Practice Test Questions 4 Flashcards
Seven Steps to Malware Removal Procedure are what?
The seven steps of the malware removal procedures are (1) Investigate and verify malware symptoms, (2) Quarantine the infected systems, (3) Disable System Restore in Windows, (4) Remediate the infected systems, update anti-malware software, scan the system, and use removal techniques (e.g., safe mode, pre-installation environment), (5) Schedule scans and run updates, (6) Enable System Restore and create a restore point in Windows, and (7) Educate the end user.
A home user contacts the help desk and states that their desktop applications are running very slowly. The user also says that they have not received any emails all morning, but they normally get at least 5-10 emails each day. The help desk technician gets permission from the home user to remotely access their computer and runs some diagnostic scripts. The technician determines that the CPU performance is normal, the system can ping the local router/gateway, and the system can load websites slowly, or they fail to load completely. During the diagnosis, the technician also observes the remote connection dropping and reconnecting intermittently. What should the technician attempt to perform NEXT to resolve the user’s issue?
Update the anti-virus software, run a full scan of the system, and verify the web browser’s and email client’s settings. Based on the symptoms, it appears that the system may be infected with malware. Therefore, it would be best to attempt to remediate the system by updating the anti-virus, performing a full system scan, and verifying that the web browser and email client’s settings are correct. There is no indication that a recent OS update was performed, so there is no need to reboot into safe mode and roll back that update. Enabling TPM would not help with this issue since TPM is used to store encryption keys for a BitLocker encrypted hard disk. A technician should never send test emails to their personal account as it is considered unprofessional.
What file system type is commonly used for the operating system partition on a macOS system?
HFS+. The macOS system natively supports the use of HFS, HFS+, and APFS depending on the version of the operating system in use. The extended hierarchical file system (HFS+) is a journaling file system used natively by Apple’s macOS systems before APFS was released in 2017. HFS+ can support a maximum volume size of 8 EB. The Apple file system (APFS) is the default file system for Mac computers using macOS 10.13 or later and features strong encryption, space sharing, snapshots, fast directory sizing, and improved file system fundamentals. The NT file system (NTFS) is a Windows file system that supports a 64-bit address space and is able to provide extra features such as file-by-file compression and RAID support as well as advanced file attribute management tools, encryption, and disk quotas. NTFS can support a maximum volume size of up to 8 PB. The file allocation table 32-bit (FAT32) is the 32-bit file system supported by Windows, macOS, and Linux computers. FAT32 can support maximum volume sizes of up to 2 TB and maximum file sizes of up to 4 GB. The third extended filesystem (ext3) is a journaled file system commonly used by the Linux kernel. The ext3 file system can support a maximum volume size of up to 32 TB.
A cybersecurity analyst is applying for a new job with a penetration testing firm. He received the job application as a secured Adobe PDF file, but unfortunately, the firm locked the file with a password so the potential employee could not fill in the application. Instead of asking for an unlocked copy of the document, the analyst decides to write a script in Python to attempt to unlock the PDF file by using passwords from a list of commonly used passwords until he can find the correct password or attempts every password in his list. Based on this description, what kind of cryptographic attack did the analyst perform?
Dictionary Attack. A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary. The key to answering this question is that they were using passwords from a list. A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. A session hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the webserver. An on-path attack is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
Edward has just returned to his office after a two-week vacation. When he logs into his email client to access his company email, he notices that he cannot see the shared Customer Service inbox folder in his email client. He contacts the help desk, and they verify that his account is still connected to the domain controller and that it can still send and receive emails successfully. What is the MOST likely happened during Edward’s vacation that caused the missing inbox folders in the email client?
The network file share’s permission has been modified. While Edward was on vacation, the network file share’s permissions have likely been modified. Based on the fact that Edward’s account is connected to the domain and can send/receive emails, it is not his user account’s permissions causing the issue. The internet security options would also prevent him from sending/receiving mail, so that can be eliminated. Even if the operating system were updated, that would not affect the shared inboxes since they reside on the network file shares and not Edward’s computer.
