Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA A+ 1102 > Security > Flashcards

Security Flashcards

1
Q

Malware is installed on a device after a user clicks on a link in a suspicious email.
Which of the following is the best way to remove the malware?

A. Run System Restore.
B. Place in recovery mode.
C. Schedule a scan.
D. Restart the PC.

A

C. Schedule a scan

Explanation:
Running a scan with antivirus or antimalware software is the best way to remove
malware from a device.

Breakdown of Each Choice:
* A. Run System Restore.
o Incorrect: Focuses on restoring system settings, not specifically for
malware removal.
* B. Place in recovery mode.
o Incorrect: Typically used for troubleshooting or OS reinstallation, not
specifically for malware removal.
* C. Schedule a scan.
o Correct: Most effective for detecting and removing malware.
* D. Restart the PC.
o Incorrect: Temporarily interrupts malware but doesn’t remo

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

When visiting a particular website, a user receives a message stating, “Your
connection is not private”. Which of the following describes this issue?
A. Certificate warning
B. Malware
C. JavaScript error
D. Missing OS update

A

a. Certificate warning

Explanation:
When a user receives a message stating “Your connection is not private,” it typically indicates a problem with the SSL/TLS certificate of the website. This warning alerts users that the website’s certificate is invalid, expired, or not issued by a trusted certificate authority, potentially compromising the security of the connection.

Breakdown of Each Choice:
* A. Certificate warning:
o Correct: Indicates an issue with the SSL/TLS certificate of the website,leading to an insecure connection.
* B. Malware:
o Incorrect: Malware typically refers to malicious software that can infect a system, but it’s not directly related to SSL/TLS certificate
issues.
* C. JavaScript error:
o Incorrect: JavaScript errors may affect the functionality of a website, but they don’t directly cause a “Your connection is not private” message.
* D. Missing OS update:
o Incorrect: Missing OS updates ccould potentially lead to security vulnerabilities, but they don’t directly cause a certificate warning message in the browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which of the following is also known as something you know, something you have,
and something you are?
A. ACL
B. MFA
C. SMS
D. NFC

A

B. MFA

Explanation:
MFA involves “something you know” (like a password), “something you have” (like a
token or smartphone), and “something you are” (like biometric data). It enhances
security by requiring multiple forms of verification.

Breakdown of Each Choice:
* A. ACL (Access Control List):
o Incorrect: Defines permissions, not authentication factors.
* B. MFA (Multi-Factor Authentication):
o Correct: Requires multiple forms of verification for security.
* C. SMS (Short Message Service):
o Incorrect: Text messaging service, not authentication factors.
* D. NFC (Near Field Communication):
o Incorrect: Communication technology, not authentication factors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following authentication types is the most secure?
A. WPA3
B. WEP
C. RADIUS
D. TACACS+
E. WPS

A

A. WPA3

Explanation:
WPA3 (Wi-Fi Protected Access 3) is the latest and most secure wireless
authentication protocol, offering enhanced security features compared to older
protocols.

Breakdown of Each Choice:
* A. WPA3:
o Correct: The most secure wireless authentication protocol with
advanced encryption and security features.
* B. WEP:
o Incorrect: An outdated and insecure wireless protocol easily broken
by modern attacks.
* C. RADIUS:
o Incorrect: While secure, RADIUS is an authentication server protocol,
not a direct comparison to WPA3 for wireless security.
* D. TACACS+:
o Incorrect: A secure network protocol for authentication, but not
directly comparable to WPA3 in terms of wireless security.
* E. WPS:
o Incorrect: A convenience feature for connecting devices to a wireless
network, known to have significant security vulnerabilities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

A user’s laptop has been performing slowly and redirecting to unfamiliar websites. The user has also noticed random pop-up windows. Which of the following is the first step a technician should take to resolve the issue?
A. Scan for malware and ransomware.
B. Perform a system restore.
C. Check the network utilization.
D. Update the antivirus software.

