perform NEXT to restore the company’s network to normal operation?
a) Schedule a full disk anti-malware scan on the workstation
b) Schedule weekly scans and enable on-access scanning
c) Disable System Restore on the workstation
d) Restore the Sales department folders from backups
d) Restore the Sales department folders from backups
Since the share drive affects multiple users, not just this one salesperson, it should be prioritized for recovery first. Since the workstation has been quarantined from the network, it is no longer a threat to the shared drive data. Therefore, you should restore the latest backup of the Sales folders to the share drive. This will enable the rest of the Sales department to get back to normal operations.
Then, you should focus on remediating this workstation. The next step for that remediation would be to disable System Restore, remediate the infected workstation by updating the anti-malware software, and conduct scans
Marta’s organization is concerned with the vulnerability of a user’s account being vulnerable for an extended period of time if their password was compromised. Which of the following controls should be configured as part of their password policy to minimize this vulnerability?
a) Password complexity
b) Minimum password length
c) Password expiration
d) Password history
c) Password expiration
A password expiration control in the policy would force users to change their passwords at specific time intervals. This will then lock out a user who types in the incorrect password or create an alter that the user’s account has been potentially compromised. While the other options are good components of password security to prevent an overall compromise, they are not effective against the vulnerability described in this particular scenario. It states the issue is based on time. Password history is used to determine the number of unique passwords a user must use before using an old password again. The Passwords must meet complexity requirements policy setting determines whether passwords must meet a series of guidelines that are considered important for a strong password. Maximum password length creates a limit to how long the password can be, but a longer password is considered stronger against a brute force attack.
A coworker is creating a file containing a script. You look over their shoulder and see “net use s:\fileserver\videos” in the file. Based on this, what type of file extension should this script use?
a) .vbs
b) .bat
c) .js
d) .py
b) .bat
Batch scripts run on the Windows operating system and, in their simplest form, contain a list of several commands that are executed in a sequence. A .bat file is used for a batch script. You can run the file by calling its name from the command line or double-clicking the file in File Explorer. Generally, batch file scripts run from end to end and are limited in branching and user input.
VBScript is a scripting language based on Microsoft’s Visual Basic programming language. Network administrators often use VBScript to perform repetitive administrative tasks. With VBScript, you can run your scripts from either the command-line or the Windows graphical interface. Scripts that you write must be run within a host environment. Windows 10 provides Internet Explorer, IIS, and Windows Script Host (WSH) for this purpose.
Which of the following commands can a technician use on a Linux server to verify the IP address associated with diontraining.com?
a) netstat
b) dig
c) grep
d) apt-get
b) dig
The dig command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information.
The netstat command is used to display the network statistics.
The grep is a command-line utility for searching plain-text data sets for lines that match a regular expression.
The grep command works on Unix, Linux, and macOS operating systems. Grep is an acronym that stands for Global Regular Expression Print. The apt-get utility is a powerful package management command-line program that works with Ubuntu’s APT (Advanced Packaging Tool) library to install new software packages, remove existing software packages, upgrade existing software packages, and even upgrade the entire operating system. The apt-get utility works with Ubuntu and Debian-based Linux distributions.
Your Windows 10 machine has just crashed. Where should you look to identify the cause of the system crash and how to fix it?
a) BSOD (blue screen of death)
b) DDOS
c) MAC
d) POST (Power On Self Test)
a) BSOD (blue screen of death)
*When your Windows 10 machine crashes, the Blue Screen of Death (BSOD) is often the first place to look for clues. Here’s why: BSOD (Blue Screen of Death): The BSOD provides critical information about system crashes, such as error codes, memory dump, and driver or hardware issues that led to the crash. The error message displayed on the BSOD typically includes a STOP code (such as 0x0000007E or 0x00000050) and a brief description of the error, which can help in diagnosing the cause of the crash. Sometimes, the BSOD will also mention a specific driver or process that may be involved in the crash, which is useful for troubleshooting. You can analyze the minidump files (created after a BSOD occurs) to get more details on what caused the crash. Tools like Event Viewer or BlueScreenView can help you analyze these files.
