Practice Test Qs #2 Flashcards
A user calls the help desk complaining that Windows freezes to a blue screen every time it tries to boot. When the technician arrives, they boot the computer in Safe Mode. After evaluating this situation, what is the BEST reason the technician wants to enter Safe Mode to begin troubleshooting?
a) CHKDSK can be run in Safe Mode
b) Safe Mode is necessary for troubleshooting
c) Safe Mode loads only the minimum amount of drivers and services to start the system.
d) Antivirus scans can be run in Safe Mode.
c) Safe Mode loads only the minimum amount of drivers and services to start the system.
*By using only essential drivers and services to boot, Safe Mode can boot the computer when a normal boot fails, as in this scenario.
The blue screen of death (BSoD) is mostly due to faulty hardware, especially at startup. CHKDSK scans the hard drive to find and repair errors, and it can be run in Safe Mode and many other analysis and recovery tools.
Safe Mode allows antivirus scans to run in an environment that will not trigger viruses or malware.
While Safe Mode provides a favorable environment for troubleshooting, it is not required to use the many troubleshooting tools available in Windows, such as Task Manager, Resource Manager, and Device Manager.*
An employee uses an option to ask for help from a technician with an invitation file protected by a passcode. What is this option?
a) MSRA
b) RDP
c) RMM
d) VPN
a) MSRA
*Microsoft Remote Assistance (MSRA) allows a user to ask for help from a technician or co-worker by an invitation file protected by a passcode. The helper opens the invitation file to connect to the remote system.
Remote Monitoring and Management (RMM) tools are principally designed for use by managed service providers (MSPs).
Remote Desktop Protocol (RDP) implements terminal server and client functionality. RDP authentication and session data are always encrypted.
A virtual private network (VPN) establishes a tunneled link that joins a local computer to a remote network. Establish a VPN link and then use a remote desktop to connect to a host on the private network.*
A server administrator tests connectivity between two statically assigned servers in a forest with different domains. What should they check first in this case?
a) Gateway
b) Subnet mask
c) IP addressing scheme
d) DNS settings
d) DNS settings
*Because the servers are on different domains, DNS should be checked first. The administrator probably uses the hostname instead of the fully qualified domain name (FQDN). If not specified, the host will likely try to resolve to the same domain.
The IP addressing scheme would not be part of the troubleshooting process because the administrator relies on DNS resolution.
The subnet mask could be an issue, but the most likely issue is the different domains.
The gateway could also be configured improperly, although if that were the case, they would not be able to reach out at all, not just the one other server.*
A technician detected and reported an incident, resulting in the appropriate unit being notified and tasked with acting as first responders, taking charge of the situation, and formulating the appropriate response. What is this unit called?
a) Open-Source
b) Chain of custody
c) CSIRT (The computer security incident response team)
d) IRP
c) CSIRT
*The computer security incident response team (CSIRT) is used in some larger organizations to provide a range of decision-making and technical skills required to deal with different types of incidents.
An open-source license makes it free to use, modify, and share and makes the program code used to design it available.
An incident response plan (IRP) sets the procedures and guidelines that an IT team must adopt to deal with security incidents.
A chain of custody form records who collected the evidence, who has handled it subsequently, where they stored it, and must show access to the evidence at every point.*
A server administrator locks down security on their golden client image but is concerned about potentially breaking things in the environment. They decided to set up a test image for test users in various departments before full implementation. What should the administrator use to make individual configuration changes to the image?
a) services.msc
b) gpedit.msc
c) shell:startup
d) regedit.exe
d) regedit.exe
What uses domain names of components loading on the web page against a vast blacklist?
a) Private browsing mode
b) Ad blocker
c) Clearing browsing data
d) Browser sign-in
b) Ad blocker
*An ad blocker is designed to prevent advertisements from loading on a web page. It often works by using a blacklist of known domains that are associated with advertising networks and other tracking services. When a web page is loaded, the ad blocker checks the domain names of components (such as images, scripts, and iframes) against this blacklist and blocks any that are identified as serving ads or tracking users.
Why the other options are incorrect:
a) Private browsing mode: Private browsing (or incognito mode) helps to protect user privacy by not saving browsing history, cookies, or cache. It does not specifically block domains from loading or check against a blacklist.
c) Clearing browsing data: This action removes the user’s browsing history, cookies, cache, and other stored data but does not block or compare domains against any blacklist.
d) Browser sign-in: Signing into a browser (like Google Chrome) allows syncing of data (such as bookmarks and history) across devices. It does not involve checking domain names or blocking components on a webpage.*
Management provides employees with written policies and procedures to help them fulfill their tasks. Which of the following procedures requires employees to enroll and identify themselves using secure credentials?
a) End-user termination checklist
b) Procedures for custom installation of software package
c) New-user setup checklist
d) Assigned users
c) New-user setup checklist
*A New-user setup checklist typically includes procedures for enrolling and identifying new employees in a secure system, which often involves setting up secure credentials (such as usernames, passwords, multi-factor authentication tokens, etc.) to authenticate and authorize their access to the organization’s resources.
Why the other options are incorrect:
a) End-user termination checklist: This checklist focuses on steps to take when an employee leaves the company, such as revoking access to systems, recovering company property, and ensuring data security. It does not involve enrolling new employees or setting up credentials.
b) Procedures for custom installation of software package: This involves instructions for installing software, which may require user authentication, but it doesn’t directly relate to enrolling or identifying employees using secure credentials for accessing systems.
d) Assigned users: This option is a bit vague, but it generally refers to users who have already been assigned roles or credentials. It does not specifically describe a process that requires the enrollment or identification of new users via secure credentials.*
Backup that selects new files and files modified since the original full job.
Full with differential
Backup that select only new files and files modified since the previous job.
Full with incremental
The period between backup jobs.
Frequency
The period that any given backup job is kept for.
Retention
While browsing the internet, a user receives a pop-up that states, “We have detected a Trojan virus. Click OK to begin the repair process.” Out of fright, the user clicks OK. Given the following choices, what is the most likely outcome of the user’s response?
a) User starts experiencing drive-by downloads.
b) Unwanted notifications start popping up in Windows.
c) Nothing happens because Windows BitLocker blocks the Trojan virus.
d) UAC will need to be enabled.
b) Unwanted notifications start popping up in Windows.
*Malware often targets the browser, so clicking on a website pop-up is likely to deliver some type of infection, such as adware, which will deliver unwanted notifications.
A drive-by download will infect a computer with malware because a user visited a malicious site. However, in this scenario, the user was not passive. They actively interacted with the pop-up to install the adware.
BitLocker is an encryption tool, not an antivirus tool.
User Account Controls (UACs) prevent the unauthorized use of administrative privileges. They are enabled by default but can be disabled.*
A company has hundreds of employees who use the same software on their computers, so they offer a company product key to access the software. What is this product?
a) Personal license
b) Data retention requirements
c) Corporate-use license
d) DRM (Digital Rights Management)
c) Corporate-use license
*A corporate-use license is for multiple users, which means the company can install the software on an agreed-upon number of computers for its employees to use simultaneously. The company will offer a valid license with the product key. These can be non-expired licenses as well.
A personal license allows the product to be used by a single person at a time, though it might permit installation on multiple personal devices.
Data retention requirements are regulations that set a maximum period for data retention. The regulation might also demand that information be retained for a minimum period.
Digital music and video are often subject to copy protection and digital rights management (DRM).*
What is this called when antivirus software scans a file before allowing or preventing it from opening?
a) Smart scanning
b) Quick scanning
c) On-access scanning
d) Scheduled scanning
c) On-access scanning
*On-access scanning is when the antivirus software intercepts an operating system call to open a file and scans the file before allowing or preventing it from being opened. Most security software is now configured to scan on-access.
A scheduled scan is run at a determined time and frequency. All security software supports scheduled scans.
A smart scan scans a computer’s critical areas, like system memory, hidden services, boot sectors, auto-run entries, registry keys, and important operating system files and folders.
A quick scan looks at all the locations where there could be malware, such as registry keys and known Windows startup folders.*
The IT Department has learned that a new employee starts on Monday and will need a computer just before the weekend. There is a used PC in the storeroom. A “ no operating system found “ message appears when the computer is rebooted after a technician installs Windows 10 on the computer with the hard drive partition style set to support Unified Extensible Firmware Interface (UEFI). Determine which of the following scenarios would generate that message.
a) Application crash
b) Damaged hard drive
c) Corrupted MBR
d) Faulty motherboard
b) Damaged hard drive
*The hard drive stores the files for the operating system, so a damaged hard drive will generate the “no operating system found” message.
Applications do not load until after login, and the operating system would have to be found to load and display a login screen.
It is unlikely that a faulty motherboard would lead to a “no operating system found” error. It is more likely to cause the system not to boot, not recognize peripherals, or suffer the blue screen of death (BSOD).
Unified Extensible Firmware Interface (UEFI) generally does not interact with the Master Boot Record (MBR). The MBR is part of the legacy BIOS boot process.*
A video game development company is purchasing upgraded laptops to develop cutting-edge graphics for a new story they have been marketing. They want to be able to integrate persistent system RAM. What type of operating system should they use for support?
a) Pro
b) Pro for workstations
c) Home
d) Enterprise
b) Pro for workstations
*Windows Pro for Workstations has many of the same features as Pro but supports more maximum RAM and advanced hardware technologies, such as persistent system RAM (NVDIMM).
Windows Pro is designed for usage in small- and medium-sized businesses and can be obtained using original equipment manufacturer (OEM), retail, or volume licensing.
The Enterprise edition has several features not available in the Pro edition, such as support for Microsoft’s DirectAccess virtual private networking technology, AppLocker, and more.*
A technician is tasked to figure out why a user’s Gmail app will not update on their mobile phone. The technician knows several reasons that would cause this to occur. Which of the following would be one of the reasons for this problem?
a) GPS
b) Bluetooth
c) Storage
d) Accelerometer
c) Storage
*If an app fails to update, there may be insufficient storage space (Gmail uses a lot of storage). It could also be that the update is incompatible with the existing operating system version, or there is no internet connection.
An accelerometer is a technology that detects when a device changes position and adjusts the screen orientation appropriately.
Bluetooth is used to connect peripheral devices to PCs and mobiles and to share data between two systems.
Global Positioning System (GPS) is a means of determining a receiver’s position based on information received from satellites.*
A vulnerability manager is brainstorming different ways to enhance security for their cell phone devices. The company only uses Apple, and so one of the ideas the manager comes up with is to look for anomalistic files that do not belong with Apple for signs of possible malware which did not profile the device and instead just blasted malware out, hoping the operating system would be right. Which of the following would be anomalistic?
a) .dmg
b) .apk
c) .app
d) .pkg
b) .apk
*An .apk file is a format for Android. The vulnerability manager only has Apple in their environment. Unknown sources enable untrusted apps to be downloaded from a website and installed using the .APK file format.
DMG (disk image) format is used for simple installs where the package contents need to be copied to the Applications folder.
PKG format is used where app setup needs to perform additional actions, such as running a service or writing files to multiple folders.
The app is placed in a directory with a .APP extension in the Applications folder when it has been installed.*
The electronic health records software application crashes during a busy day at a doctor’s office. The IT consultant for the practice knows that the application backs up data in real-time and has the latest update. Which of the following options is the only one that could potentially fix the crashing issue?
a) Uninstall and reinstall the application driver.
b) Uninstall and reinstall the application.
c) Try to recover data from temporary files.
d) Update the application driver.
b) Uninstall and reinstall the application.
*Since the most recent update to the application has been applied, uninstalling then reinstalling the software is the best option of the available choices.
Applications/software do not have drivers. Drivers are software that tells the operating system how to interact with their particular device/hardware. Drivers are updated to fix bugs and security holes or optimize the hardware. Uninstalling and reinstalling drivers is usually done when a device is malfunctioning.
A security engineer runs a long tail analysis to determine the frequency of services and processes communicating to the internet. After baselining a large amount of normal traffic such as updates, they encounter a suspicious communication frequency every five minutes from a particular box. They have done a thorough job investigating running processes, memory analysis, and file integrity checks but find nothing. What else could the engineer check for persistence mechanisms that could send the communications?
a) msconfig.exe
b) Privileged time
c) lusrmgr.msc
d) taskschd.msc
d) taskschd.msc
*
The correct answer is:
d) taskschd.msc
Explanation:
taskschd.msc is the Task Scheduler utility in Windows, which allows users and administrators to schedule tasks to run at specific times or intervals. If there is suspicious communication occurring every five minutes, it’s possible that a scheduled task has been created to execute a process or script that triggers this communication.
This makes taskschd.msc the most likely place to look for any persistence mechanisms that could be causing the periodic network traffic. Attackers sometimes use scheduled tasks to maintain persistence on a compromised system, allowing them to execute malicious processes at specific intervals without needing to modify running processes or files directly.
Why the other options are incorrect:
a) msconfig.exe: The System Configuration Utility (msconfig) is primarily used for managing startup items and system configuration. While it can help identify certain startup entries, it is less likely to reveal persistence mechanisms related to scheduled tasks or periodic communications.
b) Privileged time: This term is not a typical reference in the context of persistence mechanisms. It may be referencing time-related access or user activity, but it does not directly relate to scheduled tasks or network communication in the same way Task Scheduler does.
c) lusrmgr.msc: Local Users and Groups (lusrmgr.msc) is used to manage user accounts, groups, and permissions on a system. While it is important for checking user configurations, it is not typically used to identify scheduled tasks or persistence mechanisms tied to processes communicating with external services.*
A security researcher wants to install an older operating system for research and testing. What is the most common medium that comes with a disc that the researcher should use?
a) Internet-based
b) Internal hard rive
c) USB
d) Optical media
d) Optical media
Historically, most attended installations and upgrades were run by booting from optical media (CD-ROM or DVD). The optical drive must be set as the priority boot device.
A security engineer researches how to make backup and antivirus apps available to their iOS mobile devices. Where should the apps be pushed?
a) iCloud
b) Finder
c) Business Manager
d) Security & Privacy
c) Business Manager
*Apple Business Manager is a platform that allows organizations to deploy and manage apps, including backup and antivirus applications, on iOS devices. It is specifically designed for managing devices in a business or enterprise environment. Using Apple Business Manager, administrators can push apps to enrolled devices using a Mobile Device Management (MDM) solution, ensuring that the devices receive the necessary apps for security and backup.
Why the other options are incorrect:
a) iCloud: iCloud is Apple’s cloud storage and syncing service. While it provides backup functionality for personal data (like photos, documents, etc.), it is not used for pushing specific apps like backup or antivirus apps to devices. iCloud is primarily for syncing and storing user data across devices, not for enterprise app management.
b) Finder: Finder is a macOS application used to manage files and devices, including iPhones, when they are connected via USB. While it can be used to sync files or apps, it does not support pushing apps like backup or antivirus software to iOS devices in an enterprise setting.
d) Security & Privacy: The Security & Privacy settings on iOS devices deal with security-related configurations, like app permissions, location settings, and privacy controls. This section does not provide functionality for pushing apps like backup or antivirus software.*
Which tab in File Explorer can users configure hidden extensions, hidden files, and hide operating system files.
File Explorer View tab
Which tab in File Explorer can users set options for the layout of Explorer windows and switch between the single-click and double-click styles of opening shortcuts.
File Explorer General tab
