CompTIA A+ Core 2 > test 1 > Flashcards
test 1 Flashcards
A technician has recently removed malware from a Windows computer,
but the technician is concerned that some of the system files may have
been modified. From the command line, analyze and repair any damaged
operating system files
sfc /scannow
how many steps are there in the malware removal process?
7
what is the first task when removing malware?
Identify malware symptoms
what is the second task when removing malware from a system?
Quarantine infected systems
what is the third task when removing malware from a system?
Disable system restore
what is the fourth task when removing malware from a system?
Remediate
what is the fifth task when removing malware from a system?
Schedule scans and run updates
what is the sixth task when removing malware from a system?
Enable system restore
what is the seventh task when removing malware from a system?
Educate the end user
list all seven steps of malware removal
1 Identify malware symptoms 2 Quarantine infected systems 3 Disable System Restore 4 Remediate 5 Schedule scans and run updates 6 Enable System Restore 7 Educate the end user
Give a description of the following technologies: EULA
The EULA (End User Licensing Agreement) determines how the software can be used by the end user. The user will commonly be required to agree to the terms of the EULA before the software can be installed.
e.g. Software can be used on one computer and one copy can be stored for backup purposes.
Give a description of the following technologies: PII
PII (Personally Identifiable Information) is any data that could be associated
with an individual. For example, your name, address, phone number, and email
address are considered PII.
A database includes all client first names, last
names, and home addresses.
Give a description of the following technologies: PCI DSS
PCI DSS (Payment Card Industry Data Security Standard) is a set of objectives created by the credit card industry to ensure that financial transaction data is stored and transmitted securely.
Any credit card numbers stored locally must
be encrypted.
Give a description of the following technologies: FOSS
FOSS (Free and Open Source) software is distributed for free and usually
includes access to the source code of the application.
The software includes source code and can be distributed at no cost.
Give a description of the following technologies: GDPR
The GDPR (General Data Protection Regulation) is a regulation that controls data protection and privacy for individuals in the EU.
European Union citizens can request to have all personal data removed.
Give a description of the following technologies: PHI
PHI (Protected Health Information) is any healthcare data that can be
associated with an individual.
All blood test results are stored on laboratory file servers.
A user needs to access a file located on the \gate-room server. The file is
located in a share called ship-diagnostics. Use the command line to
connect to this share using drive g:.
NET USE G: \GATE-ROOM\SHIP-DIAGNOSTICS
The Windows net use command is used to map a network share to a drive
letter. The syntax is: net use drive: \servername\sharename
Give a description of what this command does: taskkill
The Windows taskkill command will terminate tasks by process id (PID) or by
the name of the executable.
e.g. Terminate a process by PID
Give a description of what this command does: diskpart
Diskpart (Disk Partitioning) provides command line access to disk and
partition configuration settings.
List the volume names on a storage drive.
Give a description of what this command does: dism
The dism (Deployment Image Servicing and Management tool) utility is used to manage Windows Imaging Format (WIM) files.
Make changes to a WIM image.
Give a description of what this command does: chkdsk
The chkdsk (Check Disk) command can fix logical file system errors and locate and recover data from bad sectors on a hard drive.
Repair logical file system errors.
Give a description of what this command does: gpresult
The gpresult (Group Policy Results) utility allows the domain administrator to verify policy settings for a computer or user.
Verify group policy settings for a user.
A user has opened a help desk ticket regarding the battery life on their
mobile phone. The battery in the phone held a charge for most of the day
prior to connecting to the corporate network. The battery now only lasts
about half a day and the back of the phone is warmer than usual.
The phone is configured as follows:
Storage: 116.2 GB of 256 GB used
Display and Brightness: Automatic
Wi-Fi: Enabled
Auto-lock: Disabled
VPN: Not connected
Low Power Mode: Disabled
Battery Maximum Capacity: 100%
Which of the following changes would have the BEST impact on
battery performance?
❍ A. Enable auto-lock
❍ B. Connect to the VPN
❍ C. Increase available storage space
❍ D. Disable Wi-Fi
The Answer: A. Enable auto-lock
The backlight of a mobile phone requires constant battery use, and the
phone in an active state will use more battery than one that is locked or in
a standby state.