Why not the other options?
b) DDOS (Distributed Denial of Service):
A DDoS attack typically causes a network service to become unavailable by overwhelming it with a flood of traffic. It does not directly cause a system crash (like a BSOD), and it would not be logged in the BSOD itself.
c) MAC (Media Access Control):
The MAC address refers to a unique identifier assigned to network interfaces and is unrelated to system crashes. It’s part of network communication and has no direct connection to the cause of a system crash in Windows.
d) POST (Power On Self Test):
POST occurs when the computer is first powered on and performs hardware diagnostics before the operating system starts loading. If your system is already crashing (after it has started running), POST is not relevant. It’s only used to detect initial hardware failures when starting the machine, not for identifying issues that occur after boot.*
Tony works for a company as a cybersecurity analyst. His company runs a website that allows public postings. Recently, users have started complaining about the website having pop-up messages asking for their username and password. Simultaneously, your security team has noticed a large increase in the number of compromised user accounts on the system. What type of attack is most likely the cause of both of these events?
a) Rootkit
b) Cross-site request forgery
c) SQL injection
d) Cross-site scripting
cross-site scripting (XSS)
This scenario is a perfect example of the effects of a cross-site scripting (XSS) attack. If your website’s HTML code does not perform input validation to remove scripts that may be entered by a user, then an attacker can create a popup window that collects passwords and uses that information to compromise other accounts further.
A cross-site request forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated.
An XSS will allow an attacker to execute arbitrary JavaScript within the victim’s browser (such as creating pop-ups).
A CSRF would allow an attack to induce a victim to perform actions they do not intend to perform.
A rootkit is a set of software tools that enable an unauthorized user to control a computer system without being detected.
SQL injection is the placement of malicious code in SQL statements via web page input. None of the things described in this scenario would indicate a CSRF, rootkit, or SQL injection.
Which of the following commands is used to edit a text file on a Linux server?
a) pwd
b) nano
c) cat
d) grep
b) nano
The nano utility is an easy-to-use command-line text editor for Linux systems. Nano includes the functionality of a regular text editor, as well as syntax highlighting, multiple buffers, search and replace with regular expression support, spellchecking, UTF-8 encoding, and more.
The cat (short for “concatenate“) command is one of the most frequently used commands in Linux/Unix. The cat command allows the creation of single or multiple files, view file contents, concatenate files, and redirect output in the terminal to a file.
The grep is a command-line utility for searching plain-text data sets for lines that match a regular expression. The grep command works on Unix, Linux, and macOS operating systems. Grep is an acronym that stands for Global Regular Expression Print.
The pwd command displays the present working directory (current directory) path to the terminal or display. If you are working on a Linux system and are unsure of where you are in the directory structure, type “pwd” and hit enter to display the path to the screen.
Which of the following commands is used on a Linux system to safely turn off a server?
a) shutdown
b) kill
c) rm
d) ps
a) shutdown
The shutdown command brings the system down in a secure way. When the shutdown is initiated, all logged-in users and processes are notified that the system is going down, and no further logins are allowed. You can shut down your system immediately or at the specified time.
The ps command is used to list the currently running processes, and their PIDs and some other information depend on different options. It reads the process information from the virtual files in the /proc file system. The /proc directory contains virtual files and is known as a virtual file system.
The kill command sends a signal to specified processes or process groups, causing them to act according to the signal. When the signal is not specified, it defaults to -15 (-TERM), which terminates the specified process by gracefully stopping it. If “kill -9” is used instead, it will immediately kill the process.
The rm command is a command-line utility for removing files or directories. To remove a file, pass the name of a file or files to the rm command, and those files will be removed immediately from the file system.
A user contacts the service desk after they just finished attempting to upgrade their laptop to Windows 10. The upgrade failed, and the user asks you to explain why. Which of the following log files should you review to determine the cause of the upgrade failure?
a) Setup log
b) Application log
c) System log
d) Security log
a) Setup log
The setup log contains a record of the events generated during the Windows installation or upgrade process.
The application log contains information regarding application errors.
The system log contains information about service load failures, hardware conflicts, driver load failures, and more.
The security log contains information regarding audit data and security on a system. For example, the security log contains a list of every successful and failed login attempt.
A user’s computer was running out of storage space, so they decided to install a new second 1 TB hard disk drive (HDD) into their Windows 10 computer. Whenever they attempt to boot up the computer, an error of “No Operating System Found” is displayed on their screen. You unplugged the new 1 TB HDD, and then the computer boots up without any errors. You have just reconnected the 1 TB HDD. What step should you attempt NEXT to fix this issue?
a) Reboot the computer into safe mode
b) Verify the boot order in the BIOS/UEFI
c) Format the 1 TB HDD
d)Reinstall Windows to the 1 TB HHD
b) Verify the boot order in the BIOS/UEFI
If more than one hard drive is connected to the computer, it is important to verify the correct boot order is listed in the BIOS/UEFI. In this scenario, it sounds like the system is configured to boot first from the 1 TB HDD and then from the original HDD. If this order is switched in the boot order, the system will boot without generating the error message.