A

A. Scan for malware and ransomware.

Explanation:
The symptoms described—slow performance, website redirections, and random pop-ups—are indicative of a malware infection. The first step to resolve the issue is to scan the laptop for malware and ransomware to identify and remove any malicious software causing these problems.

Breakdown of Each Choice:
* A. Scan for malware and ransomware:
o Correct: Directly addresses the likely cause of the symptoms and is
the first step in identifying and removing malicious software.
* B. Perform a system restore:
o Incorrect: While this can help revert the system to a previous state, it
may not completely remove malware and should be considered after a
malware scan if necessary.
* C. Check the network utilization:
o Incorrect: This can help diagnose network-related issues but doesn’t
directly address the symptoms of malware.
* D. Update the antivirus software:
o Incorrect: While updating antivirus software is important, the
immediate step should be to perform a malware scan. Updating can
be done as part of the preparation for the scan.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

A branch office suspects a machine contains ransomware. Which of the following mitigation steps should a technician take first?
A. Disable System Restore.
B. Remediate the system.
C. Educate the system user.
D. Quarantine the system

A

D. Quarantine the system

Explanation:
When ransomware is suspected on a machine, the first step is to isolate or
quarantine the system to prevent further spread of the infection to other machines
or network resources. This helps contain the ransomware and prevents additional
damage.
Breakdown of Each Choice:
* A. Disable System Restore:
o Incorrect: Disabling System Restore may prevent the recovery of
encrypted files but does not address the immediate need to contain
the ransomware.
* B. Remediate the system:
o Incorrect: While remediation is necessary, it should occur after the
system has been quarantined to prevent further spread of the
ransomware.
* C. Educate the system user:
o Incorrect: While user education is important for preventing future
incidents, it is not the immediate action needed when ransomware is
suspected.
* D. Quarantine the system:
o Correct: The first step is to isolate or quarantine the system to prevent
further spread of the ransomware.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which of the following is an example of MFA?
A. Fingerprint scan and retina scan
B. Password and PIN
C. Username and password
D. Smart card and password

A

D. Smart card and password

Breakdown of Each Choice:
* A. Fingerprint scan and retina scan:
o Incorrect: Both are “something you are” (biometric factors) and do
not represent different types of authentication factors.
* B. Password and PIN:
o Incorrect: Both are “something you know” and do not represent
different types of authentication factors.
* C. Username and password:
o Incorrect: A username is not an authentication factor, and a password
alone is a single factor.
* D. Smart card and password:
o Correct: Combines “something you have” (smart card) and “something
you know” (password), representing true MFA

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

A technician is hardening a company file server and needs to prevent unauthorized
LAN devices from accessing stored files. Which of the following should the
technician use?
A. Software firewall
B. Password complexity
C. Antivirus application
D. Anti-malware scans

A

A. Software Firewall

Software Firewall: Implement a software firewall to control network traffic and
restrict access to authorized devices. Firewalls can block incoming and outgoing
connections based on predefined rules, enhancing security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

A user reports that an Android mobile device takes a long time to boot, and all
applications crash when launched. The user installed the applications from a thirdparty website. Which of the following steps should the technician complete to
diagnose the issue?
A. Scan the system for malware.
B. Clear the web browser cache.
C. Enroll the device in an MDM system.
D. Confirm the compatibility of the applications with the OS.

A

A. Scan the system for malware

Explanation:
Installing apps from third-party websites can introduce malware, causing slow boot
times and crashes. Scanning for malware addresses this issue.
Breakdown of Each Choice:
* A. Scan the system for malware:
o Correct: Targets malware, which is likely causing the problems.
* B. Clear the web browser cache:
o Incorrect: Does not address malware or performance issues.
* C. Enroll in an MDM system:
o Incorrect: Not relevant to immediate malware issues.
* D. Confirm app compatibility:
o Incorrect: Compatibility issues wouldn’t cause slow boot times or crash
all apps.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

A technician is setting up a SOHO router in a user’s home. The user wants the
router to be configured to prevent access to malicious content and apply internet
access protection. Which of the following settings should the technician configure?
A. Port forwarding
B. Content filtering
C. Firmware updates
D. DHCP reservations

A

B. Content Filtering

Explanation:
Content filtering is a feature that allows a router to block access to certain websites
or types of content, such as malicious sites, providing a layer of internet access
protection.

