Questions from Practice Exam V

Question 1

Your companies share drive has several folders that have become encrypted by a piece of ransomware. During your investigation, you found that only the Sales department folders were encrypted. You continue your investigation and find that a salesperson’s workstation was also encrypted. You suspect that this workstation was the original source of the infection. Since it was connected to the Sales department share drive as a mapped S:\ drive, it was also encrypted. You have unplugged the network cable from this workstation. What action should you perform NEXT to restore the company’s network to normal operation?

1. Restore the Sales department folders from backup
2. Disable System Restore on the workstation
3. Schedule a full disk anti-malware scan on the workstation
4. Schedule weekly scans and enable on-access scanning

Answer 1

1. Restore the Sales department folders from backups

OBJ-3.3: Since the share drive affects multiple users, not just this one salesperson, it should be prioritized for recovery first. Since the workstation has been quarantined from the network, it is no longer a threat to the shared drive data. Therefore, you should restore the latest backup of the Sales folders to the share drive. This will enable the rest of the Sales department to get back to normal operations. Then, you should focus on remediating this workstation. The next step for that remediation would be to disable System Restore, remediate the infected workstation by updating the anti-malware software, and conduct scans. The seven steps of the malware removal procedures are (1) Investigate and verify malware symptoms, (2) Quarantine the infected systems, (3) Disable System Restore in Windows, (4) Remediate the infected systems, update anti-malware software, scan the system, and use removal techniques (e.g., safe mode, pre-installation environment), (5) Schedule scans and run updates, (6) Enable System Restore and create a restore point in Windows, and (7) Educate the end user.

Question 2

A user’s workstation is running slowly and cannot open some larger program files. The user complains that they often get a warning that states memory is running low on their Windows 10 workstation. Which of the following should you configure until more memory can be installed to help alleviate this problem?
1. Defragment the hard drive
2. Disable the visual effects
3. Increase the pagefile size
4. Enable the swap file

Answer 2

3. Increase the page file size

OBJ-3.1: Pagefile in Windows 10 is a hidden system file with the .sys extension stored on your computer’s system drive (usually C:). The Pagefile allows the computer to perform smoothly by reducing the workload of physical memory. Simply put, every time you open more applications than the RAM on your PC can accommodate, the programs already present in the RAM are automatically transferred to the Pagefile. This process is technically called Paging. Because the Pagefile works as a secondary RAM, it is often referred to as Virtual Memory. Adding more physical memory will allow the computer to run faster, but increasing the pagefile size is an acceptable short-term solution.

Question 3

You are working in a doctor’s office and have been asked to set up a kiosk to allow customers to check in for their appointments. The kiosk should be secured, and only customers to access a single application used for the check-in process. You must also ensure that the computer will automatically log in whenever the system is powered on or rebooted. Which of the following types of accounts should you configure for this kiosk?
1. Admin
2. Remote Desktop User
3. Guest
4. Power user

Answer 3

3. Guest

OBJ-2.5: A Windows guest account will let other people use your computer without being able to change PC settings, install apps, or access your private files. A Guest account is a Microsoft Windows user account with limited capabilities, no privacy, and is disabled by default. An administrator account is a Microsoft Windows user account that can perform all tasks on the computer, including installing and uninstalling apps, setting up other users, and configuring hardware and software.

Question 4

Which of the following should you use to fix an issue with a graphics card’s drivers in Windows 10?

1. Devices and Printers
2. Event Viewer
3. Device Manager
4. System

Answer 4

Device manager

OBJ-1.4: The Device Manager is used to view and control the hardware attached to the computer. The device manager will highlight a piece of hardware that is not working so that a technician can repair or replace it. The event viewer shows a log of application and system messages, including errors, information messages, and warnings. The Devices and Printers section of the Control Panel allows a technician to manage the printers, scanners, and other external devices connected to a Windows computer. The System section of the Control Panel allows a technician to see information about the workstation, including the processor type, amount of memory, and operating system version installed on the computer.

Question 5

You are concerned that your servers could be damaged during a power failure or under-voltage event. Which TWO devices would protect against these conditions?

1. Line Conditioner
2. Grounding the server rack
3. Battery backup
4. Surge suppressor

Answer 5

1. Line conditioner
2. Battery backup

OBJ-4.5: A power loss or power failure is a total loss of power in a particular area. An under-voltage event is a reduction in or restriction on the availability of electrical power in a particular area. The irregular power supply during the under-voltage event can ruin your computer and other electronic devices. Electronics are created to operate at specific voltages, so any fluctuations in power (both up and down) can damage them. To protect against an under-voltage event, you can use either a battery backup or a line conditioner. To protect against a power loss or power failure, a battery backup or generator should be used. Therefore, the best answer to this question is a battery backup and a line conditioner.

Question 6

Dion Training has an open wireless network so that their students can connect to the network during class without logging in. The Dion Training security team is worried that the customers from the coffee shop next door may be connecting to the wireless network without permission. If Dion Training wants to keep the wireless network open for students but prevents the coffee shop’s customers from using it, which of the following should be changed or modified?

1. Default SSID
2. Signal strength or power level
3. Firewall
4. MAC filtering

Answer 6

2. Signal strength or power level

OBJ-2.9: Since Dion Training wants to keep the wireless network open, the BEST option is to reduce the signal strength of the network’s power level. This will ensure the wireless network can only be accessed from within its classrooms and not from the coffee shop next door. Changing the SSID won’t prevent the coffee shop’s customers from accessing the network. While MAC filtering could be used to create an approved allow list of MAC addresses for all Dion Training’s students, this would also require it to be continuously updated with each class of students that is very time-intensive and inefficient. Therefore, the BEST solution is to reduce the signal strength.

Question 7

Which of the following commands can a technician use on a Linux server to verify the IP address associated with diontraining.com?

1. netstat
2. apt-get
3. dig
4. grep

Answer 7

3. dig

OBJ-1.11: The dig command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The netstat command is used to display the network statistics. The grep is a command-line utility for searching plain-text data sets for lines that match a regular expression. The grep command works on Unix, Linux, and macOS operating systems. Grep is an acronym that stands for Global Regular Expression Print. The apt-get utility is a powerful package management command-line program that works with Ubuntu’s APT (Advanced Packaging Tool) library to install new software packages, remove existing software packages, upgrade existing software packages, and even upgrade the entire operating system. The apt-get utility works with Ubuntu and Debian-based Linux distributions.

Question 8

You have been asked to recycle 20 of your company’s old laptops. The laptops will be donated to a local community center for underprivileged children. Which of the following data destruction and disposal methods is MOST appropriate to allow the data on the drives to be fully destroyed and the drives to be reused by the community center?

1. Low level formatting of the HDDs
2. Standard formatting of the HDDs
3. Degaussing of the HDDs
4. Drilll/hammer the HDD platters

Answer 8

1. Low level formatting of the HDDs

OBJ-2.8: Low-level formatting is a hard disk operation that should make recovering data from your storage devices impossible once the operation is complete. It sounds like something you might want to do if giving away a hard disk or discarding an old computer that may have contained useful and important private information. Standard formatting of the drives could allow the data to be restored and make the data vulnerable to exposure. Drilling or hammering the HDD platters would physically destroy the drives and the data, making the laptops useless for the community center. Degaussing the drives would also render the drives useless to the community center. Therefore, the safest method is a low-level format since it fully destroys the data and allows the drives to be reused by the community center.

Question 9

A user is attempting to pay for their morning coffee using Apple Pay on their iPhone. The user quickly taps their phone against the payment terminal, but it fails to process. Which of the following should the user do to properly use NFC for payment?

1. Turn on airplane mode and then try again
2. Hold the phone on the payment terminal for at least 3 seconds
3. Hold the phone 5 inches above the payment terminal
4. Manually select a card from your Apple wallet and try again

Answer 9

2. Hold the phone on the payment terminal for at least 3 seconds
3. Manually select a card from your Apple wallet and try again

OBJ-3.4: NFC usually takes a few seconds to process when the phone is placed on the terminal, so quickly tapping may not work properly. Sometimes, even holding the phone next to the payment terminal won’t work if the terminal’s NFC reader hasn’t properly detected Apple Pay. If you find that simply holding your phone up to the terminal doesn’t work, try selecting a card manually. To do this, go into the Wallet app, then select the card you want to use. Near-Field Communication (NFC) is a set of communication protocols for communication between two electronic devices over a distance of 4 cm or less. NFC offers a low-speed connection with a simple setup that can be used to bootstrap more capable wireless connections. NFC is used with payment systems like Apple Pay, Samsung Pay, and Google Pay since it supports two-way communication, unlike RFID which only supports one-way data transfers.

Question 10

Jonni is installing Windows 11 (64-bit) in a virtual machine on his Linux desktop. The installation is continually failing and producing an error. Jonni has configured the virtual machine with a dual-core 1.2 GHz processor, 4 GB of memory, a 32 GB hard drive, and a 1920 x 1080 screen resolution. Which item in the virtual machine should be increased to fix the installation issue experienced?

Answer 10

Amount of hard drive space

OBJ-1.7: The amount of storage space needs to be increased. For the Windows 11 (64-bit) operating system, the minimum requirements are a dual-core 1 GHz processor, 4 GB of RAM, and at least 64 GB of hard drive space. For the Windows 10 (32-bit) operating system, the minimum requirements are a 1 GHz processor, 1 GB of RAM, and at least 16 GB of hard drive space. For the Windows 10 (64-bit) operating system, the minimum requirements are a 1 GHz processor, 2 GB of RAM, and at least 20 GB of hard drive space.

Question 11

A user contacts the service desk after they just finished attempting to upgrade their laptop to Windows 10. The upgrade failed, and the user asks you to explain why. Which of the following log files should you review to determine the cause of the upgrade failure?

1. Security log
2. Setup
3. Application log
4. System log

Answer 11

2. setup

OBJ-3.1: The event viewer shows a log of application and system messages, including errors, information messages, and warnings. It’s a useful tool for troubleshooting all kinds of different Windows problems. The setup log contains a record of the events generated during the Windows installation or upgrade process. The file (setup.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The application log contains information regarding application errors. The file (application.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The system log contains information about service load failures, hardware conflicts, driver load failures, and more. The file (system.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The security log contains information regarding audit data and security on a system. For example, the security log contains a list of every successful and failed login attempt. The file (security.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer.

Question 12

Regardless of what website Michelle types into her browser, she is being redirected to “malwarescammers.com.” What should Michelle do to fix this problem?

1. Rollback the application to the previous version
2. Update the anti-virus software and run a full system scan
3. Restart the network services
4. Reset the web browser’s proxy setting

Answer 12

4. Reset the web browser’s proxy settings

OBJ-3.2: When a browser redirect occurs, it usually results from a malicious proxy server setting being added to the browser. Michelle should first check her web browser’s configuration for any malicious proxies under the Connections tab under Internet Options in the Control Panel. Next, she should check the hosts.ini file to ensure that single sites are not being redirected.

Question 13

Dion Training uses a patch management server to control the distribution and installation of security patches. A technician needs to configure a new Windows 10 workstation to not perform Windows Updates automatically. Which of the following features in the Task Manager should the technician use to disable the Windows Update service?

1. Services
2. Performance
3. Startup
4. Processes

Answer 13

1. Services

OBJ-1.3: The task manager is an advanced Windows tool that has 7 tabs that are used to monitor the Processes, Performance, App History, Startup, Users, Details, and Services on a computer. By clicking the Services tab, the technician can list all of the services installed on the computer, display their status, and start/stop/restart those services. The Processes tab in the task manager is helpful to quickly see how system resources are utilized, help troubleshoot applications, or find out why the computer is performing slowly. The task manager can identify and stop processes that use excessive system resources and keep the computer operating at higher speeds. By clicking the Startup tab, the technician can see every program configured to start up when Windows is booted up. This can be used to disable unwanted programs from launching during the boot-up process. By clicking the Processes tab, the technician can manage and terminate running apps and services.

Question 14

Tim connects his Windows 10 laptop to his office’s wireless network to print out a report for his boss. Which type of network should he select to discover the printer on the office’s wireless network?

1. Private
2. Home
3. Work
4. Public

Answer 14

1. Private

OBJ-1.6: Tim should select the private network type when connecting to the wireless network in his office so that he can access the networked printer. The Network and Sharing Center in the Control Panel allows a technician to see information and modify the configuration settings of the network adapters in the workstation. The Network and Sharing Center is used to connect to a network using broadband, dial-up, or VPN connection, or add/remove file and printer sharing over the network on the workstation. When connecting to a network for the first time, the user must select if it is a public or private network. A public network will hide your computer from other devices on the network and prevent file and printer sharing. A private network is considered trusted, allows the computer to be discoverable to other devices on the network, and supports the use of file and printer sharing. In older versions of Windows, there were also Home and Work network types, but those have since been merged into public and private network types, as well.