Formatting the HDD will not solve this problem since a formatted drive does not have an operating system installed by default.
You have been asked to recycle 20 of your company’s old laptops. The laptops will be donated to a local community center for underprivileged children. Which of the following data destruction and disposal methods is MOST appropriate to allow the data on the drives to be fully destroyed and the drives to be reused by the community center?
a) Drill/hammer the HDDs platters
b) Low-level formatting of the HDDs
c) Degaussing of the HDDs
d) Standard formatting of the HDDs
b) Low-level formatting of the HDDs
Low-level formatting is a hard disk operation that should make recovering data from your storage devices impossible once the operation is complete. It sounds like something you might want to do if giving away a hard disk or discarding an old computer that may have contained useful and important private information.
Standard formatting of the drives could allow the data to be restored and make the data vulnerable to exposure.
Drilling or hammering the HDD platters would physically destroy the drives and the data, making the laptops useless for the community center.
Degaussing the drives would also render the drives useless to the community center. Therefore, the safest method is a low-level format since it fully destroys the data and allows the drives to be reused by the community center.
A user’s workstation is infected with malware. You have quarantined it from the network. When you attempt to boot it to the Windows 10 desktop, it fails. Which of the following should you do NEXT to begin remediating this system?
a) Format the workstation and reinstall Windows 10
b) Disable System Restore and reinstall Window 10
c) Restore the workstation from the last system restore point
d) Restart into Safe Mode and conduct an antivirus scan
d) Restart into Safe Mode and conduct an antivirus scan
*Observing Windows in safe mode enables you to narrow down the source of a problem and can help you troubleshoot problems on your PC. Safe Mode will allow you to restore an earlier System Restore point, but it will not allow you to disable System Restore. Restoring to the last system restore point may not restore the system to the time before the malware infection. Formatting and reinstalling Windows would lead to data loss for the user. Therefore, you should attempt to remediate the malware infection from Safe Mode first. *
You were troubleshooting a recently installed NIC on a workstation and decided to ping the NIC’s loopback address. Which of the following IPv4 addresses should you ping?
a) 10.0.0.1
b) 127.0.0.1
c) 192.168.1.1
d) 172.16.1.1
b) 127.0.0.1
The loopback address is 127.0.0.1 in IPv4, and it is reserved for troubleshooting and testing. The loopback address is used to receive a test signal to the NIC and its software/drivers to diagnose problems. Even if the network cable is unplugged, you should be able to ping your loopback address successfully.
The other three IP addresses presented as options are private Class A, Class B, or Class C addresses, and not the loopback address.
You want to enable a security feature that would remember the Layer 2 address first connected to a particular switch port to prevent someone from unplugging a workstation from the switch port and connecting their own SOHO wireless router to that same switch port. Which of the following security features would BEST accomplish this goal?
a) Single sign-on
b) Firewall
c) Port security
d) Login script
c) Port security
Port security enables an administrator to configure individual switch ports to allow only a specified number of MAC addresses to use that port. Port Security helps secure the network by preventing unknown devices from forwarding packets. When a link goes down, all dynamically locked addresses are freed.
Dion Training uses a patch management server to control the distribution and installation of security patches. A technician needs to configure a new Windows 10 workstation to not perform Windows Updates automatically. Which of the following features in the Task Manager should the technician use to disable the Windows Update service?
a) Services
b) Startup
c) Processes
d) Performance
a) Services
*The task manager is an advanced Windows tool that has 7 tabs that are used to monitor the Processes, Performance, App History, Startup, Users, Details, and Services on a computer. By clicking the Services tab, the technician can list all of the services installed on the computer, display their status, and start/stop/restart those services. *
*By clicking the Startup tab, the technician can see every program configured to start up when Windows is booted up. This can be used to disable unwanted programs from launching during the boot-up process. *
During a disaster recovery, which of the following statements is true?
a) A virtual machine has more downtime than a physical server
b) A virtual machine has less downtime than a physical server
c) A virtual machine cannot be used for redundancy or load balancing
d) Both a virtual machine and a physical server has the same downtime
b) A virtual machine has less downtime than a physical server
A virtual machine can usually be restored much faster than a physical server. Physical servers must be modified to fit the right drivers for the disk drives, NIC, and other necessary components whenever they must be rebuilt after a crash. Often, a new physical server will also be required to replace a faulty one, and then the right drivers are needed to ensure a smooth transition. Conversely, a virtual machine can be recreated using another instance, clone, or restoration from a backup in much less time.
Therefore, the downtime associated with virtual machines and their restoral is much lower.
