Practice Test #6 Questions

Question 1

Jason wants to configure his Windows 10 laptop to more quickly find files when he is searching its hard drive. Which of the following Control Panel sections should he use to configure his laptop for optimal searching performance?

a) Internet Options
b) Power Options
c) Indexing Options
d) File Explorer Options

Answer 1

c) Indexing Options

The Indexing Options is used to configure the method used by Windows when searching for content within the storage devices. When indexing is properly configured, the system will catalog the information on the computer using the words within the files and their metadata to more easily find the content when requested by a user.
The File Explorer Options section of the Control Panel allows technicians to customize the display of files and folders. For example, the File Explorer Options can enable or disable the ability to show hidden files, hide file extensions, and more.
The Internet Options section of the Control Panel allows a technician to manage the Internet settings for their computers, including the security settings, access settings, and add-on control settings.
The Power Options section of the Control Panel allows technicians to customize how a computer manages its power to either conserve energy at the expense of performance or to maximize performance at the expense of energy savings by creating a power plan.

Question 2

Which of the following backup rotation schemes uses a complex mathematical puzzle to extend the number of unique days of backups stored with the least amount of tapes?

a) Grandfather-father-son
b) FIFO Backup
c) Tower of Hanoi
d) 3-2-1 backup

Answer 2

c) Tower of Hanoi

The Tower of Hanoi is a backup rotation scheme that rotates backup media sets throughout the backup process to minimize wear and failure of tape backup media. For example, when using this method with four backup tapes labeled A, B, C, and D, a total of 16 days of backups can be maintained with just 4 tapes. Tape A is used every odd-numbered day for 16 days. Tape B is used on days 2, 6, 10, and 14. Tape C is used on days 4 and 12. Tape D is used on days 8 and 16. This allows Tape A to be overwritten every other day, while Tapes B is overwritten every four days and Tapes C and D are overwritten every 8 days.
The grandfather-father-son (GFS) backup rotation scheme is widely used to combine full and incremental backups to reduce backup time and enhance storage security. The grandfather is a full backup that is stored off-site once per month. The father is a weekly full backup that is conducted. The son is an incremental or differential backup conducted each day. For example, each Monday a full backup can be conducted which becomes the father. Then, each day of the week a son is created by performing an incremental or differential backup. Once per month, a full backup is conducted to become the grandfather. The 3-2-1 backup rule states that an organization should create (3) one primary backup and two copies of the data, (2) save the backups to two different types of media, and (1) keep at least one backup copy off-site.
The First In First Out (FIFO) backup scheme uses a set number of tapes and overwrites the oldest tape with the newest information. For example, if there are 7 tapes in use, every evening a new backup is conducted over the previous week’s daily backup. To have a longer amount of days of backups, a technician simply needs to increase the number of tapes from 7 to 14 or 21.

Question 3

Which of the following types of wireless connections requires a pin to be entered as part of the pairing process before it is utilized?

a) Infrared
b) Bluetooth
c) NFC
d) Radiofrequency

Answer 3

b) Bluetooth

Question 4

You are working for a government contractor who requires all users to use a PIV device when sending digitally signed and encrypted emails. Which of the following physical security measures is being implemented?

a) Key fob
b) Cable lock
c) Biometric reader
d) Smart card

Answer 4

d) Smart card

• A smart card is used in applications that need to protect personal information and/or deliver fast, secure transactions, such as transit fare payment cards, government, and corporate identification cards, documents such as electronic passports and visas, and financial payment cards. Often, smart cards are used as part of a multifactor authentication system in which the smart card and a PIN need to be entered for system authentication to occur. Biometrics are identifying features stored as digital data that can be used to authenticate a user. Typical features used include facial pattern, iris, retina, or fingerprint pattern, and signature recognition. This requires a relevant scanning device, such as a fingerprint reader, and a database of biometric information for authentication to occur.
  The Kensington lock is a small hole found on almost every portable computer or laptop made after 2000. It allows a cable lock to be attached to a portable computer or laptop to lock it to a desk and prevent theft. These locks often use a combination lock or padlock type of locking system. These locks do not affect the user’s ability to use the laptop or device. It only prevents them from moving the laptop from the area.
  A key fob generates a random number code synchronized to a code on the server. The code changes every 60 seconds or so. This is an example of a one-time password. A SecureID token is an example of a key fob that is produced by RSA.*

