Practice test Questions 2

Question 1

Samuel’s computer is taking a very long time to boot up, and he has asked for your help speeding it up. What TWO of the following actions should you perform to BEST resolve this issue with the least amount of expense?

Answer 1

Defragment the hard drive, and Remove unnecessary applications from startup. To speed up the boot process, you can defragment the hard drive, remove unnecessary applications from startup, install additional RAM, and replace the hard drive with an SSD. But, to do it with the least amount of expense, you can only defragment the hard drive or remove unnecessary applications from starting up since these actions do not require any additional components to be purchased.

Question 2

Maria is trying to log in to her company’s webmail and is asked to enter her username and password. What type of authentication method is Maria using?

Answer 2

Single-factor. Single-factor authentication (SFA) is a process for securing access to a given system, such as a network or website, that identifies the party requesting access through only one category of credentials (something you know, something you have, something you are, something you do, or somewhere you are). The most common example of single-factor authentication occurs when a user is prompted to enter their username and password to authenticate. Multifactor authentication requires credentials that include at least 2 of the 5 authentication factors.

Question 3

A user calls the service desk and states that their workstation has a virus. The user states that they were browsing their favorite website when the antivirus displayed a full-screen message stating, “1532 file infected on this computer - Click to remove infected files NOW!” The user states that when they click the button, a message from the company’s content filter states it is blocked, and they need your assistance to remove the infected files. What has MOST likely occurred?

Answer 3

The user is the victim of a rogue antivirus attack. Rogue antivirus is a particularly popular way to disguise a Trojan. In the early versions of this attack, a website would display a pop-up disguised as a normal Windows dialog box with a fake security alert, warning the user that viruses have been detected. As browsers and security software have moved to block this vector, cold calling vulnerable users claiming to represent Microsoft support has become a popular attack.

Question 4

Jason took home a company-issued Windows 10 laptop home to do some work. He successfully connected it to his home’s wireless network and verified he could access the internet and browse his favorite websites. Unfortunately, Jason cannot access any of the network’s shared files from his home network’s media server. What may be why Jason cannot access the network shares in his home network?

Answer 4

The laptop must join the network as private. The Network and Sharing Center in the Control Panel allows a technician to see information and modify the configuration settings of the network adapters in the workstation. The Network and Sharing Center is used to connect to a network using broadband, dial-up, or VPN connection, or add/remove file and printer sharing over the network on the workstation. When connecting to a network for the first time, the user must select if it is a public or private network. A public network will hide your computer from other devices on the network and prevent file and printer sharing. A private network is considered trusted, allows the computer to be discoverable to other devices on the network, and supports the use of file and printer sharing.

Question 5

The administrator would like to use the strongest encryption level possible using PSK without utilizing an additional authentication server. What encryption type should be implemented?

Answer 5

WPA personal. Since he wishes to use a pre-shared key and not require an authentication server, WPA personal is the most secure choice. If WPA2 Personal were an option, it would be more secure, though. WPA2 Enterprise is incorrect since the requirement was for a PSK, whereas WPA2 Enterprise requires a RADIUS authentication server to be used with individual usernames and passwords for each client. MAC filtering does not use a password or pre-shared key. WEP uses a pre-shared key to secure a wireless network, but WPA uses a stronger encryption standard than WEP.

Question 6

You are working for a government contractor who requires all users to use a PIV device when sending digitally signed and encrypted emails. Which of the following physical security measures is being implemented?

Answer 6

Smart Card. A smart card is used in applications that need to protect personal information and/or deliver fast, secure transactions, such as transit fare payment cards, government, and corporate identification cards, documents such as electronic passports and visas, and financial payment cards. Often, smart cards are used as part of a multifactor authentication system in which the smart card and a PIN need to be entered for system authentication to occur. Biometrics are identifying features stored as digital data that can be used to authenticate a user. Typical features used include facial pattern, iris, retina, or fingerprint pattern, and signature recognition. This requires a relevant scanning device, such as a fingerprint reader, and a database of biometric information for authentication to occur.

Question 7

What can be issued from the command line to find the layer 3 hops to a remote destination?

Answer 7

Traceroute. Traceroute will determine every hop between the host and the destination using ICMP. Traceroute is used for Linux and UNIX systems. Traceroute is used for Windows systems. The TRACERT command will issue a series of pings from the host to the destination, incrementing the time to live (TTL) by one each time. As each packet passes through a router or firewall, the TTL is decreased by one. If the TTL for a packet reaches zero, it will send an error message back to the host. By doing this, the host can map out each hop in the network from the host to the destination.