The incorrect answers:
B. Connect to the VPN
Connecting to a VPN would most likely increase the amount of battery
used due to the encryption and decryption that would need to occur.
C. Increase available storage space
The battery life on a phone is not based on the amount of storage space in
use. Increasing storage space would not extend the life of the battery.
D. Disable Wi-Fi
Wi-Fi does not have a significant impact on battery performance when
compared to the screen backlight and active phone services
Which of the following governmental policies manages the use of
personal data?
❍ A. PCI DSS
❍ B. EULA
❍ C. GDPR
❍ D. FOSS
The Answer: C. GDPR
GDPR (General Data Protection Regulation) is a European regulation
that provides data protection and privacy for individuals in the European
Union.
The incorrect answers:
A. PCI DSS
PCI DSS (Payment Card Industry Data Security Standard) is a set of
guidelines for protecting credit card data. PCI DSS are industry guidelines
and are not directly associated with governmental regulation.
B. EULA
EULA (End User Licensing Agreement) determines how software can be
used by the end user. This agreement is not a governmental policy.
D. FOSS
FOSS (Free and Open Source) software is freely available and commonly
includes the source code of the software. FOSS is not associated with a
governmental policy.
What is the maximum amount of RAM supported by a 32-bit version of an operating system? ❍ A. 4 GB ❍ B. 8 GB ❍ C. 16 GB ❍ D. 192 GB
The Answer: A. 4 GB
The limited address space of a 32-bit operating system can only support
4 GB of system memory.
The incorrect answers:
B. 8 GB
A 32-bit operating system hits a limit at 4 GB of addressable memory.
Although there are some techniques to work around this 4 GB limitation,
they’re not often implemented in practice.
C. 16 GB
4 GB is the limit for 32-bit operating systems.
D. 192 GB
192 GB would be well over the limit for 32-bit operating systems.
More information:
220-1002, Objective 1.1 - Operating Systems Overview
https://professormesser.link/1002010101
A system administrator has created a shared folder on a server to store
operating system images. Technicians will access the shared folder
to download the latest images when performing large-scale system
installations. Which of the following will be the MOST likely method of
accessing this data?
❍ A. Map the shared folder to an available drive letter
❍ B. Download the shared folder through a proxy
❍ C. Link the images to a cloud storage service
❍ D. Access the folder using a remote access client
The Answer: A. Map the shared folder to an available drive letter
The easiest and most efficient way for technicians to access the drive share
is to map a drive letter to the share and transfer the files directly.
The incorrect answers:
B. Download the shared folder through a proxy
There’s no mention of a proxy in the question, and adding a proxy to this
process would not provide any additional features or benefits.
C. Link the images to a cloud storage service
Operating system images are relatively large, and transferring them to an
external cloud-based service would add additional time and bandwidth to
resources that are already located on a local file server.
D. Access the folder using a remote access client
The installation of an operating system requires direct access to the
installation files, and a remote access client would not provide direct
access to the files.
A help desk technician has been called to a training room that uses
Android tablets as presentation devices. An application used for
the training program will not start on any of the tablets. When the
application is selected, the splash screen appears for a moment and then
completely disappears with no error message. Which of the following
would be the best NEXT troubleshooting step?
❍ A. Install all operating system updates
❍ B. Uninstall the application
❍ C. Power cycle the tablets
❍ D. Roll back to the previous application version
The Answer: C. Power cycle the tablets
Before making any changes to the operating system or application
software, it would be useful to know if power cycling the tablets would
have an effect. If the symptom was to disappear after the restart, then no
immediate changes would be required.
The incorrect answers:
A. Install all operating system updates
Making a change to the system without understanding the issue would
be a blind guess. It would be a better practice to gather more information
about the problem before making changes.
B. Uninstall the application
Uninstalling the application would make it very difficult to troubleshoot
the application, and it’s not the best possible option before gathering more
information about the problem.
D. Roll back to the previous application version
A technician wouldn’t want to make significant changes to the application
or the operating system until they knew more about the problem and tried
to resolve the issue without installing or uninstalling any software.
Give a description of what this command does: dd
The Linux dd command is used to copy and convert files. It’s commonly
used to backup and restore an entire Linux partition as a disk image.
A Linux administrator needs to create a system image of a laptop used
by the help desk for network troubleshooting. Which of the following
utilities would provide this functionality?
❍ A. dd
❍ B. sudo
❍ C. ifconfig
❍ D. apt-get
The Answer: A. dd
The Linux dd command is used to copy and convert files. It’s commonly
used to backup and restore an entire Linux partition as a disk image.
The incorrect answers:
B. sudo
The sudo command allows a Linux user to execute a command as the
superuser or as any other user on the system. The sudo command on its
own does not provide any backup or imaging functionality.
C. ifconfig
The Linux ifconfig command is similar in function to the Windows
ipconfig command. The output of ifconfig will display network interface
and IP address configuration details.
D. apt-get
The Linux apt-get is an Advanced Packaging Tool command that handles
the management of application packages on the system.
A user has delivered a broken laptop to the help desk, and he’s visibly
upset and quite vocal about the problem he’s having. He’s also asking for
a very specific repair that doesn’t appear to have any relationship to his
issue. What’s the best way to handle this situation?
❍ A. Repeat your understanding of the issue to the customer and
provide an estimate and follow-up time
❍ B. Refuse the repair until the customer calms down
❍ C. Inform the customer of his mistake with the proposed repair
❍ D. Refuse to make any commitments until the computer is examined
The Answer: A. Repeat your understanding of the issue to the customer
and provide an estimate and follow-up time
The best response in a stressful situation is to listen, ask questions, and
refrain from arguing or acting defensive. In this situation, the technician
should gather as much information about the problem and keep all
responses focused on resolving the problem.
The incorrect answers:
B. Refuse the repair until the customer calms down
It’s always preferable to avoid any comments that would be associated with
emotion. Technical problems can be stressful enough on their own, and
adding additional stress is not going to help repair the system.
C. Inform the customer of his mistake with the proposed repair
This isn’t a game, and there are no winners or losers. The technician will be
left to resolve the issue, regardless of the root cause. It’s not necessary to
comment or speculate on any proposed repair process.
D. Refuse to make any commitments until the computer is examined
The technician is ultimately responsible for resolving the issue,
and it would help everyone involved to maintain a constant line of
communication.
A user has reported that all Google search results in their Internet
browser are displaying a non-Google website. This redirection occurs each
time a Google search is attempted. Which of the following would be the
BEST way to prevent this issue in the future?
❍ A. Windows Firewall
❍ B. MAC filtering
❍ C. Port security
❍ D. Certificate-based authentication
❍ E. Anti-malware utility
The Answer: E. Anti-malware utility
A browser hijack is a very specific attack type that is commonly the result
of a malware infection.
The incorrect answers:
A. Windows firewall
The Windows firewall is useful for preventing inbound connections, but
most malware is installed by the user. This installation process circumvents
the firewall and it’s the reason we rely on both a firewall and anti-malware
software.
B. MAC filtering
MAC filtering is commonly used on a network device to limit which
devices can communicate on a network. MAC filtering would not be
related to a browser hijack.
C. Port security
Port security prevents unauthorized users from connecting to a switch
interface. Port security is not associated with a browser hijack.
D. Certificate-based authentication
Certificate-based authentication provides a method to verify a user during
the authentication process. This authentication mechanism is not related
to browser hijacking.
Give a description of what this command does: msconfig
The msconfig (System Configuration) command is useful for managing
the startup process of services. Prior to Windows 8.1, System
Configuration can also be used to manage applications during the startup
process.
A server administrator is replacing the memory in a database server.
Which of the following steps should be followed FIRST?
❍ A. Remove the existing memory modules
❍ B. Wear an air filter mask
❍ C. Disconnect all power sources
❍ D. Connect an ESD strap
The Answer: C. Disconnect all power sources
The first step when working inside of a computer or printer is to remove
all power sources.
The incorrect answers:
A. Remove the existing memory modules
Prior to removing the existing modules, the power source would need
to be disconnected and an ESD strap would need to be attached to the
computer case.
B. Wear an air filter mask
A filtered mask would not commonly be required for replacing memory
modules. If the environment is very dusty or dirty, then a filtered mask
may be necessary.