Question 5

You are troubleshooting a workstation and want to check if any S.M.A.R.T. errors are being reported. Which of the following tools should you use to troubleshoot this workstation?

a) Performance monitor
b) Task scheduler
c) DxDiag
d) DIsk managment

Answer 5

d) DIsk managment

The disk management tool is used to display the drive status, mount the drive, initialize the drive, and create/split/extend/shrink drive partitions. The utility displays a summary of any fixed and removable drives attached to the system. From the Disk Management console, you can see the S.M.A.R.T. status of each hard disk. The task scheduler is a tool included with Windows that allows predefined actions to be automatically executed whenever a certain set of conditions is met. For example, you can schedule a task to run a backup script every night or send you an email whenever a certain system event occurs. The DirectX diagnostic (dxdiag.exe) utility is used to collect info about devices to help troubleshoot problems with DirectX sound and video. It is a diagnostics tool used to test DirectX functionality and troubleshoot video-related or sound-related hardware problems. DirectX diagnostic can save text files with the scan results. Performance monitor (perfmon.msc) is a performance monitoring and system monitoring utility in Windows that is used to monitor the activities on CPU and memory activity on a computer. The performance monitor is used to view performance data either in real-time or from a log file. The performance monitor can only monitor the resource utilization, but it cannot manage or terminate those processes.

Question 6

What anti-malware solution is installed as a dedicated on-premise appliance to scan all incoming traffic and prevent malware from being installed on any of your clients without requiring the installation of any software on your clients?

a) Signature-based anti-malware
b) Network-based anti-malware
c) Cloud-based anti-malware
d) Host-based anti-malware

Answer 6

b) Network-based anti-malware

The network-based anti-malware can help prevent malware attacks by scanning all incoming data to prevent malware from being installed and infecting a computer. Network-based anti-malware solutions can be installed as a rack-mounted, in-line network appliance in your company’s on-premise datacenter to protect every client and server on the network without having to install software on each of the clients. Network-based anti-malware solutions often come as part of a unified threat management (UTM) appliance.
Cloud antivirus is a programmatic solution that offloads antivirus workloads to a cloud-based server, rather than bogging down a user’s computer with a complete antivirus suite. Cloud-based solutions do not use on-premise appliances as part of their installation.
Host-based anti-malware relies upon the installation of an agent to detect threats such as viruses, spam, and rootkits to protect the client it is installed upon. Host-based malware often uses signatures to detect and remove malicious code. Signature-based anti-malware is a generic category of malware that may be implemented through host-based, network-based, or cloud-based anti-malware solutions. Anti-malware either operates using signature-based detection, behavioral-based detection, or heuristic-based detection.

Question 7

An employee was recently moved from the Human Resources department into the Sales department. Which of the following should you check to ensure they no longer have access to the employee data stored in the Human Resource department share drives?

a) Home Folder
b) Security Groups
c) Credential Manager
d) Group Policy

Answer 7

b) Security Groups

A security group is a collection of user accounts that can be assigned permissions in the same way as a single user object. Security groups are used when assigning permissions and rights, as it is more efficient to assign permissions to a group than to assign them individually to each user. You can assign permissions to a user simply by adding the user to the appropriate group. In most corporate environments, security groups control access to share drives, mailing lists, and other network resources.