You are partitioning a 1 TB hard drive on a new workstation. The hard disk has been partitioned into four different partitions with 100 GB, 150 GB, 250 GB, and 500 GB. How many different file system types could you support on this 1 TB hard drive?
- You are partitioning a 1 TB hard drive on a new workstation. The hard disk has been partitioned into four different partitions with 100 GB, 150 GB, 250 GB, and 500 GB. How many different file system types could you support on this 1 TB hard drive?
What types of backups only copies data modified since the last full backup?
Differential. A differential backup only creates a copy of the selected data that has been modified since the last full backup. It is a good compromise in speed between a full backup (which takes the longest to backup and the least to restore) and an incremental backup (which takes the least to backup and the longest to restore). An incremental backup only creates a copy of new files and files modified since the last full, incremental, or differential backup. Therefore, it takes the least amount of time to complete a backup. Unfortunately, it also takes the most time to restore since you have to first restore the full backup, then any differential and incremental backups until all your data is restored. A full backup creates a copy of all the selected data regardless of when it was previously backed up. It takes the most time to complete a backup but is the fastest when conducting a restoral of all the data on a hard drive. Synthetic backup is the process of generating a file from a complete copy of a file created at some past time and one or more incremental copies created at later times.
You have been asked to help a user upgrade their laptop from Windows 10 to Windows 11. The user has asked that all of their applications, user profiles, documents, and PST files be preserved during the upgrade. What types of upgrades or installations should you perform on this laptop?
In-place upgrade. An in-place upgrade will preserve all of the user’s files and applications during the upgrade process from Windows 10 to Windows 11. An in-place upgrade is an installation of the new operating system on top of an existing version of the operating system. An in-place upgrade will preserve the applications, user settings, and data files that already exist on the computer. A clean install is an installation of the new operating system on a new computer or a computer that has been recently formatted. A clean install will completely replace the operating system software on the computer with the new operating system. During a clean install, all of the user’s data, settings, and applications will be deleted. An unattended installation is a software or operating system installation where the configuration information is derived from an input file. Repair installation is a type of installation that attempts to replace the existing version of the operating system files with a new copy of the same version. A repair installation is useful when trying to repair a Windows computer that will not boot or when you believe the system files have become corrupted.
Your company has just finished replacing all of its computers with brand new workstations. Colleen, one of your coworkers, has asked the company’s owner if she can have the old computers that are about to be thrown away. Colleen would like to refurbish the old computers by reinstalling a new operating system and donating them to a local community center for disadvantaged children in the neighborhood. The owner thinks this is a great idea but is concerned that the private and sensitive corporate data on the old computer’s hard drives might be placed at risk of exposure. You have been asked to choose the best solution to sanitize or destroy the data while ensuring the computers will still be usable by the community center. What type of data destruction or sanitization method do you recommend?
Wiping. Data wiping or clearing occurs by using a software tool to overwrite the data on a hard drive to destroy all electronic data on a hard disk or other media. Data wiping may be performed with a 1x, 7x, or 35x overwriting, with a higher number of times being more secure. This allows the hard drive to remain functional and allows for hardware reuse. Degaussing a hard drive involves demagnetizing a hard drive to erase its stored data. You cannot reuse a hard drive once it has been degaussed. Therefore, it is a bad solution for this scenario. Purging involves removing sensitive data from a hard drive using the device’s internal electronics or an outside source such as a degausser, or by using a cryptographic erase function if the drive supports one. Shredding involves the physical destruction of the hard drive. This is a secure method of destruction but doesn’t allow for device reuse.
What commands is used on a Linux system to run a program with another user’s permissions?
Sudo. The sudo command allows programs to be executed as a superuser (known as the root user) or another user. The command’s name is an abbreviation of the phrase “superuser do” and works on all Unix-based operating systems. The chown command is used to change the owner of the file, directory, or link in Linux. The grep is a command-line utility for searching plain-text data sets for lines that match a regular expression. The grep command works on Unix, Linux, and macOS operating systems. Grep is an acronym that stands for Global Regular Expression Print. The passwd command changes passwords for user accounts. A normal user may only change the password for their account, while the superuser may change the password for any user.