Breakdown of Each Choice:
* A. Port forwarding:
o Incorrect: Used to direct incoming traffic to specific devices or
services within the network, not for blocking malicious content.
* B. Content filtering:
o Correct: Blocks access to specific websites or content types, helping to
prevent access to malicious content and provide internet protection.
* C. Firmware updates:
o Incorrect: Keeps the router software up to date but does not directly
filter content or block malicious sites.
* D. DHCP reservations:
o Incorrect: Assigns specific IP addresses to devices on the network, not
related to content filtering or internet protection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

A technician has verified a computer is infected with malware. The technician isolates the system and updates the anti-malware software. Which of the following should the technician do next?
A. Run one scan and schedule future scans.
B. Back up the uninfected files and reimage the computer.
C. Restore the clean backup copies of the infected files.
D. Run repeated remediation scans until the malware is removed.

A

D. Run repeated remediation scans until the malware is removed

Explanation:
After isolating and updating the anti-malware software on the infected system, it’s crucial to run multiple scans to ensure complete removal of the malware.

Breakdown of Each Choice:
* A. Run one scan and schedule future scans:
o Incorrect: One scan may not detect all malware, and relying solely on
future scans is insufficient for thorough removal.
* B. Back up uninfected files and reimage the computer:
o Incorrect: Reimaging is drastic and considered only if other remedies
fail, not the immediate next step.
* C. Restore clean backup copies of infected files:
o Incorrect: This doesn’t address the malware on the system; it’s for file
recovery.
* D. Run repeated remediation scans until malware is removed:
o Correct: Multiple scans ensure thorough removal of malware and
verify the effectiveness of the process

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

A user receives a call from someone claiming to be a technical support agent. The caller asks the user to log in to the computer. Which of the following security
measures should the user take to ensure security and privacy?
A. Only accept calls from known people.
B. Disregard any suspicious emails.
C. Update the antivirus software.
D. Enable two-factor authentication.
E. Install a malware scanner.

A

A. Only accept calls from known people.

The user received the call, only answer phone calls if we are expecting a call or
know the individual.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

A user clicks a link in an email. A warning message in the user’s browser states the
site’s certificate cannot be verified. Which of the following is the most appropriate
action for a technician to take?
A. Click proceed.
B. Report the employee to the human resources department for violating company policy.
C. Restore the computer from the last known backup.
D. Close the browser window and report the email to IT security.

A

D. Close the browser window and report the email to IT security.

Explanation:
This action helps prevent potential security breaches and ensures that the
suspicious email is investigated properly. Closing the browser window avoids any
immediate risk, and reporting the email to IT security helps protect the organization
from potential threats.

Breakdown of Each Choice:
* A. Click proceed:
o Incorrect: Proceeding could expose the system to malware or other
security threats.
* B. Report the employee to the human resources department for
violating company policy:
o Incorrect: This may be premature without first addressing the
immediate security concern.
* C. Restore the computer from the last known backup:
o Incorrect: This is unnecessary unless the system is already
compromised, and it does not address the immediate need to report
the suspicious email.
* D. Close the browser window and report the email to IT security:
o Correct: This action prevents potential harm and ensures the incident
is properly investigated.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

An employee has repeatedly contacted a technician about malware infecting a work
computer. The technician has removed the malware several times, but the user’s
PC keeps getting infected. Which of the following should the technician do to
reduce the risk of future infections?
A. Configure the firewall
B. Restore the system from backups.
C. Educate the end user.
D. Update the antivirus program.