Question 8

An offsite tape backup storage facility is involved with a forensic investigation. The facility has been told they cannot recycle their outdated tapes until the conclusion of the investigation. Which of the following is the MOST likely reason for this?

a) A notice of a legal hold
b) A data transport request
c) The process of discovery
d) A chain of custody breach

Answer 8

a) A notice of a legal hold

A legal hold is a process that an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. If a legal hold notice has been given to the backup service, they will not destroy the old backup tapes until the hold is lifted. The process of discovery is the formal process of exchanging information between the parties about the witnesses and evidence they will present at trial.
The chain of custody is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence.
A data transport request is a formalized request to initiate a data transfer by establishing a circuit or connection between two networks.

Question 9

Which of the following types of attacks involves changing the system’s MAC address before it connects to a wireless network?

a) Zombie
b) DDoS
c) Spoofing
d) Botnet

Answer 9

c) Spoofing

Question 10

You attempt to boot a Windows 10 laptop and receive an “Operating System Not Found” error on the screen. You can see the hard disk listed in the UEFI/BIOS of the system. Which of the following commands should you use to add the Windows installation to the boot manager?

a) bootrec /rebuildbcd
b) bootrec /fixmbr
c) bootrec /fixboot
d) diskpart list

Answer 10

a) bootrec /rebuildbcd

he Boot Configuration Data (BCD) stores the list of known Windows installations that can be booted from a hard drive. If the Windows installation is not listed, the computer will be unable to boot into Windows. To add a missing Windows installation to the Boot Configuration Database (BCD), you should use the command “bootrec /rebuildbcd” and reboot the computer. If the disk cannot be detected, enter the system setup and try modifying settings (or even resetting the default settings). If the system firmware reports the disk’s presence, but Windows still will not boot, use a startup repair tool to open a recovery mode command prompt and use the bootrec tool to repair the drive’s boot information. The “bootrec /fixmbr” command is used to attempt a repair of the master boot record of a drive. The “bootrec /fixboot” command is used to attempt a repair of the boot sector of a drive. The diskpart command is a command-line disk-partitioning utility available for Windows that is used to view, create, delete, and modify a computer’s disk partitions.

Question 11

Which version should you use when installing a Linux operating system and are concerned with end-of-life support?

a) Rolling release
b) Developer release
c) LTS (Long Term Support) release
d) Beta release

Answer 11

c) LTS (Long Term Support) release

The LTS (Long-Term Support) release is well-supported and will be regularly updated by the Linux distribution to support new hardware, performance, and security improvements. These LTS releases are supported for a long time (approximately 10 years), so they are great to use in production systems like servers.
A beta release is a pre-release of a software product that is given out to a large group of users to try under real conditions. Beta versions have gone through alpha testing in-house and are generally fairly close in look, feel and function to the final product.
A developer release is a pre-release of a software product that is given out to software developers to test and modify their existing products to the upcoming version of an operating system or application.
Rolling release is a concept in software development where an application is frequently updated through the release of new features over time.

Question 12

You are troubleshooting an issue with a Windows desktop and need to display the machine’s active TCP connections. Which of the following commands should you use?

a) netstat
b) ping
c) net use
d) ipconfig

Answer 12

a) netstat

The netstat command is used to display active TCP connections, ports on which the computer is listening, Ethernet statistics, the IP routing table, IPv4 statistics (for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols) on a Windows machine. This is a useful command when determining if any malware has been installed on the system and maybe maintaining a remote connection with a command and control server.
The ipconfig tool displays all current TCP/IP network configuration values on a given system.
The ping command is used to test a host’s reachability on an Internet Protocol network.
The net use command is used to connect to, remove, and configure connections to shared resources such as mapped drives and network printers.