What remote access tools is a command-line terminal emulation program operating on port 23?
Telnet. Telnet is a TCP/IP application protocol supporting remote command-line administration of a host (terminal emulation). Telnet is unauthenticated, which means it sends data such as the username and password in plain text. For this reason, it should not be used, and SSH should be used instead. Telnet runs over TCP port 23. Virtual Network Computing (VNC) is a cross-platform screen sharing system that was created to remotely control another computer from a distance by a remote user from a secondary device as though they were sitting right in front of it. Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system. Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.
An Android user recently cracked their screen and had it replaced. If they are in a dark room, the phone works fine. If the user enters a room with normal lights on, then the phone’s display is dim and hard to read. What is MOST likely the problem?
Faulty ambient light sensor. The ambient light sensor appears to be broken or malfunctioning. The ambient light sensor may be too sensitive as it is taking in more light than usual. This can occur if the sensor is faulty or if the screen was replaced incorrectly, and the technician forgot to install the black gasket around the ambient light sensor. The auto-brightness setting being enabled would increase the brightness in a lit room and decrease the brightness in a dark room. If the device has a low battery, it may dim the display to save battery life but it would still be readable. If the display was defective, it would be difficult to read in all light conditions and not just in the bright room.
What is the minimum amount of RAM needed to install Windows 8.1 on a 64-bit system?
2 GB. : For the Windows 8.1 (64-bit) operating system, the minimum requirements are a 1 GHz processor, 2 GB of RAM, and at least 20 GB of hard drive space.
What of the following file types are commonly used to create applications that can be run on Linux, macOS, and Windows?
.py. Python is a general-purpose programming language that can develop many different kinds of applications. It is designed to be easy to read, and the programs use fewer lines of code compared to other programming languages. The code runs in an interpreter. Python is preinstalled on many Linux distributions and can be installed on Windows. Python scripts are saved using the .py extension. A shell script is a file that contains a list of commands to be read and executed by the shell in Linux and macOS. A .sh file is used for a shell script and its first line always begins with #!/bin/bash that designates the interpreter. This line instructs the operating system to execute the script. Shell scripts allow you to perform various functions. These functions include automation of commands and tasks of system administration and troubleshooting, creating simple applications, and manipulating text or files. VBScript is a scripting language based on Microsoft’s Visual Basic programming language.
You are troubleshooting a computer that is operating slowly. What tools should you use to troubleshoot this workstation?
Performance Monitor. Windows Performance Monitor can be used to provide real-time charts of system resources or can be used to log information to a file for long-term analysis. By monitoring different resources at different times of the day, you can detect bottlenecks in a system that are causing problems. It may be that a particular application starts freezing for longer and longer periods. Many things could cause this. Perhaps it is that the processor is too slow, which would cause the requests to take longer. If the hard disk is too slow, this would mean that it takes too long for the computer to open and save files. If the application uses a network link, that link could have become faulty or congested. The task scheduler is a tool included with Windows that allows predefined actions to be automatically executed whenever a certain set of conditions is met. For example, you can schedule a task to run a backup script every night or send you an email whenever a certain system event occurs. Device manager (devmgmt.msc) is a utility used to view and control the hardware attached to the computer.
What file types are commonly used by network administrators to perform repetitive tasks using a Microsoft proprietary programming language?
.vbs. VBScript is a scripting language based on Microsoft’s Visual Basic programming language. Network administrators often use VBScript to perform repetitive administrative tasks. With VBScript, you can run your scripts from either the command-line or the Windows graphical interface. Scripts that you write must be run within a host environment. Windows 10 provides Internet Explorer, IIS, and Windows Script Host (WSH) for this purpose. A shell script is a file that contains a list of commands to be read and executed by the shell in Linux and macOS. A .sh file is used for a shell script and its first line always begins with #!/bin/bash that designates the interpreter. This line instructs the operating system to execute the script. Shell scripts allow you to perform various functions. These functions include automation of commands and tasks of system administration and troubleshooting, creating simple applications, and manipulating text or files. Python is a general-purpose programming language that can develop many different kinds of applications.
What type of antivirus scan provides the best protection for a typical home user?
On-access scans. On-access scans are a type of antivirus scan where the AV software intercepts operating system calls to open files to scan the file before allowing or preventing the file from being opened. On-access scans reduce performance somewhat but are essential to maintaining effective protection against malware. Weekly and daily scans are good to use, but they are not as effective in preventing infections as an on-access scan. A system administrator normally conducts safe mode scans after malware is found by an on-access scan, daily, or weekly scan.
A programmer is writing a script to calculate the temperature in Fahrenheit when it receives input in celsius. The conversion factor used is 5/9. What would be used to store this fixed conversion factor in the script?
Constant. A constant is a specific identifier that contains a value that cannot be changed within the program. For example, the value to convert a number from F to C is always 5/9 because the formula is C = (F -32) * 5/9. A comment is written into the code to help a human understand the initial programmer’s logic. In Python, for example, you can use the # symbol to comment on a line of code. Anything on the line after the # is ignored by the computer when the script is being executed. A variable is a placeholder in a script containing a number, character, or string of characters. Variables in scripts do not have to be declared (unlike in programming languages) but can be assigned a value. Then, the variable name is referenced throughout the script instead of the value itself. A loop deviates from the initial program path to some sort of logic condition. In a loop, the computer repeats the task until a condition is met. Often implemented with For or While statements. For example, a short script like (For i=1 to 100, print I, next) would print the numbers from 1 to 100 to the screen.
What should be configured on a macOS system to enable the Smart Zoom feature on a user’s MacBook trackpad?
Gestures. Apple introduced gestures as a simple way to control macOS from a Magic Trackpad or built-in trackpad of a MacBook. Gestures are finger movements on a trackpad or mouse that enable a user to scroll, zoom, and navigate the desktop, documents, and application content in macOS. Gestures include things like Smart Zoom, Rotate, Scroll Direction, and many others. To see what gestures are available on the Mac or change any of the settings, go to System Preferences, and then click Trackpad.
What is the minimum amount of hard drive space needed to install Windows 10 on a 64-bit system?
20 GB. For the Windows 10 (64-bit) operating system, the minimum requirements are a 1 GHz processor, 2 GB of RAM, and at least 20 GB of hard drive space. For the Windows 10 (32-bit) operating system, the minimum requirements are a 1 GHz processor, 1 GB of RAM, and at least 16 GB of hard drive space. For the Windows 11 (64-bit) operating system, the minimum requirements are a dual-core 1 GHz processor, 4 GB of RAM, and at least 64 GB of hard drive space.
Your Windows 10 system is booting up very slowly. What should you do to speed up the boot process?
Disable unnecessary programs from automatically starting up. While many of these solutions may decrease the boot time, the first thing to attempt is to disable unnecessary applications from automatically starting up. System configuration (msconfig.exe) is a system utility to troubleshoot the Microsoft Windows startup processes. MSConfig is used to disable or re-enable software, device drivers, and Windows services that run at startup, or to change boot parameters. The task manager is an advanced Windows tool that has 7 tabs that are used to monitor the Processes, Performance, App History, Startup, Users, Details, and Services on a computer. By clicking the Startup tab, the technician can see every program configured to start up when Windows is booted up. This can be used to disable unwanted programs from launching during the boot-up process.
A network administrator has set up a firewall and set up only three allow rules so that traffic can be sent over ports 21, 110, and 25. Next, they added a final rule of “deny any any” to the end of the ACL to minimize the attack surface and better secure the network. Unfortunately, now the administrator is receiving complaints from users that they cannot access any web pages using their URLs, such as DionTraining.com. What should the administrator do to correct this issue?
Add a rule to the ACL to allow traffic on ports 80 and 53. The Hypertext Transfer Protocol (HTTP) uses port 80 and is an application layer protocol for distributed, collaborative, hypermedia information systems using unencrypted data transfer. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. If the outbound port 80 is not open, then users will not be able to connect to a remote web server. If the outbound port 53 is not open, then the users will be unable to conduct a DNS name resolution and determine the IP address of the given web server based on its domain name. Port 22 is used for SSH/SCP/SFTP. Port 143 is used for IMAP. Port 139 and 445 are used for SMB. Port 389 is used for LDAP. Port 110 is used for POP3.
An ethical hacker has been hired to conduct a physical penetration test of a company. During the first day of the test, the ethical hacker dresses up like a plumber and waits in the building’s main lobby until an employee goes through the main turnstile. As soon as the employee enters his access number and proceeds to go through the turnstile, the ethical hacker follows them through the access gate. What type of attack did the ethical hacker utilize to access the restricted area of the building?
Tailgating. Based on the description, the ethical hacker conducted a very specialized type of social engineering attack known as tailgating. Sometimes on a certification exam, there are two correct answers, but one is more correct. This question is an example of that concept. Tailgating involves someone who lacks the proper authentication following an employee into a restricted area. Social engineering uses deception to manipulate individuals into divulging confidential or personal information that may be used for fraudulent purposes. Shoulder surfing is a type of social engineering technique used to obtain personal identification numbers (PINs), passwords, and other confidential data by looking over the victim’s shoulder. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source.
What commands is used on a Linux system to change a user’s password on the system?
passwd. The passwd command is used to change a user’s account password on a Linux system. A normal user can run passwd to change their password, and a system administrator (the superuser) can use passwd to change another user’s password or define how that account’s password can be used or changed. The chmod command sets the permissions of files or directories on a Linux system. A set of flags associated with each file determines who can access that file and how they can access it. These flags are called file permissions or modes. The command name chmod stands for change mode and it restricts the way a file can be accessed. The chown command is used to change the owner of the file, directory, or link in Linux. The pwd command displays the present working directory (current directory) path to the terminal or display. If you are working on a Linux system and are unsure of where you are in the directory structure, type “pwd” and hit enter to display the path to the screen.
Your company is concerned about the possibility of power fluctuations that may occur and cause a small increase in the input power to their server room. What condition is this known as?
Power Surge. An extended over-voltage event is known as a power surge. A power surge is basically an increase in your electrical current. A power surge often has levels of 10-30% above the normal line voltage and lasts from 15 milliseconds up to several minutes. An under-voltage event is a reduction in or restriction on the availability of electrical power in a particular area. The irregular power supply during an under-voltage event can ruin your computer and other electronic devices. Electronics are created to operate at specific voltages, so any fluctuations in power (both up and down) can damage them. To protect against an under-voltage event, you can use either a battery backup or a line conditioner. A significant over-voltage event that occurs for a very short time is known as a power spike. A power spike is a very short pulse of energy on a power line. Power spikes can contain very high voltages up to and beyond 6000 volts but usually last only a few milliseconds instead of longer but lower voltage power surges. A power loss or power failure is a total loss of power in a particular area. To protect against a power loss or power failure, a battery backup should be used.
You just received your monthly smartphone bill. As you review your charges, you notice that this month shows three times as much data usage as a normal month. You don’t remember changing your usage pattern, so there should not have been a large increase in data used. What should you do FIRST to determine the source of the increased usage?
Check network permissions and data usage for any applications installed within the last month. You should FIRST check your network permissions and data usage for any applications installed within the last month. Some applications use background processes and daemons to download data over the network, even if you are not using the device. If there is a large increase in your data usage from one month to the next, you should check what may have changed during that month. This includes your usage patterns (which the question states haven’t changed) and any applications you may have updated or installed.
You need to connect to a Linux server to conduct some maintenance. The server is located in a remote office about 50 miles away. You decide to connect the server remotely instead of driving to the location to save some time, but you want to ensure you do this securely. The Linux server has VNC installed, but it isn’t configured to provide an encrypted connection. Which of the following should you use to secure the VNC connection to the remote server?
SSH in tunnel mode. Since you want to use the existing VNC server to make the connection and it is unencrypted, you should tunnel the VNC protocol through a secure SSH connection to encrypt it. While an SSH client connects to a Secure Shell server, which allows you to run terminal commands as if you were sitting in front of another computer, it can also allow you to “tunnel” any port or protocol between your local system and a remote SSH server through its own encryption process. This allows you to add a layer of encryption and security to an unsecured protocol or application, like VNC. Remote Desktop Protocol (RDP) is a Microsoft protocol designed to facilitate application data transfer security and encryption between client user devices and a virtual network server. It enables a remote user to add a graphical interface to the desktop of another computer. The hypertext transfer protocol secure (HTTPS) is a secure protocol used to provide web content to browsers using SSL/TLS encryption over TCP port 443. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard.
Judith is installing Windows 10 (64-bit) in a virtual machine on her macOS laptop. The installation is continually failing and producing an error. Judith has configured the virtual machine with a dual-core 1 GHz processor, 2 GB of memory, a 15 GB hard drive, and a 1024x768 screen resolution. What item in the virtual machine should be increased to fix the installation issue experienced?
Amount of hard drive space. For the Windows 10 (64-bit) operating system, the minimum requirements are a 1 GHz processor, 2 GB of RAM, and at least 20 GB of hard drive space. Since the virtual machine only has 15 GB of hard drive space allocated, this has caused errors with the installation and must be increased.
What does the command “shutdown /l” do on a Windows workstation?
Log off the workstation. The shutdown command allows a user or administrator to shut down or restart local or remote computers, one at a time. Using the /r option will reboot the computer. Using the /s option will shut down the computer. Using the /l option will log off the current user. Using the /h option will enter sleep or hibernation mode.
What open-source remote access tools allows users to connect to their desktop remotely, see what is on their screen, and control it with their mouse and keyboard?
VNC. VNC (virtual network computing) is a remote access tool and protocol. It is used for screen sharing on Linux and macOS. RDP is not open-source. SSH and telnet are text-based remote access tools. Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection. Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system. Telnet uses port 23 to provide a bidirectional interactive text-oriented communication facility using a virtual terminal connection but sends its data in plaintext making it an insecure protocol.
You just installed a flat panel television in a conference room in your office building. The facilities manager is concerned that a lightning strike could damage it. The company is not worried about the threat of power outages because the conference room is only used a few times per week. What should be installed to BEST mitigate the facilities manager’s concerns without spending too much money?
Surge suppressor. A surge suppressor defends against possible voltage spikes that could damage your electronics, appliances, or equipment. A power strip will not protect against voltage spikes. A UPS or line conditioner could protect against voltage spikes, but they cost much more than a surge suppressor. A surge suppressor should be used to meet the requirements of this question best. A line conditioner is a device that adjusts voltages in under-voltage and overvoltage conditions to maintain a 120 V output. Line conditioners raise a sag or under-voltage event back to normal levels, but they cannot protect the line from a complete power failure or power outage. An uninterruptible power supply or uninterruptible power source (UPS) is an electrical apparatus that provides emergency power to a load when the input power source becomes too low or the main power fails.
What commands is used on a Linux system to copy a file to a new directory and then remove the original file from the previous directory?
mv. The mv command is a command-line utility that moves files or directories from one place to another. The mv command supports moving single files, multiple files, and directories. The mv command can prompt before overwriting files and will only move files that are newer than the destination. When the mv command is used, the file is copied to the new directory and removed from the old directory. The cp command is a command-line utility for copying files and directories. It supports moving one or more files or folders with options for taking backups and preserving attributes. Copies of files are independent of the original file, unlike the mv command. The cp command will copy your file(s) while the mv one will move them and delete the original files from the old location. The rm command is a command-line utility for removing files or directories.