A

c. Educate the end user

People are the weakest link.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

A new spam gateway was recently deployed at a small business. However, users still occasionally receive spam. The management team is concerned that users will open the messages and potentially infect the network systems. Which of the
following is the most effective method for dealing with this issue?
A. Adjusting the spam gateway
B. Updating firmware for the spam appliance
C. Adjusting AV settings
D. Providing user training

A

D. Providing user training

Explanation:
User training is the most effective way to prevent users from opening spam and
infecting the network.
Breakdown of Each Choice:
* A. Adjusting the spam gateway: Improves filtering but won’t catch all spam.
* B. Updating firmware for the spam appliance: Ensures optimal
performance but doesn’t address user behavior.
* C. Adjusting AV settings: Helps detect malware but doesn’t prevent
interaction with spam.
* D. Providing user training: Educates users on handling spam, reducing
infection risk.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

After a security event, a technician removes malware from an affected laptop anddisconnects the laptop from the network. Which of the following should the technician do to prevent the operating system from automatically returning to an infected state?
A. Enable System Restore.
B. Disable System Restore.
C. Enable antivirus.
D. Disable antivirus.
E. Educate the user.

A

B. Disable System Restore

Explanation:
Disabling System Restore prevents the operating system from reverting to a
previous restore point that might still contain the malware, thus avoiding
reinfection.

Breakdown of Each Choice:
* A. Enable System Restore: Could reintroduce malware if infected restore
points exist.
* B. Disable System Restore: Prevents reverting to potentially infected
restore points.
* C. Enable antivirus: Important but does not prevent reversion to infected
state.
* D. Disable antivirus: Not advisable; antivirus should be enabled.
* E. Educate the user: Important but does not directly prevent OS from
reverting to an infected state.

17
Q

A user calls the help desk to report that none of the files on a PC will open. The user also indicates a program on the desktop is requesting payment in exchange for file access. A technician verifies the user’s PC is infected with ransomware. Which of the following should the technician do FIRST?

A. Scan and remove the malware.
B. Schedule automated malware scans.
C. Quarantine the system.
D. Disable System Restore.

A

C. Quarantine the system

Explanation:
The first step when dealing with ransomware is to quarantine the system to prevent the malware from spreading to other systems on the network. Quarantining isolates the infected device and reduces further damage or compromise.

Why the Other Options Are Incorrect:
A. Scan and remove the malware:

Malware removal is necessary but should only be performed after the system has been quarantined. Removing the malware prematurely may risk further spread or incomplete containment.
B. Schedule automated malware scans:

Automated scans are preventive measures, not immediate actions for an active infection.
D. Disable System Restore:

While this can prevent reinfection through restore points, it is not the first priority. The immediate concern is containment through quarantine.

18
Q

A help desk technician is troubleshooting a workstation in a SOHO environment that is running above normal system baselines. The technician discovers an unknown executable with a random string name running on the system. The technician terminates the process, and the system returns to normal operation. The technician thinks the issue was an infected file, but the antivirus is not detecting a threat. The technician is concerned other machines may be infected with this unknown virus. Which of the following is the MOST effective way to check other machines on the network for this unknown threat?

A. Run a startup script that removes files by name.
B. Provide a sample to the antivirus vendor.
C. Manually check each machine.
D. Monitor outbound network traffic.

SOHO environment
Above normal system baselines
Unknown executable with a random string name
Antivirus not detecting the threat
Concern about other machines being infected
Looking for the MOST effective way to check other machines.

A

C. Manually check each machine

In a SOHO environment, where the number of machines is relatively small, manually checking each system is the fastest way to detect and address the issue right now. It ensures you can verify the status of each system immediately, without waiting for external analysis (as in Option B).
While providing the file to the antivirus vendor (Option B) is a good long-term solution, manual checks in a small environment will allow for quicker identification of other infected machines.

19
Q

A technician suspects a rootkit has been installed and needs to be removed. Which of the following would BEST resolve the issue?

A. Application updates
B. Anti-malware software
C. OS reinstallation
D. File restore

A

C. OS reinstallation

Explanation:
A rootkit is a type of malware that is deeply integrated into the operating system, making it difficult for anti-malware software to detect and remove. The best way to completely remove a rootkit is to reinstall the operating system. This ensures all traces of the rootkit are eliminated from the system.

