Practice test Questions 2 Flashcards
Samuel’s computer is taking a very long time to boot up, and he has asked for your help speeding it up. What TWO of the following actions should you perform to BEST resolve this issue with the least amount of expense?
Defragment the hard drive, and Remove unnecessary applications from startup. To speed up the boot process, you can defragment the hard drive, remove unnecessary applications from startup, install additional RAM, and replace the hard drive with an SSD. But, to do it with the least amount of expense, you can only defragment the hard drive or remove unnecessary applications from starting up since these actions do not require any additional components to be purchased.
Maria is trying to log in to her company’s webmail and is asked to enter her username and password. What type of authentication method is Maria using?
Single-factor. Single-factor authentication (SFA) is a process for securing access to a given system, such as a network or website, that identifies the party requesting access through only one category of credentials (something you know, something you have, something you are, something you do, or somewhere you are). The most common example of single-factor authentication occurs when a user is prompted to enter their username and password to authenticate. Multifactor authentication requires credentials that include at least 2 of the 5 authentication factors.
A user calls the service desk and states that their workstation has a virus. The user states that they were browsing their favorite website when the antivirus displayed a full-screen message stating, “1532 file infected on this computer - Click to remove infected files NOW!” The user states that when they click the button, a message from the company’s content filter states it is blocked, and they need your assistance to remove the infected files. What has MOST likely occurred?
The user is the victim of a rogue antivirus attack. Rogue antivirus is a particularly popular way to disguise a Trojan. In the early versions of this attack, a website would display a pop-up disguised as a normal Windows dialog box with a fake security alert, warning the user that viruses have been detected. As browsers and security software have moved to block this vector, cold calling vulnerable users claiming to represent Microsoft support has become a popular attack.
Jason took home a company-issued Windows 10 laptop home to do some work. He successfully connected it to his home’s wireless network and verified he could access the internet and browse his favorite websites. Unfortunately, Jason cannot access any of the network’s shared files from his home network’s media server. What may be why Jason cannot access the network shares in his home network?
The laptop must join the network as private. The Network and Sharing Center in the Control Panel allows a technician to see information and modify the configuration settings of the network adapters in the workstation. The Network and Sharing Center is used to connect to a network using broadband, dial-up, or VPN connection, or add/remove file and printer sharing over the network on the workstation. When connecting to a network for the first time, the user must select if it is a public or private network. A public network will hide your computer from other devices on the network and prevent file and printer sharing. A private network is considered trusted, allows the computer to be discoverable to other devices on the network, and supports the use of file and printer sharing.
The administrator would like to use the strongest encryption level possible using PSK without utilizing an additional authentication server. What encryption type should be implemented?
WPA personal. Since he wishes to use a pre-shared key and not require an authentication server, WPA personal is the most secure choice. If WPA2 Personal were an option, it would be more secure, though. WPA2 Enterprise is incorrect since the requirement was for a PSK, whereas WPA2 Enterprise requires a RADIUS authentication server to be used with individual usernames and passwords for each client. MAC filtering does not use a password or pre-shared key. WEP uses a pre-shared key to secure a wireless network, but WPA uses a stronger encryption standard than WEP.
You are working for a government contractor who requires all users to use a PIV device when sending digitally signed and encrypted emails. Which of the following physical security measures is being implemented?
Smart Card. A smart card is used in applications that need to protect personal information and/or deliver fast, secure transactions, such as transit fare payment cards, government, and corporate identification cards, documents such as electronic passports and visas, and financial payment cards. Often, smart cards are used as part of a multifactor authentication system in which the smart card and a PIN need to be entered for system authentication to occur. Biometrics are identifying features stored as digital data that can be used to authenticate a user. Typical features used include facial pattern, iris, retina, or fingerprint pattern, and signature recognition. This requires a relevant scanning device, such as a fingerprint reader, and a database of biometric information for authentication to occur.
What can be issued from the command line to find the layer 3 hops to a remote destination?
Traceroute. Traceroute will determine every hop between the host and the destination using ICMP. Traceroute is used for Linux and UNIX systems. Traceroute is used for Windows systems. The TRACERT command will issue a series of pings from the host to the destination, incrementing the time to live (TTL) by one each time. As each packet passes through a router or firewall, the TTL is decreased by one. If the TTL for a packet reaches zero, it will send an error message back to the host. By doing this, the host can map out each hop in the network from the host to the destination.
A network administrator receives a call asking for assistance with connecting to the network. The person on the phone asks for the IP address, subnet mask, and VLAN required to access the network. What type of attack might this be?
Social Engineering. Social engineering is a type of attack on a network in which an attacker uses their confidence and their victims’ gullibility to gain access. It is the only type of attack on a network that is directed towards the human element. The human interaction with the network administrator makes the other three answers incorrect.
You have been asked to recycle 20 of your company’s old laptops. The laptops will be donated to a local community center for underprivileged children. What data destruction and disposal methods is MOST appropriate to allow the data on the drives to be fully destroyed and the drives to be reused by the community center?
Low-level formatting of the HDDs. Low-level formatting is a hard disk operation that should make recovering data from your storage devices impossible once the operation is complete. It sounds like something you might want to do if giving away a hard disk or discarding an old computer that may have contained useful and important private information.
Your friend is concerned that someone might be listening to her daily conversations when her smartphone is still in her purse. What threats is this an example of?
Unauthorized microphone activation. The microphone can be activated remotely and allow a troublemaker to spy on you. It is suggested that, when not in authorized use, you cover the microphone of your device to keep them from providing any data if remotely accessed. When anonymous devices are allowed to connect to Bluetooth-enabled devices, this is known as unintended Bluetooth pairing, and it represents a security threat.
What mobile device strategy is most likely to introduce vulnerable devices to a corporate network?
BYOD. The BYOD (bring your own device) strategy opens a network to many vulnerabilities. People can bring their personal devices to the corporate network, and their devices may contain vulnerabilities that could be allowed to roam free on a corporate network.
Your company is setting up a system to accept credit cards in their retail and online locations. What compliance types should you be MOST concerned with dealing with credit cards?
PCI-DSS. The Payment Card Industry Data Security Standard (PCI-DSS) applies to companies of any size that accept credit card payments. If your company intends to accept card payment and store, process, and transmit cardholder data, you need to securely host your data and follow PCI compliance requirements. The General Data Protection Regulation (GDPR) is a regulation created in the European Union that creates provisions and requirements to protect the personal data of European Union (EU) citizens. Transfers of personal data outside the EU Single Market are restricted unless protected by like-for-like regulations, such as the US’s Privacy Shield requirements.
Your boss has asked you to write a script that will copy all of the files from one hard drive to another each evening. This script should mirror the directories from one drive to the other and ensure they are synchronized each evening. What command-line tool should you use in your script?
ROBO-copy. The ROBO-copy tool is used to mirror or synchronize directories and their contents. ROBO-copy will check the destination directory and remove files no longer in the main tree. It also checks the files in the destination directory against the files to be copied and doesn’t waste time copying unchanged files. The x-copy tool, on the other hand, copies all of the files from one directory to another. To meet your boss’s requirements to synchronize the two hard drive’s contents, you must use ROBO-copy since it will also remove files from the second drive that were removed from the first drive, too.
What is considered a form of regulated data?
PII. The four forms of regulated data covered by the exam are PII (Personally Identifiable Information), PCI (Payment Card Industry), GDPR (General Data Protection Regulation), and PHI (Protected Health Information). Personally identifiable information (PII) is data used to identify, contact, or locate an individual. Information such as social security number (SSN), name, date of birth, email address, telephone number, street address, and biometric data is considered PII.
You are setting up the Remote Desktop Services on a Windows 2019 server. To increase the security of the server, what TWO of the following actions should you take?
Logically place the Windows 2019 server into the networks screened subnet, and block all unused ports on the switch, router, and firewall. To best secure the server, you should logically place the Windows 2019 server into the network’s screen subnet and block all unused ports on the switch, router, and firewall. Since the server will allow remote connections from across the internet to access the server directly, the server must be placed into the screened subnet of the network and not in the internal trusted portion of the network. Additionally, any server or services that will be forward-facing to the internet (like a Remote Desktop Services server) should have all of the unused ports blocked on the switch, router, and firewall to minimize the footprint of the network. By blocking unused ports, there are fewer ways for an attacker to get into the network and attack the server.
Your company recently downloaded and installed the latest audio card driver for all of its workstations. Now, several users have had their usernames and passwords for several websites compromised. You believe the two issues are related. If they are, what was MOST likely contained in the audio card driver file that was installed?
Keylogger. Based on the events’ description, it is likely that the video card driver contained a keylogger. Keyloggers actively attempt to steal confidential information by capturing a credit card number by recording keystrokes entered into a website. This question is based on a real event that occurred in 2017. HP released new audio card drivers for their Conexant audio chips, and it contained a keylogger as part of the driver. Flaws in Conexant’s MicTray64.exe application created the keylogger. It’s designed to monitor keystrokes and respond to user input, probably to respond to commands to mute or unmute the microphone or begin capturing information within an application. Unfortunately, it also writes out all keystroke data into a publicly accessible file located at C:\Users\Public\MicTray.log. If this log file does not exist, the keystrokes are passed to the Out-put-Debug-String API, allowing any process to capture this information without being identified as a malicious program.
What type of malware is used to actively attempt to steal confidential information by capturing a user’s data when typed into a web browser or other application?
Keylogger. A keylogger actively attempts to steal confidential information by capturing the data when entered into the computer by the user. This is done by recording keystrokes entered into a web browser or other application. A software keylogger can be run in the background on a victim’s computer. A hardware keylogger may be placed between the USB port and the wired keyboard.
What types of software CANNOT be updated via the Windows Update program?
Firmware updates. The Windows Update program can download critical fixes, security patches, and driver updates. The Windows Update program cannot download and install firmware updates because the firmware must be updated before the Windows operating system begins running during the boot process.
What command-line tool on a Windows system is used to display the resulting set of policy settings that were enforced on a computer for a specified user when they logged on?
GP-result. A Group Policy is the primary administrative tool for defining and controlling how programs, network resources, and the operating system operate for users and computers in an organization. In an active directory environment, Group Policy is applied to users or computers based on their membership in sites, domains, or organizational units. The GP-result command is used to display the Resultant Set of Policy (RSOP) information for a remote user and computer. Because you can apply overlapping policy settings to any computer or user, the Group Policy feature generates a resulting set of policy settings when the user logs on. The GP-result command displays the resulting set of policy settings that were enforced on the computer for the specified user when the user logged on.
What file system formatting types should be used with a DVD?
UDF. The Universal Disk Format (UDF or ISO 13346) is an updated file system for optical media supporting multisession writing. It is the standard used by Windows, referred to as the Live File System, for CD and DVD recordable and rewritable discs. There are several different versions of UDF, with 2.01 being the default in Windows. Blu-ray reading and writing requires version 2.5 and third-party software. The CD file system (CDFS or ISO 9660) is a legacy file system used for CD optical disc media (CD-ROM and CD-R). CDFS supports two main data writing modes: mode 1 has better error correction, whereas mode 2 allows more data to be written to the disc
Peter is attempting to print to his office printer, but nothing comes out. Yesterday, his printer was working just fine. Peter does not notice any errors on the taskbar’s printer icon. What actions should Peter try FIRST to solve this issue?
Check the status of the print server queue. When this issue occurs, it is often because the system properly sent the print job to the print queue, but the print queue has become stuck. If no error is shown in the taskbar’s printer icon, the user should open the print queue to determine if the print job has become stuck. If it is, then the print queue can be emptied or reset.
Dion Training wants to provide governance for the length, complexity, and expiration requirements for its user’s knowledge-based authentication factors. What policies should this be documented within?
Password Policy. A password is an example of a commonly used knowledge-based authentication factor in security. A password policy defines standards for creating password complexity. It also defines what an organization considers weak passwords and the guidelines for protecting password safety. It specifies standards such as avoiding common passwords, creating strong passwords, and rules for not using work-related passwords for other sites or services. An acceptable use policy (AUP) is a policy that governs employees’ use of company equipment and Internet services. An asset management policy describes the process of identifying each asset and recording its location, attributes, and value in a database. Regulatory policy is a made-up term as a distractor for this question.
Your supervisor has requested remote access to a particular server to check on specific data and processes in the evenings and weekends. You are concerned that the server could become infected and want to take some precautions. What is the MOST important thing to do before granting remote access to the server to your supervisor?
Install the latest security updates and patches to the server. To prevent infection, it is important that all servers and workstations remain patched and up to date on their security updates. After that, the next best thing would be to set up the anti-virus to update itself daily and run a full scan nightly automatically. Beyond that, educating your supervisor would be a good idea, as well. Disabling the internet access outside of normal business hours would not work since this would block your supervisor from accessing the server from their home.
What types of attacks involves changing the system’s MAC address before it connects to a wireless network?
Spoofing. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing is an attack where the attacker disguises their identity. Examples of spoofing include changing their MAC address (MAC spoofing), their IP address (IP spoofing), or their email address (commonly used during a phishing campaign). A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. A botnet is many internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. A zombie (also known as a bot) is a computer or workstation that a remote attacker has accessed and set up to forward transmissions (including spam and viruses) to other computers on the internet.