Question 8

A network administrator receives a call asking for assistance with connecting to the network. The person on the phone asks for the IP address, subnet mask, and VLAN required to access the network. What type of attack might this be?

Answer 8

Social Engineering. Social engineering is a type of attack on a network in which an attacker uses their confidence and their victims’ gullibility to gain access. It is the only type of attack on a network that is directed towards the human element. The human interaction with the network administrator makes the other three answers incorrect.

Question 9

You have been asked to recycle 20 of your company’s old laptops. The laptops will be donated to a local community center for underprivileged children. What data destruction and disposal methods is MOST appropriate to allow the data on the drives to be fully destroyed and the drives to be reused by the community center?

Answer 9

Low-level formatting of the HDDs. Low-level formatting is a hard disk operation that should make recovering data from your storage devices impossible once the operation is complete. It sounds like something you might want to do if giving away a hard disk or discarding an old computer that may have contained useful and important private information.

Question 10

Your friend is concerned that someone might be listening to her daily conversations when her smartphone is still in her purse. What threats is this an example of?

Answer 10

Unauthorized microphone activation. The microphone can be activated remotely and allow a troublemaker to spy on you. It is suggested that, when not in authorized use, you cover the microphone of your device to keep them from providing any data if remotely accessed. When anonymous devices are allowed to connect to Bluetooth-enabled devices, this is known as unintended Bluetooth pairing, and it represents a security threat.

Question 11

What mobile device strategy is most likely to introduce vulnerable devices to a corporate network?

Answer 11

BYOD. The BYOD (bring your own device) strategy opens a network to many vulnerabilities. People can bring their personal devices to the corporate network, and their devices may contain vulnerabilities that could be allowed to roam free on a corporate network.

Question 12

Your company is setting up a system to accept credit cards in their retail and online locations. What compliance types should you be MOST concerned with dealing with credit cards?

Answer 12

PCI-DSS. The Payment Card Industry Data Security Standard (PCI-DSS) applies to companies of any size that accept credit card payments. If your company intends to accept card payment and store, process, and transmit cardholder data, you need to securely host your data and follow PCI compliance requirements. The General Data Protection Regulation (GDPR) is a regulation created in the European Union that creates provisions and requirements to protect the personal data of European Union (EU) citizens. Transfers of personal data outside the EU Single Market are restricted unless protected by like-for-like regulations, such as the US’s Privacy Shield requirements.

Question 13

Your boss has asked you to write a script that will copy all of the files from one hard drive to another each evening. This script should mirror the directories from one drive to the other and ensure they are synchronized each evening. What command-line tool should you use in your script?

Answer 13

ROBO-copy. The ROBO-copy tool is used to mirror or synchronize directories and their contents. ROBO-copy will check the destination directory and remove files no longer in the main tree. It also checks the files in the destination directory against the files to be copied and doesn’t waste time copying unchanged files. The x-copy tool, on the other hand, copies all of the files from one directory to another. To meet your boss’s requirements to synchronize the two hard drive’s contents, you must use ROBO-copy since it will also remove files from the second drive that were removed from the first drive, too.

Question 14

What is considered a form of regulated data?

Answer 14

PII. The four forms of regulated data covered by the exam are PII (Personally Identifiable Information), PCI (Payment Card Industry), GDPR (General Data Protection Regulation), and PHI (Protected Health Information). Personally identifiable information (PII) is data used to identify, contact, or locate an individual. Information such as social security number (SSN), name, date of birth, email address, telephone number, street address, and biometric data is considered PII.

Question 15

You are setting up the Remote Desktop Services on a Windows 2019 server. To increase the security of the server, what TWO of the following actions should you take?

Answer 15

Logically place the Windows 2019 server into the networks screened subnet, and block all unused ports on the switch, router, and firewall. To best secure the server, you should logically place the Windows 2019 server into the network’s screen subnet and block all unused ports on the switch, router, and firewall. Since the server will allow remote connections from across the internet to access the server directly, the server must be placed into the screened subnet of the network and not in the internal trusted portion of the network. Additionally, any server or services that will be forward-facing to the internet (like a Remote Desktop Services server) should have all of the unused ports blocked on the switch, router, and firewall to minimize the footprint of the network. By blocking unused ports, there are fewer ways for an attacker to get into the network and attack the server.

Question 16

Your company recently downloaded and installed the latest audio card driver for all of its workstations. Now, several users have had their usernames and passwords for several websites compromised. You believe the two issues are related. If they are, what was MOST likely contained in the audio card driver file that was installed?

Answer 16

Keylogger. Based on the events’ description, it is likely that the video card driver contained a keylogger. Keyloggers actively attempt to steal confidential information by capturing a credit card number by recording keystrokes entered into a website. This question is based on a real event that occurred in 2017. HP released new audio card drivers for their Conexant audio chips, and it contained a keylogger as part of the driver. Flaws in Conexant’s MicTray64.exe application created the keylogger. It’s designed to monitor keystrokes and respond to user input, probably to respond to commands to mute or unmute the microphone or begin capturing information within an application. Unfortunately, it also writes out all keystroke data into a publicly accessible file located at C:\Users\Public\MicTray.log. If this log file does not exist, the keystrokes are passed to the Out-put-Debug-String API, allowing any process to capture this information without being identified as a malicious program.

Question 17

What type of malware is used to actively attempt to steal confidential information by capturing a user’s data when typed into a web browser or other application?

Answer 17

Keylogger. A keylogger actively attempts to steal confidential information by capturing the data when entered into the computer by the user. This is done by recording keystrokes entered into a web browser or other application. A software keylogger can be run in the background on a victim’s computer. A hardware keylogger may be placed between the USB port and the wired keyboard.

Question 18

What types of software CANNOT be updated via the Windows Update program?

Answer 18

Firmware updates. The Windows Update program can download critical fixes, security patches, and driver updates. The Windows Update program cannot download and install firmware updates because the firmware must be updated before the Windows operating system begins running during the boot process.

Question 19

What command-line tool on a Windows system is used to display the resulting set of policy settings that were enforced on a computer for a specified user when they logged on?

Answer 19

GP-result. A Group Policy is the primary administrative tool for defining and controlling how programs, network resources, and the operating system operate for users and computers in an organization. In an active directory environment, Group Policy is applied to users or computers based on their membership in sites, domains, or organizational units. The GP-result command is used to display the Resultant Set of Policy (RSOP) information for a remote user and computer. Because you can apply overlapping policy settings to any computer or user, the Group Policy feature generates a resulting set of policy settings when the user logs on. The GP-result command displays the resulting set of policy settings that were enforced on the computer for the specified user when the user logged on.

Question 20

What file system formatting types should be used with a DVD?

Answer 20

UDF. The Universal Disk Format (UDF or ISO 13346) is an updated file system for optical media supporting multisession writing. It is the standard used by Windows, referred to as the Live File System, for CD and DVD recordable and rewritable discs. There are several different versions of UDF, with 2.01 being the default in Windows. Blu-ray reading and writing requires version 2.5 and third-party software. The CD file system (CDFS or ISO 9660) is a legacy file system used for CD optical disc media (CD-ROM and CD-R). CDFS supports two main data writing modes: mode 1 has better error correction, whereas mode 2 allows more data to be written to the disc

Question 21

Peter is attempting to print to his office printer, but nothing comes out. Yesterday, his printer was working just fine. Peter does not notice any errors on the taskbar’s printer icon. What actions should Peter try FIRST to solve this issue?

Answer 21

Check the status of the print server queue. When this issue occurs, it is often because the system properly sent the print job to the print queue, but the print queue has become stuck. If no error is shown in the taskbar’s printer icon, the user should open the print queue to determine if the print job has become stuck. If it is, then the print queue can be emptied or reset.

Question 22

Dion Training wants to provide governance for the length, complexity, and expiration requirements for its user’s knowledge-based authentication factors. What policies should this be documented within?

Answer 22

Password Policy. A password is an example of a commonly used knowledge-based authentication factor in security. A password policy defines standards for creating password complexity. It also defines what an organization considers weak passwords and the guidelines for protecting password safety. It specifies standards such as avoiding common passwords, creating strong passwords, and rules for not using work-related passwords for other sites or services. An acceptable use policy (AUP) is a policy that governs employees’ use of company equipment and Internet services. An asset management policy describes the process of identifying each asset and recording its location, attributes, and value in a database. Regulatory policy is a made-up term as a distractor for this question.

Question 23

Your supervisor has requested remote access to a particular server to check on specific data and processes in the evenings and weekends. You are concerned that the server could become infected and want to take some precautions. What is the MOST important thing to do before granting remote access to the server to your supervisor?

Answer 23

Install the latest security updates and patches to the server. To prevent infection, it is important that all servers and workstations remain patched and up to date on their security updates. After that, the next best thing would be to set up the anti-virus to update itself daily and run a full scan nightly automatically. Beyond that, educating your supervisor would be a good idea, as well. Disabling the internet access outside of normal business hours would not work since this would block your supervisor from accessing the server from their home.

Question 24

What types of attacks involves changing the system’s MAC address before it connects to a wireless network?

Answer 24

Spoofing. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. Spoofing is an attack where the attacker disguises their identity. Examples of spoofing include changing their MAC address (MAC spoofing), their IP address (IP spoofing), or their email address (commonly used during a phishing campaign). A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. A botnet is many internet-connected devices, each of which is running one or more bots. Botnets can be used to perform distributed denial-of-service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its connection. A zombie (also known as a bot) is a computer or workstation that a remote attacker has accessed and set up to forward transmissions (including spam and viruses) to other computers on the internet.

Question 25

You have been asked to classify a hospital’s medical records as a form of regulated data. What would BEST classify this type of data?

Answer 25

PHI. Protected health information (PHI) refers to medical and insurance records, plus associated hospital and laboratory test results. Personally identifiable information (PII) is data used to identify, contact, or locate an individual. Information such as social security number (SSN), name, date of birth, email address, telephone number, street address, and biometric data is considered PII. The General Data Protection Regulation (GDPR) is a regulation created in the European Union that creates provisions and requirements to protect the personal data of European Union (EU) citizens.

Question 26

You have discovered that an employee has been conducting illegal activities using his workplace computer. You have taken possession of the employee’s laptop according to your company’s procedures and are waiting to give it to law enforcement authorities. What should you do when turning over the laptop to the police?

Answer 26

Maintain the chain of custody. The chain of custody is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of physical or electronic evidence. The chain of custody must be maintained from when you arrived at the laptop until you turn it over to law enforcement officials. As first responders, our job is to collect the evidence and maintain the chain of custody.

Question 27

A user contacts the service desk, stating their account is locked out, and they are unable to login to their local workstation. What log files should you review to determine the source of the lockout on the local workstation?

Answer 27

Security log. The event viewer shows a log of application and system messages, including errors, information messages, and warnings. It’s a useful tool for troubleshooting all kinds of different Windows problems. The security log contains information regarding audit data and security on a system. For example, the security log contains a list of every successful and failed login attempt. The file (security-EVTX) is stored in the %System Root%\System32\Win-EVT\Logs\ folder and can be opened using the Event Viewer. The application log contains information regarding application errors.

Question 28

Dion Training is worried about the security of the data on their corporate smartphones if lost or stolen. The Chief Security Officer has instructed that the devices be configured so that unauthorized users cannot access the data. What TWO of the following settings would provide the BEST security and protection for the corporate smartphones’ data?

Answer 28

Enable full device encryption, and configure the ability to perform a remote wipe. The BEST protections for the data would involve enabling full disk encryption and configuring the ability to perform a remote wipe. Even if the device is lost or stolen, its data would be unreadable if it was using full disk encryption. Additionally, by configuring the ability to wipe the device’s storage remotely, the data would be erased before a thief can access it. The other options are all valid options to increase security, but they do not directly address the issues presented in the scenario.

Question 29

What tools should you utilize to ensure you don’t damage a laptop’s SSD while replacing it?

Answer 29

ESD Strap. The key to answering this question is the word “while” in the sentence. Since you need to protect the SSD “while” you are replacing it, you must ensure you wear an ESD strap. An ESD strap is placed around your wrist and dissipates any static electricity from your body to protect sensitive hardware such as processors, memory, expansion cards, and SSDs during installation. An electrostatic discharge (ESD) is the release of a charge from metal or plastic surfaces that occurs when a potential difference is formed between the charged object and an oppositely charged conductive object. This electrical discharge can damage silicon chips and computer components if they are exposed to it.

Question 30

A company has had several virus infections over the past few months. The root cause was determined to be known vulnerabilities in the software applications in use by the company. What should an administrator implement to prevent future outbreaks?

Answer 30

Patch Management. Since the viruses exploited known vulnerabilities, there should be patches available from the manufacturer/vendor. Patch management is the process of distributing and applying updates to the software to prevent vulnerabilities from being exploited by an attacker or malware. Proper patch management is a technical control that would prevent future outbreaks. An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network or the Internet. While some items in the AUP might help prevent a malware infection (such as not allowing users to download and run programs from the internet), it is considered an administrative control, and choosing a technical control like patch management would better protect the network.

Question 31

Chris just downloaded a new third-party email client for his smartphone. When Chris attempts to log in to his email with his username and password, the email client generates an error messaging stating that “Invalid credentials” were entered. Chris assumes he must have forgotten his password, so he resets his email username and password and then reenters them into the email client. Again, Chris receives an “Invalid credentials” error. What is MOST likely causing the “Invalid credentials” error regarding Chris’s email client?

Answer 31

His email account requires multi-factor authentication. If a user or system has configured their email accounts to require two-factor authentication (2FA) or multifactor authentication, then even if they enter their username and password correctly in the third-party email client, they will receive the “Invalid credentials” error message. Some email servers will allow the user to create an application-specific password to bypass the multifactor authentication requirement to overcome this. If not, then the user will have to use an email client that supports multifactor authentication. His email account is not locked out or requiring a stronger password, otherwise, those issues would have been solved when he reset the password. Full device encryption on the smartphone would not affect the use of the email client since the device is unencrypted once a user enters their PIN, password, Touch-ID, or Face-ID as authentication.

Question 32

Sam and Mary both work in the accounting department and use a web-based SaaS product as part of their job. Sam cannot log in to the website using his credentials from his computer, but Mary can log in with her credentials on her computer. Sam asks Mary to login into her account from his computer to see if the problem is with his account or computer. When Mary attempts to log in to Sam’s computer, she receives an error. Mary noticed a pop-up notification about a new piece of software on Sam’s computer when she attempted to log in to the website. What TWO of the following steps should Mary take to resolve the issue with logging in from Sam’s computer?

Answer 32

Verify Sam’s computer has the correct web browser configuration and settings, ask Sam about the pop-up notification and determine what new programs he installed on his computer. Since Mary was able to log in to the website from her computer but not from Sam’s, this indicates an issue with Sam’s computer and/or web browser. The pop-up notification about the new program being installed indicates that something exists on Sam’s computer that doesn’t exist on Mary’s computer. Therefore, it could be the cause and should be investigated further. Additionally, the browser’s configuration should be checked to ensure the correct settings are being used.

Question 33

An attacker uses the NS-lookup interactive mode to locate information on a Domain Name Service (DNS). What command should they type to request the appropriate records for only the name servers?

Answer 33

Set type = ns. The NS-lookup command is used to query the Domain Name System to obtain the mapping between a domain name and an IP address or to view other DNS records. The “set type=ns” tells NS-lookup only reports information on name servers. If you used “set type=mx” instead, you would receive information only about mail exchange servers.

Question 34

You have just finished installing a new workstation for a user in your office. They need to be able to see the other workstations on the company’s workgroup. What settings should you ensure is enabled?

Answer 34

Enable network discovery. Network discovery allows Windows 10 to find other computers and devices on a network. This feature is automatically turned on when connected to private networks like the one in your home or workplace. Network discovery is turned off when you’re connected to public networks that shouldn’t be trusted, and you should not allow your PC to be discoverable on those networks. If your Windows 10 computer or device can’t view other computers on the network, two things are probably at fault: either the incorrect network profile is assigned (public instead or private), or network discovery is disabled. Remote desktop protocol (RDP) is used to connect to a remote desktop session on a host computer or server. File and folder sharing is enabled to allow other users on a network to access files and folders on a computer or server. Bit-locker is used on a Windows 10 Pro, Education, or Enterprise edition workstation to perform full disk encryption on the operating systems storage devices.

Question 35

You are installing a new file server at the offices of Dion Training. The entire building has a diesel generator installed to protect it from power outages. The file server must have zero downtime once placed into production. What power sources should the file server utilize?

Answer 35

An uninterruptible power supply(UPS). An uninterruptible power supply (UPS) is a redundant power system that provides minutes to hours of power from an internal battery unit. Since the entire office has a backup diesel generator, the file server only needs power for about a minute until the generator can restore the power to the building. The UPS will also serve as a line conditioner to prevent issues caused by under-voltage events if the generator is operating too slowly. When power is lost, it usually takes 30-60 seconds for a generator to start up, reach normal operating speeds, and begin providing power to its electrical distribution and loads. A surge protector defends against possible voltage spikes that could damage your electronics, appliances, or equipment. Electronics are created to operate at specific voltages, so any fluctuations in power (both up and down) can damage them. A line conditioner is a device that adjusts voltages in under-voltage and overvoltage conditions to maintain a 120 V output. Line conditioners raise a sag or under-voltage event back to normal levels, but they cannot protect the line from a complete power failure or power outage.

Question 36

A co-worker just sent you a macro-enabled Microsoft Word document. After you opened the file, your computer began to delete the photos stored in your c:\photos directory. What type of malware did you MOST likely receive?

Answer 36

Virus. A virus is malicious software designed to infect computer files or disks when it is activated. A virus may be programmed to carry out other malicious actions, such as deleting files or changing system settings. A trojan is a type of malware that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general, inflict some other harmful action on your data or network. The most common form of a trojan is a Remote Access Trojan (RAT), which allows an attacker to control a workstation or steal information remotely.

Question 37

Your Windows 10 workstation is attempting to boot up when it receives the following error, “BOOTMGR is missing; Press Ctrl-Alt-Del to restart.” To fix this, you insert your Windows installation disc and reboot into the Command Prompt under the System Recovery Options. Which of the following commands should you enter in the command prompt?

Answer 37

BOOTREC/FIXBOOT. The partition boot sector is stored on the hard disk drive and contains the necessary code to start the Windows boot process. If this partition is corrupt or not properly configured during a Windows install, it would lead to “BOOTMGR is missing or corrupt” errors at startup. You should reboot into the command Prompt under the System Recovery Options using the Windows installation disc to fix this. Then, you should enter BOOTREC/FIXBOOT. If the master boot record is corrupted, you can also run BOOTREC/FIXMBR and the BOOTREC/FIXBOOT to solve this issue. The disk-part command is a command-line disk-partitioning utility available for Windows that is used to view, create, delete, and modify a computer’s disk partitions. The CHKDSK command is used to check the file system and file system metadata of a volume for logical and physical errors. If used without parameters, CHKDSK displays only the status of the volume and does not fix any errors. If used with the /f, /r, /x, or /b parameters, it fixes errors on the volume. The system file checker (SFC) command is a utility in Windows that allows users to scan for and restore corrupted Windows system files from the command line.

Question 38

Dion Training’s offices are frequently experiencing brownouts and sags. What solutions would protect all of their workstations and servers from these under-voltage events?

Answer 38

Line conditioner. Line conditioners are used to protect an entire power circuit from under-voltage events and power sags. Line conditioners raise a sag or under-voltage event back to normal levels, but it cannot protect the line from a complete power failure or power outage. These are also known as voltage regulators and power distribution units (PDUs). Because the question’s requirement must protect all of the workstations, a line conditioner is the best option. A surge protector or surge suppressor can defend against possible voltage spikes that could damage your electronics, appliances, or equipment. An uninterruptible power supply or uninterruptible power source (UPS) is an electrical apparatus that provides emergency power to a load when the input power source becomes too low or the main power fails. A UPS provides near-instantaneous protection from input power interruptions by using a battery backup. A diesel generator is a mechanical device that converts rotational motion created by a diesel motor into electrical energy. Generators take 30-60 seconds to turn on and have the electrical load transferred to them. Generators are useful for long-duration power loss events, not under-voltage events.

Question 39

What permissions would be represented by the octal 517?

Answer 39

R-X–XRWX. R-X is 5, –X is 1, and RWX is 7. In Linux, you can convert letter permissions to octal by giving 4 for each R, 2 for each W, and 1 for each X. R is for read-only, W is for write, and X is for execute. The permissions strings are written to represent the owner’s permissions, the group’s permissions, and the other user’s permissions.

Question 40

A macOS user is browsing the internet in Google Chrome when they see a notification that says, “Windows Enterprise Defender: Your computer is infected with a virus, please click here to remove it!” What type of threat is this user experiencing?

Answer 40

Rogue anti-virus. Rogue anti-virus is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and to pay money for a fake malware removal tool (that actually introduces malware to the computer). It is a form of scareware that manipulates users through fear and a form of ransomware. Since the alert is being displayed on a macOS system but appears to be meant for a Windows system, it is obviously a scam or fake alert and most likely a rogue anti-virus attempting to infect the system. Phishing is an email-based social engineering attack in which the attacker sends an email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim. Phishing attacks target an indiscriminate large group of random people. A worm is a standalone malware computer program that replicates itself to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. A worm can spread on its own, whereas a virus needs a host program or user interaction to propagate itself. Pharming is a type of social engineering attack that redirects a request for a website, typically an e-commerce site, to a similar-looking, but fake, website. The attacker uses DNS spoofing to redirect the user to the fake site.