Why the Other Options Are Incorrect:
A. Application updates:
Application updates may address vulnerabilities but won’t remove a rootkit once it’s already installed.
B. Anti-malware software:
Anti-malware software may not detect rootkits effectively because they operate at a low level in the system.
D. File restore:
Restoring files will not remove the rootkit, and the infection could reappear after files are restored.

20
Q

A technician is setting up a SOHO wireless router. The router is about ten years old. The customer would like the most secure wireless network possible. Which of the following should the technician configure?

A. WPA2 with TKIP
B. WPA2 with AES
C. WPA3 with AES-256
D. WPA3 with AES-128

A

B. WPA2 with AES

Explanation:
For a SOHO wireless router that is about ten years old, WPA2 with AES is the most secure option that is compatible with older hardware. AES (Advanced Encryption Standard) is a strong encryption protocol, and WPA2 is currently one of the most secure standards available for many devices.

Why the Other Options Are Incorrect:
A. WPA2 with TKIP:
TKIP (Temporal Key Integrity Protocol) is less secure than AES and should be avoided for the most secure network.
C. WPA3 with AES-256:
WPA3 is the most secure standard, but older routers may not support it. AES-256 is an even stronger encryption than AES-128 but might not be supported on older hardware.
D. WPA3 with AES-128:
Although WPA3 with AES-128 is very secure, WPA3 may not be supported by a router that is about ten years old.

21
Q

A user connected a smartphone to a coffee shop’s public Wi-Fi and noticed the smartphone started sending unusual SMS messages and registering strange network activity. A technician thinks a virus or other malware has infected the device. Which of the following should the technician suggest the user do to best address these security and privacy concerns? (Choose two.)
A. Disable Wi-Fi autoconnect.
B. Stay oine when in public places.
C. Uninstall all recently installed applications.
D. Schedule an antivirus scan.
E. Reboot the device.
F. Update the OS

A

A. Disable Wi-Fi autoconnect.
D. Schedule an antivirus scan.

Explanation:
A. Disable Wi-Fi autoconnect: Prevents automatic connection to insecure networks, reducing future risks.
D. Schedule an antivirus scan: Helps detect and remove malware from the device.

Why Others Are Incorrect:
B: Staying offline is impractical and doesn’t address the current infection.
C: Uninstalling apps may help, but doesn’t guarantee malware removal.
E: Rebooting may stop malware temporarily but doesn’t remove it.
F: Updating the OS helps security but doesn’t guarantee immediate malware removal.

22
Q

A workstation is displaying a message indicating that a user must exchange cryptocurrency for a decryption key. Which of the following is the
best way for a technician to return the device to service safely?
A. Run an AV scan.
B. Reinstall the operating system.
C. Install a software firewall.
D. Perform a system restore
E. Comply with the on-screen instructions.

A

B. Reinstall the operating system.

The device is infected with ransomware, which encrypts files and compromises the system.
Reinstalling the OS ensures complete removal of the malware and restores the workstation safely.

Why others are incorrect:
A. Run an AV scan: Won’t decrypt files or ensure full removal.
C. Install a software firewall: Prevents future attacks but doesn’t fix the current infection.
D. Perform a system restore: Ransomware often disables restore points.
E. Comply with instructions: Paying is risky, unethical, and often illegal.

23
Q

A user’s iPhone was permanently locked after several failed log-in attempts. Which of the following authentication methods are needed to restore
access, applications, and data to the device?
A. Fingerprint and pattern
B. Facial recognition and PIN code
C. Primary account and password
D. Recovery contact and recovery key

A

C. Primary account and password.

When an iPhone is permanently locked, restoring access requires signing in with the primary Apple ID account and password associated with the device. This is part of Apple’s Activation Lock feature, designed to prevent unauthorized access or theft. It ensures that only the rightful owner can restore and access the device.

Why the other options are incorrect:
A. Fingerprint and pattern: These methods unlock the device but are not used to restore access after a permanent lock.
B. Facial recognition and PIN code: These are used for regular unlocking, not for restoring a locked device.
D. Recovery contact and recovery key: Apple does not use recovery contacts or keys for iPhone unlocking or data restoration.