Question 13

You have just finished installing a new workstation for a user in your office. They need to be able to see the other workstations on the company’s workgroup. Which of the following settings should you ensure is enabled?

a) Enable an RDP connection
b) Enable BitLocker
c) Enable network discovery
d) Enable file and folder sharing

Answer 13

c) Enable network discovery

• Network discovery allows Windows 10 to find other computers and devices on a network. This feature is automatically turned on when connected to private networks like the one in your home or workplace. Network discovery is turned off when you’re connected to public networks that shouldn’t be trusted, and you should not allow your PC to be discoverable on those networks. If your Windows 10 computer or device can’t view other computers on the network, two things are probably at fault: either the incorrect network profile is assigned (public instead or private), or network discovery is disabled.
  Remote desktop protocol (RDP) is used to connect to a remote desktop session on a host computer or server. File and folder sharing is enabled to allow other users on a network to access files and folders on a computer or server.
  Bitlocker is used on a Windows 10 Pro, Education, or Enterprise edition workstation to perform full disk encryption on the operating systems storage devices.*

Question 14

Which of the following commands is used on a Linux system to delete all the files and directories in a Linux system’s filesystem?

a) rm -rf .
b) rm .
c) rm /
d) rm -rf /

Answer 14

d) rm -rf /

The rm command is a command-line utility for removing files or directories. The “rm -rf /” is the most dangerous command to issue in Linux. The rm -rf command is one of the fastest ways to delete a folder and its contents. But a little typo or ignorance may result in unrecoverable system damage.
The -r option means that the command will recursively delete the folder and its subfolders.
The -f option means that even read-only files will be removed without asking the user. The use of / indicates that the remove command should begin at the root directory (/) and recursively force all files and folders to be deleted under the root. This would delete everything on the system.
The . would only begin deleting from the current working directory and then delete all files and folders further down the directory structure, not the entire file system.

Question 15

Which of the following Control Panel sections contains various tools like computer management, disk cleanup, print management, and the registry editor?

a) Device Manager
b) Administrative Tools
c) System
d) Devices and Printers

Answer 15

b) Administrative Tools

Question 16

You need to move a 75-pound box with a rack-mounted UPS in it. Which of the following actions should you take?

a) Lift with your back and not your legs
b) Open the box and carry up the UPS in pieces
c) Lift with your legs and not your back
d) Ask a coworker to team lift it with you

Answer 16

d) Ask a coworker to team lift it with you

Since the box is over 50 pounds, you should ask a coworker to team lift the box with you. Team lifting is when two or more people work together to pick up a heavy or bulky object. When you need to lift or carry items, be aware of what your weight limitations are, as well as any restrictions and guidance outlined in your job description or site safety handbook. Weight limitations will vary depending on context. When lifting objects, always lift using your legs and not your back.
A rack-mounted UPS is a self-contained unit, making it impossible to carry up in multiple pieces.

Question 17

Which of the following allows users to save their current session to disk and before powering down their Windows 10 laptop?

a) Lock
b) Sleep
c) Hibernate
d) Shutdown

Answer 17

c) Hibernate

Hibernate mode is used to save the current session to disk before powering off the computer to save battery life when the system is not being used. The computer takes longer to start up again from hibernate mode than it does from the sleep or standby mode.
Sleep or standby mode is used to save the current session to memory and put the computer into a minimal power state to save battery life when the system is not being used. The computer takes less time to start up again from the sleep or standby mode than it does from the hibernate mode.
Shutdown mode completely powers off the computer and does not save the current user session to disk. Instead, the shutdown will close all open files and log out the user during the shutdown process.
A lock will secure the desktop with a password while leaving programs running.

Question 18

A user’s SOHO wireless network appears to have significantly slowed down today. Normally, they can download files at 900 Mbps or more, but today, they only averaged 23 Mbps when downloading. You check their wireless settings and see the following: Network SSID: DionTraining Security: WPA2 Password: diontraining Mode: AC ISP: Fiber1Gbps Which of the following is MOST likely the problem?

a) The WAN type needs to be upgraded to DSL or cable
b) Additional transmission power is needed for the wireless signal
c) Other users have connected to the WiFi due to a weak password
d) WPA2 reduces download speeds and the user should swithc to WPA3

Answer 18

c) Other users have connected to the WiFi due to a weak password

Other users have likely connected to this wireless network since the SSID being broadcast and the password are both similar. The additional usage by those users could drastically slow down this user’s overall connection speed. For example, some attackers will look for open WiFi or wireless networks with weak passwords. When they find them, they will connect servers with illicit files on them for others to download. This would reduce the connection speed for legitimate users. The WAN type is displayed as a Fiber connection at 1 Gbps, therefore it does not need to be upgraded or changed. WPA2 and WPA3 are forms of encryption and do not affect the overall speed of the network drastically. There is no indication in the scenario that there is a weak signal or a low signal-to-noise ratio that would require additional transmission power to be added.

Question 19

A co-worker just sent you a macro-enabled Microsoft Word document. After you opened the file, your computer began to delete the photos stored in your c:\photos directory. What type of malware did you MOST likely receive?

a) Worm
b) Rootkit
c) Trojan
d) Virus

Answer 19

d) Virus

A virus is malicious software designed to infect computer files or disks when it is activated. A virus may be programmed to carry out other malicious actions, such as deleting files or changing system settings. A trojan is a type of malware that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general, inflict some other harmful action on your data or network. The most common form of a trojan is a Remote Access Trojan (RAT), which allows an attacker to control a workstation or steal information remotely. To operate, a trojan will create numerous processes that run in the background of the system.
A worm is a standalone malware computer program that replicates itself to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. A worm can spread on its own, whereas a virus needs a host program or user interaction to propagate itself.
A rootkit is a clandestine computer program designed to provide continued privileged access to a computer while actively hiding its presence. A rootkit is generally a collection of tools that enabled administrator-level access to a computer or network. They can often disguise themselves from detection by the operating system and anti-malware solutions. If a rootkit is suspected on a machine, it is best to reformat and reimage the system.

Question 20

Michael, a salesman, is on a business trip and is trying to access his corporate email over the hotel’s Wi-Fi network. Michael’s laptop appears to be connected to the hotel’s wireless network, but his email client cannot download any new messages and states, “Network Offline.” Michael contacts the help desk for assistance. What action should the help desk technician tell Michael to perform to solve this issue?

a) Disable and reenable the wireless network adaptor on his laptop
b) Perform a full system scan for malware on his laptop
c) Open a web browser, enter google.com, and see if a redirect page is displayed
d) Disconnect and reconnect to the hotel’s wireless network

Answer 20

c) Open a web browser, enter google.com, and see if a redirect page is displayed

Many hotels use a captive portal with a redirect page with their wireless networks. When users connect to the wireless network, they have to open a web browser and are then redirected to the hotel’s Acceptable Use Policy page. Until the user accepts the terms and conditions, none of their network traffic will be routed to the internet. If the redirect page is shown, Michael can then accept the terms and conditions, and his email client will be able to download his mail again.

Question 21

Which partition of the hard drive is concealed from the user in the File Explorer within Windows 10 and is only used when imaging the computer back to its factory default state?

a) Swap
b) Primary
c) Extended
d) Recovery

Answer 21

d) Recovery

Question 22

Which of the following features allows a Linux server to provide file-sharing services to a company’s Windows 10 workstations?

a) Pathping
b) Keychain
c) Samba
d) Yum

Answer 22

c) Samba

*Samba is used by Linux computers to enable the sharing and access of resources with Windows-based networks. Samba can also be used by Linux servers to provide file-sharing services to Windows clients. *
The yum command is a package manager used with RPM-based Linux distributions to install new software packages, remove existing software packages, upgrade existing software packages, and even upgrade the entire operating system. Keychain is a ​​macOS app for managing passwords cached by the OS and supported browser/web applications.

Question 23

Which of the following types of backup requires the LEAST time to complete a backup?

a) Full
b) Incremental
c) Differential
d) Synthetic

Answer 23

b) Incremental

Question 24

You are working as a desktop repair technician for a large corporation. The company uses the exact same desktop hardware for all of its user’s workstations. Today, you have received multiple calls from users complaining that their screen becomes filled with static when moving their mouse. You noticed that the systems all received a security patch and other updates from the Microsoft Endpoint Configuration Management (MECM) server last night. Which of the following actions should you take to resolve this issue?

a) Use SFC to ensure all system files are correct and not corrupted
b) Rollback the video card river and wait for a new driver to be released
c) Disable the DirectX service in the services.msc
d) Reboot the system into Safe Mode and allow the user to continue their work

Answer 24

b) Rollback the video card river and wait for a new driver to be released*

*Since the issue first appears after the systems received their latest security patch and updates, the video card driver was likely updated last night. Therefore, you should roll back the driver and verify that this solves the issue. If it does, then you should wait for a new version of the video card driver to be released by the manufacturer or submit a trouble ticket to the manufacturer to let them know there is an issue with their current driver’s version. According to the CompTIA Troubleshooting Methodology, you should always question the obvious and ask yourself what has recently changed.

Question 25

Which of the following remote access protocols should you use to connect to a Windows 2019 server and control it with your mouse and keyboard from your workstation?

a) RDP
b) VNC
c) SSH
d) Telnet

Answer 25

a) RDP

Question 26

Your company wants to provide a secure SSO solution for accessing both the corporate wireless network and its network resources. Which of the following technologies should be used?

a) WEP
b) WPA2
c) RADIUS
d) WPS

Answer 26

c) RADIUS

With RADIUS and SSO configured, users on the network can provide their user credentials one time when they initially connect to the wireless access point or another RADIUS client and are then automatically authenticated to all of the network’s resources. The Remote Authentication Dial-in User Service (RADIUS) is used to manage remote and wireless authentication infrastructure. Users supply authentication information to RADIUS client devices, such as wireless access points. The client device then passes the authentication data to an AAA (Authentication, Authorization, and Accounting) server that processes the request. The Terminal Access Controller Access Control System (TACACS+) is a proprietary alternative to RADIUS developed by Cisco for handling authentication.

Question 27

Your Windows 10 workstation is attempting to boot up when it receives the following error, “BOOTMGR is missing; Press Ctrl+Alt+Del to restart.” To fix this, you insert your Windows installation disc and reboot into the Command Prompt under the System Recovery Options. Which of the following commands should you enter in the command prompt?

a) bootrec /fixboot
b) diskpart /repair
c) chkdsk /repair
d) sfc /fixboot

Answer 27

a) bootrec /fixboot

The partition boot sector is stored on the hard disk drive and contains the necessary code to start the Windows boot process. If this partition is corrupt or not properly configured during a Windows install, it would lead to “BOOTMGR is missing or corrupt” errors at startup. You should reboot into the command Prompt under the System Recovery Options using the Windows installation disc to fix this. Then, you should enter bootrec /fixboot. If the master boot record is corrupted, you can also run bootrec /fixmbr and the bootrec /fixboot to solve this issue.

Question 28

Your company is concerned about the possibility of power fluctuations that may occur and cause an immediate loss of power for several minutes to their server room. To prevent this condition, they are installing a large rack-mounted UPS to protect the server. Which type of condition are they trying to prevent using this UPS?

a) Power surge
b) Power spikes
c) Power failure
d) Under-voltage event

Answer 28

**

A power loss or power failure is a total loss of power in a particular area. To protect against a power loss or power failure, a battery backup should be used. A significant over-voltage event that occurs for a very short period of time is known as a power spike. A power spike is a very short pulse of energy on a power line.
Power spikes can contain very high voltages up to and beyond 6000 volts but usually last only a few milliseconds instead of longer but lower voltage power surges.
Power surge: An extended over-voltage event is known as a power surge. A power surge is basically an increase in your electrical current. A power surge often has levels of 10-30% above the normal line voltage and lasts from 15 milliseconds up to several minutes. An under-voltage event is a reduction in or restriction on the availability of electrical power in a particular area. The irregular power supply during an under-voltage event can ruin your computer and other electronic devices. Electronics are created to operate at specific voltages, so any fluctuations in power (both up and down) can damage them. To protect against an under-voltage event, you can use either a battery backup or a line conditioner.

Question 29

Which of the following file system formatting types should be used with a DVD?

a) NTFS
b) CDFS
c) UDF
d) FAT32

Answer 29

c) UDF

*UDF (Universal Disk Format) is the recommended file system for DVDs (and other optical media, such as CDs and Blu-ray discs). It is designed to handle the specific requirements of optical media, such as DVDs, and is compatible with multiple operating systems, including Windows, macOS, and Linux.

Why not the others?
NTFS: While NTFS is a robust file system for hard drives, it is not ideal for optical media like DVDs. DVDs require a file system that supports the read-only or rewritable nature of optical disks, and NTFS does not fulfill this requirement well for such media.
CDFS (Compact Disc File System): CDFS is an older file system used primarily for CDs. It is limited and not suitable for DVDs, which require more advanced features and larger file sizes.
FAT32: FAT32 is an older file system that can be used for optical discs, but it has limitations, such as a 4 GB maximum file size and less flexibility compared to UDF. While it might work for some cases, UDF is a better, more modern choice for DVDs.*

Question 30

You are working as a forensic investigator for the police. The police have a search warrant to capture a suspect’s workstation as evidence for an ongoing criminal investigation. As you enter the room with the policeman, he arrests the suspect and handcuffs him. What should you do FIRST?

a) Turn off the workstation
b) Secure the area
c) Implement the chain of custody
d) Document the scene

Answer 30

b) Secure the area

As a forensic investigator, you should always ‘secure the area’ before taking any other actions. This includes ensuring that no other people are in the area to disrupt your forensic collection (such as the suspect or their accomplices), ensuring the workstation isn’t unplugged from the network or the power, and other actions to prevent the evidence from being tampered with.
Once the area is secure, then you should document the scene, begin your evidence collection, and implement the chain of custody.

Question 31

Which command would be used to display the network address and subnet mask for the wired network connection on a Linux system?

a) ipconfig
b) netstat
c) ip
d) nslookup

Answer 31

c) ip

Question 32

You just installed a flat panel television in a conference room in your office building. The facilities manager is concerned that a lightning strike could damage it. The company is not worried about the threat of power outages because the conference room is only used a few times per week. Which of the following should be installed to BEST mitigate the facilities manager’s concerns without spending too much money?

a) Power strip
b) Line conditioner
c) UPS
d) Surge suppressor

Answer 32

d) Surge suppressor

A surge suppressor defends against possible voltage spikes that could damage your electronics, appliances, or equipment. A power strip will not protect against voltage spikes. A UPS or line conditioner could protect against voltage spikes, but they cost much more than a surge suppressor. A surge suppressor should be used to meet the requirements of this question best. A line conditioner is a device that adjusts voltages in under-voltage and overvoltage conditions to maintain a 120 V output. Line conditioners raise a sag or under-voltage event back to normal levels, but they cannot protect the line from a complete power failure or power outage. An uninterruptible power supply or uninterruptible power source (UPS) is an electrical apparatus that provides emergency power to a load when the input power source becomes too low or the main power fails. A UPS provides near-instantaneous protection from input power interruptions by using a battery backup. The on-battery run-time of most uninterruptible power sources is usually short (less than 60 minutes) but sufficient to properly shut down a computer system. A UPS or line conditioner could protect against voltage spikes, as well.

Question 33

Fail To Pass Systems has just been the victim of another embarrassing data breach. Their database administrator needed to work from home this weekend, so he downloaded the corporate database to his work laptop. On his way home, he left the laptop in an Uber, and a few days later, the data was posted on the internet. Which of the following mitigations would have provided the greatest protection against this data breach?

a) Require all new employees to sign an NDA
b) Require data at rest encryption on all endpoints
c) Require a VPN to be utilized for all telework employees
d) Require data masking for any information stored in the database

Answer 33

b) Require data at rest encryption on all endpoints

The greatest protection against this data breach would have been to require data at rest encryption on all endpoints, including this laptop. If the laptop were encrypted, the data would not have been readable by others, even if it was lost or stolen.
While requiring a VPN for all telework employees is a good idea, it would not have prevented this data breach since the laptop’s loss caused it. Even if a VPN had been used, the same data breach would have still occurred if the employee copied the database to the machine. Remember on exam day that many options are good security practices, but you must select the option that solves the issue or problem in the question being asked.
Similarly, data masking and NDAs are useful techniques, but they would not have solved this particular data breach.

Question 34

Which low power mode is used with Windows 10 laptops to save power, but it takes longer to turn back on and resume where the user left off?

a) Sleep
b) Power saver
c) Balanced
d) Hibernate

Answer 34

d) Hibernate

Hibernate mode is used to save the current session to disk before powering off the computer to save battery life when the system is not being used. The computer takes longer to start up again from hibernate mode than it does from the sleep or standby mode.
Sleep or standby mode is used to save the current session to memory and put the computer into a minimal power state to save battery life when the system is not being used. The computer takes less time to start up again from the sleep or standby mode than it does from the hibernate mode.
The high-performance power plan favors performance over energy savings.
The balanced power plan adjusts the performance to conserve energy on capable hardware.

Question 35

Which of the following backup rotation schemes overwrites the oldest media with the current backup being performed?

a) Grandfather-father-son
b) Tower of Hanoi
c) FIFO backup
d) 3-2-1 backup

Answer 35

c) FIFO backup

*The First In First Out (FIFO) backup scheme uses a set number of tapes and overwrites the oldest tape with the newest information. For example, if there are 7 tapes in use, every evening a new backup is conducted over the previous week’s daily backup. To have a longer amount of days of backups, a technician simply needs to increase the number of tapes from 7 to 14 or 21. The grandfather-father-son (GFS) backup rotation scheme is widely used to combine full and incremental backups to reduce backup time and enhance storage security.

The grandfather is a full backup that is stored off-site once per month. The father is a weekly full backup that is conducted. The son is an incremental or differential backup conducted each day. For example, each Monday a full backup can be conducted which becomes the father. Then, each day of the week a son is created by performing an incremental or differential backup. Once per month, a full backup is conducted to become the grandfather. The 3-2-1 backup rule states that an organization should create (3) one primary backup and two copies of the data, (2) save the backups to two different types of media, and (1) keep at least one backup copy off-site. The Tower of Hanoi is a backup rotation scheme that rotates backup media sets throughout the backup process to minimize wear and failure of tape backup media. For example, when using this method with four backup tapes labeled A, B, C, and D, a total of 16 days of backups can be maintained with just 4 tapes. Tape A is used every odd-numbered day for 16 days. Tape B is used on days 2, 6, 10, and 14. Tape C is used on days 4 and 12. Tape D is used on days 8 and 16. This allows Tape A to be overwritten every other day, while Tapes B is overwritten every four days and Tapes C and D are overwritten every 8 days.*

Question 36

Which of the following Windows tools can a technician use to gather information about a workstation and create a comprehensive list of hardware, system components, and the software environment used by that workstation?

a) resmon.exe
b) devmgmt.msc
c) msinfo32.exe
d) dxdiag.exe

Answer 36

c) msinfo32.exe

System information (msinfo32.exe) is a utility that gathers information about your computer and displays a comprehensive list of hardware, system components, and the software environment that can be used to diagnose computer issues.