Practice Test Questions 4 Flashcards
Seven Steps to Malware Removal Procedure are what?
The seven steps of the malware removal procedures are (1) Investigate and verify malware symptoms, (2) Quarantine the infected systems, (3) Disable System Restore in Windows, (4) Remediate the infected systems, update anti-malware software, scan the system, and use removal techniques (e.g., safe mode, pre-installation environment), (5) Schedule scans and run updates, (6) Enable System Restore and create a restore point in Windows, and (7) Educate the end user.
A home user contacts the help desk and states that their desktop applications are running very slowly. The user also says that they have not received any emails all morning, but they normally get at least 5-10 emails each day. The help desk technician gets permission from the home user to remotely access their computer and runs some diagnostic scripts. The technician determines that the CPU performance is normal, the system can ping the local router/gateway, and the system can load websites slowly, or they fail to load completely. During the diagnosis, the technician also observes the remote connection dropping and reconnecting intermittently. What should the technician attempt to perform NEXT to resolve the user’s issue?
Update the anti-virus software, run a full scan of the system, and verify the web browser’s and email client’s settings. Based on the symptoms, it appears that the system may be infected with malware. Therefore, it would be best to attempt to remediate the system by updating the anti-virus, performing a full system scan, and verifying that the web browser and email client’s settings are correct. There is no indication that a recent OS update was performed, so there is no need to reboot into safe mode and roll back that update. Enabling TPM would not help with this issue since TPM is used to store encryption keys for a BitLocker encrypted hard disk. A technician should never send test emails to their personal account as it is considered unprofessional.
What file system type is commonly used for the operating system partition on a macOS system?
HFS+. The macOS system natively supports the use of HFS, HFS+, and APFS depending on the version of the operating system in use. The extended hierarchical file system (HFS+) is a journaling file system used natively by Apple’s macOS systems before APFS was released in 2017. HFS+ can support a maximum volume size of 8 EB. The Apple file system (APFS) is the default file system for Mac computers using macOS 10.13 or later and features strong encryption, space sharing, snapshots, fast directory sizing, and improved file system fundamentals. The NT file system (NTFS) is a Windows file system that supports a 64-bit address space and is able to provide extra features such as file-by-file compression and RAID support as well as advanced file attribute management tools, encryption, and disk quotas. NTFS can support a maximum volume size of up to 8 PB. The file allocation table 32-bit (FAT32) is the 32-bit file system supported by Windows, macOS, and Linux computers. FAT32 can support maximum volume sizes of up to 2 TB and maximum file sizes of up to 4 GB. The third extended filesystem (ext3) is a journaled file system commonly used by the Linux kernel. The ext3 file system can support a maximum volume size of up to 32 TB.
A cybersecurity analyst is applying for a new job with a penetration testing firm. He received the job application as a secured Adobe PDF file, but unfortunately, the firm locked the file with a password so the potential employee could not fill in the application. Instead of asking for an unlocked copy of the document, the analyst decides to write a script in Python to attempt to unlock the PDF file by using passwords from a list of commonly used passwords until he can find the correct password or attempts every password in his list. Based on this description, what kind of cryptographic attack did the analyst perform?
Dictionary Attack. A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary. The key to answering this question is that they were using passwords from a list. A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. A session hijacking attack compromises the session token by stealing or predicting a valid session token to gain unauthorized access to the webserver. An on-path attack is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
Edward has just returned to his office after a two-week vacation. When he logs into his email client to access his company email, he notices that he cannot see the shared Customer Service inbox folder in his email client. He contacts the help desk, and they verify that his account is still connected to the domain controller and that it can still send and receive emails successfully. What is the MOST likely happened during Edward’s vacation that caused the missing inbox folders in the email client?
The network file share’s permission has been modified. While Edward was on vacation, the network file share’s permissions have likely been modified. Based on the fact that Edward’s account is connected to the domain and can send/receive emails, it is not his user account’s permissions causing the issue. The internet security options would also prevent him from sending/receiving mail, so that can be eliminated. Even if the operating system were updated, that would not affect the shared inboxes since they reside on the network file shares and not Edward’s computer.
You are partitioning a 1 TB hard drive on a new workstation. The hard disk has been partitioned into four different partitions with 100 GB, 150 GB, 250 GB, and 500 GB. How many different file system types could you support on this 1 TB hard drive?
- You are partitioning a 1 TB hard drive on a new workstation. The hard disk has been partitioned into four different partitions with 100 GB, 150 GB, 250 GB, and 500 GB. How many different file system types could you support on this 1 TB hard drive?
What types of backups only copies data modified since the last full backup?
Differential. A differential backup only creates a copy of the selected data that has been modified since the last full backup. It is a good compromise in speed between a full backup (which takes the longest to backup and the least to restore) and an incremental backup (which takes the least to backup and the longest to restore). An incremental backup only creates a copy of new files and files modified since the last full, incremental, or differential backup. Therefore, it takes the least amount of time to complete a backup. Unfortunately, it also takes the most time to restore since you have to first restore the full backup, then any differential and incremental backups until all your data is restored. A full backup creates a copy of all the selected data regardless of when it was previously backed up. It takes the most time to complete a backup but is the fastest when conducting a restoral of all the data on a hard drive. Synthetic backup is the process of generating a file from a complete copy of a file created at some past time and one or more incremental copies created at later times.
You have been asked to help a user upgrade their laptop from Windows 10 to Windows 11. The user has asked that all of their applications, user profiles, documents, and PST files be preserved during the upgrade. What types of upgrades or installations should you perform on this laptop?
In-place upgrade. An in-place upgrade will preserve all of the user’s files and applications during the upgrade process from Windows 10 to Windows 11. An in-place upgrade is an installation of the new operating system on top of an existing version of the operating system. An in-place upgrade will preserve the applications, user settings, and data files that already exist on the computer. A clean install is an installation of the new operating system on a new computer or a computer that has been recently formatted. A clean install will completely replace the operating system software on the computer with the new operating system. During a clean install, all of the user’s data, settings, and applications will be deleted. An unattended installation is a software or operating system installation where the configuration information is derived from an input file. Repair installation is a type of installation that attempts to replace the existing version of the operating system files with a new copy of the same version. A repair installation is useful when trying to repair a Windows computer that will not boot or when you believe the system files have become corrupted.
Your company has just finished replacing all of its computers with brand new workstations. Colleen, one of your coworkers, has asked the company’s owner if she can have the old computers that are about to be thrown away. Colleen would like to refurbish the old computers by reinstalling a new operating system and donating them to a local community center for disadvantaged children in the neighborhood. The owner thinks this is a great idea but is concerned that the private and sensitive corporate data on the old computer’s hard drives might be placed at risk of exposure. You have been asked to choose the best solution to sanitize or destroy the data while ensuring the computers will still be usable by the community center. What type of data destruction or sanitization method do you recommend?
Wiping. Data wiping or clearing occurs by using a software tool to overwrite the data on a hard drive to destroy all electronic data on a hard disk or other media. Data wiping may be performed with a 1x, 7x, or 35x overwriting, with a higher number of times being more secure. This allows the hard drive to remain functional and allows for hardware reuse. Degaussing a hard drive involves demagnetizing a hard drive to erase its stored data. You cannot reuse a hard drive once it has been degaussed. Therefore, it is a bad solution for this scenario. Purging involves removing sensitive data from a hard drive using the device’s internal electronics or an outside source such as a degausser, or by using a cryptographic erase function if the drive supports one. Shredding involves the physical destruction of the hard drive. This is a secure method of destruction but doesn’t allow for device reuse.
What commands is used on a Linux system to run a program with another user’s permissions?
Sudo. The sudo command allows programs to be executed as a superuser (known as the root user) or another user. The command’s name is an abbreviation of the phrase “superuser do” and works on all Unix-based operating systems. The chown command is used to change the owner of the file, directory, or link in Linux. The grep is a command-line utility for searching plain-text data sets for lines that match a regular expression. The grep command works on Unix, Linux, and macOS operating systems. Grep is an acronym that stands for Global Regular Expression Print. The passwd command changes passwords for user accounts. A normal user may only change the password for their account, while the superuser may change the password for any user.
What remote access tools is a command-line terminal emulation program operating on port 23?
Telnet. Telnet is a TCP/IP application protocol supporting remote command-line administration of a host (terminal emulation). Telnet is unauthenticated, which means it sends data such as the username and password in plain text. For this reason, it should not be used, and SSH should be used instead. Telnet runs over TCP port 23. Virtual Network Computing (VNC) is a cross-platform screen sharing system that was created to remotely control another computer from a distance by a remote user from a secondary device as though they were sitting right in front of it. Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system. Remote Desktop Protocol (RDP) uses port 3389 and is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.
An Android user recently cracked their screen and had it replaced. If they are in a dark room, the phone works fine. If the user enters a room with normal lights on, then the phone’s display is dim and hard to read. What is MOST likely the problem?
Faulty ambient light sensor. The ambient light sensor appears to be broken or malfunctioning. The ambient light sensor may be too sensitive as it is taking in more light than usual. This can occur if the sensor is faulty or if the screen was replaced incorrectly, and the technician forgot to install the black gasket around the ambient light sensor. The auto-brightness setting being enabled would increase the brightness in a lit room and decrease the brightness in a dark room. If the device has a low battery, it may dim the display to save battery life but it would still be readable. If the display was defective, it would be difficult to read in all light conditions and not just in the bright room.
What is the minimum amount of RAM needed to install Windows 8.1 on a 64-bit system?
2 GB. : For the Windows 8.1 (64-bit) operating system, the minimum requirements are a 1 GHz processor, 2 GB of RAM, and at least 20 GB of hard drive space.
What of the following file types are commonly used to create applications that can be run on Linux, macOS, and Windows?
.py. Python is a general-purpose programming language that can develop many different kinds of applications. It is designed to be easy to read, and the programs use fewer lines of code compared to other programming languages. The code runs in an interpreter. Python is preinstalled on many Linux distributions and can be installed on Windows. Python scripts are saved using the .py extension. A shell script is a file that contains a list of commands to be read and executed by the shell in Linux and macOS. A .sh file is used for a shell script and its first line always begins with #!/bin/bash that designates the interpreter. This line instructs the operating system to execute the script. Shell scripts allow you to perform various functions. These functions include automation of commands and tasks of system administration and troubleshooting, creating simple applications, and manipulating text or files. VBScript is a scripting language based on Microsoft’s Visual Basic programming language.
You are troubleshooting a computer that is operating slowly. What tools should you use to troubleshoot this workstation?
Performance Monitor. Windows Performance Monitor can be used to provide real-time charts of system resources or can be used to log information to a file for long-term analysis. By monitoring different resources at different times of the day, you can detect bottlenecks in a system that are causing problems. It may be that a particular application starts freezing for longer and longer periods. Many things could cause this. Perhaps it is that the processor is too slow, which would cause the requests to take longer. If the hard disk is too slow, this would mean that it takes too long for the computer to open and save files. If the application uses a network link, that link could have become faulty or congested. The task scheduler is a tool included with Windows that allows predefined actions to be automatically executed whenever a certain set of conditions is met. For example, you can schedule a task to run a backup script every night or send you an email whenever a certain system event occurs. Device manager (devmgmt.msc) is a utility used to view and control the hardware attached to the computer.