24
Q

A customer is accessing a public kiosk in a company’s lobby. Which of the following should be enforced to mitigate the risk of customer data
being accidentally saved to the kiosk?
A. Manually clearing browsing data
B. Private-browsing mode
C. Browser data synchronization
D. Password manager

A

B. Private-browsing mode

Private-browsing mode prevents the browser from saving cookies, browsing history, or form data locally on the kiosk. This reduces the risk of customer data being accidentally stored and accessed by others after the session.

Why the other options are incorrect:
A. Manually clearing browsing data: While effective, it relies on the user to remember to clear the data, which is not foolproof.
C. Browser data synchronization: Syncing data across devices could increase the risk of exposing personal information if the kiosk browser is linked to the customer’s account.
D. Password manager: This helps secure passwords but doesn’t prevent browsing data from being saved.

25
Q

An office is experiencing constant connection attempts to the corporate Wi-Fi. Which of the following should be disabled to mitigate connection
attempts?
A. SSID
B. DHCP
C. Firewall
D. SSD

A

A. SSID

Disabling the SSID (Service Set Identifier) broadcast hides the Wi-Fi network from public view, making it less visible to unauthorized users or devices attempting to connect. This reduces constant connection attempts while still allowing authorized devices to connect by manually entering the SSID.

Why the other options are incorrect:
B. DHCP: Disabling DHCP would stop automatic IP address assignment but would not directly prevent connection attempts to the Wi-Fi network.
C. Firewall: A firewall protects the network from threats but doesn’t prevent connection attempts.
D. SSD: This refers to solid-state drives and is unrelated to Wi-Fi or networking.

26
Q

Which of the following involves sending arbitrary characters in a web page request?
A. SMS
B. SSL
C. XSS
D. VPN

A

C. XSS

Cross-Site Scripting (XSS) involves injecting malicious scripts or arbitrary characters into web page requests or input fields. These scripts are then executed by the web browser of other users viewing the page, potentially compromising data or security.

Why the other options are incorrect:
A. SMS: Refers to Short Message Service for text messaging, unrelated to web page requests or scripting.
B. SSL: Refers to Secure Sockets Layer, a protocol for encrypting communications, not injecting characters.
D. VPN: Refers to Virtual Private Network, used for secure and private network connections, not scripting attacks.

27
Q

A company recently outsourced its night-shift cleaning service. A technician is concerned about having unsupervised contractors in the building. Which of the following security measures can be used to prevent the computers from being accessed? (Choose two.)
A. Implementing data-at-rest encryption
B. Disabling AutoRun
C. Restricting user permissions
D. Restricting log-in times
E. Enabling a screen lock
F. Disabling local administrator accounts

A

D. Restricting log-in times
E. Enabling a screen lock

Explanation:
D. Restricting log-in times: Prevents user accounts from being accessed during the night shift.
E. Enabling a screen lock: Automatically locks computers when inactive, blocking unauthorized access.

Incorrect Options:
A: Protects data but doesn’t block access to the system.
B: Prevents malware via USB but doesn’t restrict access.
C: Limits permissions but doesn’t stop logins.
F: Reduces risks but doesn’t prevent access.

28
Q

Which of the following types of malicious software is most likely to demand payments in cryptocurrency?
A. Ransomware
B. Keylogger
C. Cryptomining
D. Rootkit

A

A. Ransomeware

Explanation:
Ransomware is a type of malicious software that encrypts a victim’s data and demands payment, often in cryptocurrency, to unlock it. Cryptocurrency is commonly used due to its anonymity and ease of transfer.

Why the other options are incorrect:
B. Keylogger: Records keystrokes to steal sensitive information but does not demand payments.
C. Cryptomining: Uses a system’s resources to mine cryptocurrency for the attacker but does not request payments.
D. Rootkit: Provides unauthorized access to a system and hides malicious activities but does not typically demand payments.

CompTIA A+ 1102 (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions