Practice Test Questions 4 Flashcards
Seven Steps to Malware Removal Procedure are what?
The seven steps of the malware removal procedures are (1) Investigate and verify malware symptoms, (2) Quarantine the infected systems, (3) Disable System Restore in Windows, (4) Remediate the infected systems, update anti-malware software, scan the system, and use removal techniques (e.g., safe mode, pre-installation environment), (5) Schedule scans and run updates, (6) Enable System Restore and create a restore point in Windows, and (7) Educate the end user.
A home user contacts the help desk and states that their desktop applications are running very slowly. The user also says that they have not received any emails all morning, but they normally get at least 5-10 emails each day. The help desk technician gets permission from the home user to remotely access their computer and runs some diagnostic scripts. The technician determines that the CPU performance is normal, the system can ping the local router/gateway, and the system can load websites slowly, or they fail to load completely. During the diagnosis, the technician also observes the remote connection dropping and reconnecting intermittently. What should the technician attempt to perform NEXT to resolve the user’s issue?
Update the anti-virus software, run a full scan of the system, and verify the web browser’s and email client’s settings. Based on the symptoms, it appears that the system may be infected with malware. Therefore, it would be best to attempt to remediate the system by updating the anti-virus, performing a full system scan, and verifying that the web browser and email client’s settings are correct. There is no indication that a recent OS update was performed, so there is no need to reboot into safe mode and roll back that update. Enabling TPM would not help with this issue since TPM is used to store encryption keys for a BitLocker encrypted hard disk. A technician should never send test emails to their personal account as it is considered unprofessional.
What file system type is commonly used for the operating system partition on a macOS system?
HFS+. The macOS system natively supports the use of HFS, HFS+, and APFS depending on the version of the operating system in use. The extended hierarchical file system (HFS+) is a journaling file system used natively by Apple’s macOS systems before APFS was released in 2017. HFS+ can support a maximum volume size of 8 EB. The Apple file system (APFS) is the default file system for Mac computers using macOS 10.13 or later and features strong encryption, space sharing, snapshots, fast directory sizing, and improved file system fundamentals. The NT file system (NTFS) is a Windows file system that supports a 64-bit address space and is able to provide extra features such as file-by-file compression and RAID support as well as advanced file attribute management tools, encryption, and disk quotas. NTFS can support a maximum volume size of up to 8 PB. The file allocation table 32-bit (FAT32) is the 32-bit file system supported by Windows, macOS, and Linux computers. FAT32 can support maximum volume sizes of up to 2 TB and maximum file sizes of up to 4 GB. The third extended filesystem (ext3) is a journaled file system commonly used by the Linux kernel. The ext3 file system can support a maximum volume size of up to 32 TB.
A cybersecurity analyst is applying for a new job with a penetration testing firm. He received the job application as a secured Adobe PDF file, but unfortunately, the firm locked the file with a password so the potential employee could not fill in the application. Instead of asking for an unlocked copy of the document, the analyst decides to write a script in Python to attempt to unlock the PDF file by using passwords from a list of commonly used passwords until he can find the correct password or attempts every password in his list. Based on this description, what kind of cryptographic attack did the analyst perform?
Dictionary Attack. A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary. The key to answering this question is that they were using passwords from a list. A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. A session hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the webserver. An on-path attack is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
Edward has just returned to his office after a two-week vacation. When he logs into his email client to access his company email, he notices that he cannot see the shared Customer Service inbox folder in his email client. He contacts the help desk, and they verify that his account is still connected to the domain controller and that it can still send and receive emails successfully. What is the MOST likely happened during Edward’s vacation that caused the missing inbox folders in the email client?
The network file share’s permission has been modified. While Edward was on vacation, the network file share’s permissions have likely been modified. Based on the fact that Edward’s account is connected to the domain and can send/receive emails, it is not his user account’s permissions causing the issue. The internet security options would also prevent him from sending/receiving mail, so that can be eliminated. Even if the operating system were updated, that would not affect the shared inboxes since they reside on the network file shares and not Edward’s computer.
You are partitioning a 1 TB hard drive on a new workstation. The hard disk has been partitioned into four different partitions with 100 GB, 150 GB, 250 GB, and 500 GB. How many different file system types could you support on this 1 TB hard drive?
- You are partitioning a 1 TB hard drive on a new workstation. The hard disk has been partitioned into four different partitions with 100 GB, 150 GB, 250 GB, and 500 GB. How many different file system types could you support on this 1 TB hard drive?
What types of backups only copies data modified since the last full backup?
Differential. A differential backup only creates a copy of the selected data that has been modified since the last full backup. It is a good compromise in speed between a full backup (which takes the longest to backup and the least to restore) and an incremental backup (which takes the least to backup and the longest to restore). An incremental backup only creates a copy of new files and files modified since the last full, incremental, or differential backup. Therefore, it takes the least amount of time to complete a backup. Unfortunately, it also takes the most time to restore since you have to first restore the full backup, then any differential and incremental backups until all your data is restored. A full backup creates a copy of all the selected data regardless of when it was previously backed up. It takes the most time to complete a backup but is the fastest when conducting a restoral of all the data on a hard drive. Synthetic backup is the process of generating a file from a complete copy of a file created at some past time and one or more incremental copies created at later times.
You have been asked to help a user upgrade their laptop from Windows 10 to Windows 11. The user has asked that all of their applications, user profiles, documents, and PST files be preserved during the upgrade. What types of upgrades or installations should you perform on this laptop?
In-place upgrade. An in-place upgrade will preserve all of the user’s files and applications during the upgrade process from Windows 10 to Windows 11. An in-place upgrade is an installation of the new operating system on top of an existing version of the operating system. An in-place upgrade will preserve the applications, user settings, and data files that already exist on the computer. A clean install is an installation of the new operating system on a new computer or a computer that has been recently formatted. A clean install will completely replace the operating system software on the computer with the new operating system. During a clean install, all of the user’s data, settings, and applications will be deleted. An unattended installation is a software or operating system installation where the configuration information is derived from an input file. Repair installation is a type of installation that attempts to replace the existing version of the operating system files with a new copy of the same version. A repair installation is useful when trying to repair a Windows computer that will not boot or when you believe the system files have become corrupted.
Your company has just finished replacing all of its computers with brand new workstations. Colleen, one of your coworkers, has asked the company’s owner if she can have the old computers that are about to be thrown away. Colleen would like to refurbish the old computers by reinstalling a new operating system and donating them to a local community center for disadvantaged children in the neighborhood. The owner thinks this is a great idea but is concerned that the private and sensitive corporate data on the old computer’s hard drives might be placed at risk of exposure. You have been asked to choose the best solution to sanitize or destroy the data while ensuring the computers will still be usable by the community center. What type of data destruction or sanitization method do you recommend?
Wiping. Data wiping or clearing occurs by using a software tool to overwrite the data on a hard drive to destroy all electronic data on a hard disk or other media. Data wiping may be performed with a 1x, 7x, or 35x overwriting, with a higher number of times being more secure. This allows the hard drive to remain functional and allows for hardware reuse. Degaussing a hard drive involves demagnetizing a hard drive to erase its stored data. You cannot reuse a hard drive once it has been degaussed. Therefore, it is a bad solution for this scenario. Purging involves removing sensitive data from a hard drive using the device’s internal electronics or an outside source such as a degausser, or by using a cryptographic erase function if the drive supports one. Shredding involves the physical destruction of the hard drive. This is a secure method of destruction but doesn’t allow for device reuse.
What commands is used on a Linux system to run a program with another user’s permissions?
Sudo. The sudo command allows programs to be executed as a superuser (known as the root user) or another user. The command’s name is an abbreviation of the phrase “superuser do” and works on all Unix-based operating systems. The chown command is used to change the owner of the file, directory, or link in Linux. The grep is a command-line utility for searching plain-text data sets for lines that match a regular expression. The grep command works on Unix, Linux, and macOS operating systems. Grep is an acronym that stands for Global Regular Expression Print. The passwd command changes passwords for user accounts. A normal user may only change the password for their account, while the superuser may change the password for any user.
What remote access tools is a command-line terminal emulation program operating on port 23?
Telnet. Telnet is a TCP/IP application protocol supporting remote command-line administration of a host (terminal emulation). Telnet is unauthenticated, which means it sends data such as the username and password in plain text. For this reason, it should not be used, and SSH should be used instead. Telnet runs over TCP port 23. Virtual Network Computing (VNC) is a cross-platform screen sharing system that was created to remotely control another computer from a distance by a remote user from a secondary device as though they were sitting right in front of it. Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system. Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.
An Android user recently cracked their screen and had it replaced. If they are in a dark room, the phone works fine. If the user enters a room with normal lights on, then the phone’s display is dim and hard to read. What is MOST likely the problem?
Faulty ambient light sensor. The ambient light sensor appears to be broken or malfunctioning. The ambient light sensor may be too sensitive as it is taking in more light than usual. This can occur if the sensor is faulty or if the screen was replaced incorrectly, and the technician forgot to install the black gasket around the ambient light sensor. The auto-brightness setting being enabled would increase the brightness in a lit room and decrease the brightness in a dark room. If the device has a low battery, it may dim the display to save battery life but it would still be readable. If the display was defective, it would be difficult to read in all light conditions and not just in the bright room.
What is the minimum amount of RAM needed to install Windows 8.1 on a 64-bit system?
2 GB. : For the Windows 8.1 (64-bit) operating system, the minimum requirements are a 1 GHz processor, 2 GB of RAM, and at least 20 GB of hard drive space.
What of the following file types are commonly used to create applications that can be run on Linux, macOS, and Windows?
.py. Python is a general-purpose programming language that can develop many different kinds of applications. It is designed to be easy to read, and the programs use fewer lines of code compared to other programming languages. The code runs in an interpreter. Python is preinstalled on many Linux distributions and can be installed on Windows. Python scripts are saved using the .py extension. A shell script is a file that contains a list of commands to be read and executed by the shell in Linux and macOS. A .sh file is used for a shell script and its first line always begins with #!/bin/bash that designates the interpreter. This line instructs the operating system to execute the script. Shell scripts allow you to perform various functions. These functions include automation of commands and tasks of system administration and troubleshooting, creating simple applications, and manipulating text or files. VBScript is a scripting language based on Microsoft’s Visual Basic programming language.
You are troubleshooting a computer that is operating slowly. What tools should you use to troubleshoot this workstation?
Performance Monitor. Windows Performance Monitor can be used to provide real-time charts of system resources or can be used to log information to a file for long-term analysis. By monitoring different resources at different times of the day, you can detect bottlenecks in a system that are causing problems. It may be that a particular application starts freezing for longer and longer periods. Many things could cause this. Perhaps it is that the processor is too slow, which would cause the requests to take longer. If the hard disk is too slow, this would mean that it takes too long for the computer to open and save files. If the application uses a network link, that link could have become faulty or congested. The task scheduler is a tool included with Windows that allows predefined actions to be automatically executed whenever a certain set of conditions is met. For example, you can schedule a task to run a backup script every night or send you an email whenever a certain system event occurs. Device manager (devmgmt.msc) is a utility used to view and control the hardware attached to the computer.
What file types are commonly used by network administrators to perform repetitive tasks using a Microsoft proprietary programming language?
.vbs. VBScript is a scripting language based on Microsoft’s Visual Basic programming language. Network administrators often use VBScript to perform repetitive administrative tasks. With VBScript, you can run your scripts from either the command-line or the Windows graphical interface. Scripts that you write must be run within a host environment. Windows 10 provides Internet Explorer, IIS, and Windows Script Host (WSH) for this purpose. A shell script is a file that contains a list of commands to be read and executed by the shell in Linux and macOS. A .sh file is used for a shell script and its first line always begins with #!/bin/bash that designates the interpreter. This line instructs the operating system to execute the script. Shell scripts allow you to perform various functions. These functions include automation of commands and tasks of system administration and troubleshooting, creating simple applications, and manipulating text or files. Python is a general-purpose programming language that can develop many different kinds of applications.
What type of antivirus scan provides the best protection for a typical home user?
On-access scans. On-access scans are a type of antivirus scan where the AV software intercepts operating system calls to open files to scan the file before allowing or preventing the file from being opened. On-access scans reduce performance somewhat but are essential to maintaining effective protection against malware. Weekly and daily scans are good to use, but they are not as effective in preventing infections as an on-access scan. A system administrator normally conducts safe mode scans after malware is found by an on-access scan, daily, or weekly scan.
A programmer is writing a script to calculate the temperature in Fahrenheit when it receives input in celsius. The conversion factor used is 5/9. What would be used to store this fixed conversion factor in the script?
Constant. A constant is a specific identifier that contains a value that cannot be changed within the program. For example, the value to convert a number from F to C is always 5/9 because the formula is C = (F -32) * 5/9. A comment is written into the code to help a human understand the initial programmer’s logic. In Python, for example, you can use the # symbol to comment on a line of code. Anything on the line after the # is ignored by the computer when the script is being executed. A variable is a placeholder in a script containing a number, character, or string of characters. Variables in scripts do not have to be declared (unlike in programming languages) but can be assigned a value. Then, the variable name is referenced throughout the script instead of the value itself. A loop deviates from the initial program path to some sort of logic condition. In a loop, the computer repeats the task until a condition is met. Often implemented with For or While statements. For example, a short script like (For i=1 to 100, print I, next) would print the numbers from 1 to 100 to the screen.
What should be configured on a macOS system to enable the Smart Zoom feature on a user’s MacBook trackpad?
Gestures. Apple introduced gestures as a simple way to control macOS from a Magic Trackpad or built-in trackpad of a MacBook. Gestures are finger movements on a trackpad or mouse that enable a user to scroll, zoom, and navigate the desktop, documents, and application content in macOS. Gestures include things like Smart Zoom, Rotate, Scroll Direction, and many others. To see what gestures are available on the Mac or change any of the settings, go to System Preferences, and then click Trackpad.
What is the minimum amount of hard drive space needed to install Windows 10 on a 64-bit system?
20 GB. For the Windows 10 (64-bit) operating system, the minimum requirements are a 1 GHz processor, 2 GB of RAM, and at least 20 GB of hard drive space. For the Windows 10 (32-bit) operating system, the minimum requirements are a 1 GHz processor, 1 GB of RAM, and at least 16 GB of hard drive space. For the Windows 11 (64-bit) operating system, the minimum requirements are a dual-core 1 GHz processor, 4 GB of RAM, and at least 64 GB of hard drive space.
Your Windows 10 system is booting up very slowly. What should you do to speed up the boot process?
Disable unnecessary programs from automatically starting up. While many of these solutions may decrease the boot time, the first thing to attempt is to disable unnecessary applications from automatically starting up. System configuration (msconfig.exe) is a system utility to troubleshoot the Microsoft Windows startup processes. MSConfig is used to disable or re-enable software, device drivers, and Windows services that run at startup, or to change boot parameters. The task manager is an advanced Windows tool that has 7 tabs that are used to monitor the Processes, Performance, App History, Startup, Users, Details, and Services on a computer. By clicking the Startup tab, the technician can see every program configured to start up when Windows is booted up. This can be used to disable unwanted programs from launching during the boot-up process.
A network administrator has set up a firewall and set up only three allow rules so that traffic can be sent over ports 21, 110, and 25. Next, they added a final rule of “deny any any” to the end of the ACL to minimize the attack surface and better secure the network. Unfortunately, now the administrator is receiving complaints from users that they cannot access any web pages using their URLs, such as DionTraining.com. What should the administrator do to correct this issue?
Add a rule to the ACL to allow traffic on ports 80 and 53. The Hypertext Transfer Protocol (HTTP) uses port 80 and is an application layer protocol for distributed, collaborative, hypermedia information systems using unencrypted data transfer. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. If the outbound port 80 is not open, then users will not be able to connect to a remote web server. If the outbound port 53 is not open, then the users will be unable to conduct a DNS name resolution and determine the IP address of the given web server based on its domain name. Port 22 is used for SSH/SCP/SFTP. Port 143 is used for IMAP. Port 139 and 445 are used for SMB. Port 389 is used for LDAP. Port 110 is used for POP3.
An ethical hacker has been hired to conduct a physical penetration test of a company. During the first day of the test, the ethical hacker dresses up like a plumber and waits in the building’s main lobby until an employee goes through the main turnstile. As soon as the employee enters his access number and proceeds to go through the turnstile, the ethical hacker follows them through the access gate. What type of attack did the ethical hacker utilize to access the restricted area of the building?
Tailgating. Based on the description, the ethical hacker conducted a very specialized type of social engineering attack known as tailgating. Sometimes on a certification exam, there are two correct answers, but one is more correct. This question is an example of that concept. Tailgating involves someone who lacks the proper authentication following an employee into a restricted area. Social engineering uses deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Shoulder surfing is a type of social engineering technique used to obtain personal identification numbers (PINs), passwords, and other confidential data by looking over the victim’s shoulder. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source.
What commands is used on a Linux system to change a user’s password on the system?
passwd. The passwd command is used to change a user’s account password on a Linux system. A normal user can run passwd to change their password, and a system administrator (the superuser) can use passwd to change another user’s password or define how that account’s password can be used or changed. The chmod command sets the permissions of files or directories on a Linux system. A set of flags associated with each file determines who can access that file and how they can access it. These flags are called file permissions or modes. The command name chmod stands for change mode and it restricts the way a file can be accessed. The chown command is used to change the owner of the file, directory, or link in Linux. The pwd command displays the present working directory (current directory) path to the terminal or display. If you are working on a Linux system and are unsure of where you are in the directory structure, type “pwd” and hit enter to display the path to the screen.