D. Connect an ESD strap
An ESD (Electrostatic Discharge) strap would allow the technician
to minimize the potential of an electrostatic discharge. However,
disconnecting the power source takes a higher priority
A technician is dismantling a test lab for a recently completed project,
and the lab manager would like to use the existing computers on a new
project. However, the security administrator would like to ensure that
none of the data from the previous project is accessible on the existing
hard drives. Which of the following would be the best way to accomplish this?
❍ A. Quick format
❍ B. Deguass the drives
❍ C. Regular format
❍ D. Reinstall the operating system
The Answer: C. Regular format
A standard Windows format with the regular formatting option
overwrites each sector of the drive with zeros. After this format is
complete, the previous data on the drive is unrecoverable.
The incorrect answers:
A. Quick format
A standard Windows format with the quick format option clears the
master file table, but it doesn’t overwrite any data on the drive. With the
right software, the previous data could be recovered.
B. Degauss the drives
Degaussing the drives would remove the magnetic fields necessary for
the drives to work properly. Although this would make the previous data
unrecoverable, it would also cause the hard drives to be unusable.
D. Reinstall the operating system
Reinstalling the operating system may not overwrite any of the previous
user data on the drive. Recovery software would be able to identify and
“undelete” the previous drive data.
Which of the following technologies would be the best choice to boot
computers in a training room over the network?
❍ A. MBR
❍ B. NTFS
❍ C. Dual boot
❍ D. PXE
The Answer: D. PXE
PXE or “Pixie” (Preboot eXecution Environment) is a method of booting
a computer from a device over the network instead of from operating
system files on a local storage device. This method is especially useful when
managing large groups of devices, such as a training room.
The incorrect answers:
A. MBR
MBR (Master Boot Record) describes the information contained on the
first sector of a drive. MBR is not used to boot devices across the network.
B. NTFS
NTFS (NT File System) is a file system designed for Windows
computers. Although a system may store files using NTFS, the file system
does not include any features that would allow it to be booted over the
network.
C. Dual boot
A dual boot system contains a storage device with multiple operating
systems, and each operating system can be individually selected and
booted when starting the computer.
Give a description of the following technologies: PXE
PXE or “Pixie” (Preboot eXecution Environment) is a method of booting
a computer from a device over the network instead of from operating
system files on a local storage device. This method is especially useful when
managing large groups of devices, such as a training room.
Which of these OS installation types uses an XML file that answers all of
the questions normally provided during the installation?
❍ A. Unattended
❍ B. Image
❍ C. PXE
❍ D. Clean
The Answer: A. Unattended
An unattended Windows installation requires the administrator to answer
the normal installation questions in a single XML file. This allows the
installation process to continue from the beginning to end without any
user intervention.
The incorrect answers:
B. Image
A system image is a complete backup of a volume or drive. The process for
installing a system image is to copy the entire contents of the image to the
drive of the computer. The normal operating system setup is not used, so
an XML file would not answer installation questions.
C. PXE
PXE, or “Pixie,” (Preboot eXecution Environment) is a method of booting
a computer across the network. Booting with PXE does not answer files
during an operating system installation.
D. Clean
A clean install is used to completely replace an existing operating system
with a fresh version. Although this can be used with an unattended
answer file, a clean installation by itself does not include an XML file with
answers to installation questions.
A user purchased a copy of home tax software and has installed it on their
company computer. This morning, the user logs in and finds that the tax software has been automatically removed from the system. Which of the following would be the MOST likely reason for this result?
❍ A. The company per-seat licenses are all in use
❍ B. The software uses a FOSS license
❍ C. The user has installed a personal license
❍ D. The software is subject to the GDPR
The Answer: C. The user has installed a personal license
Personally licensed software can be difficult to audit on computers that are
owned by a company, and many organizations will not allow software to
be installed on company-owned systems if the company has not purchased
the license.
The incorrect answers:
A. The company per-seat licenses are all in use
This home tax software is not owned by the company, so the company
would not have per-seat licenses to distribute.
B. The software uses a FOSS license
A FOSS (Free and Open Source) license would not cause any licensing
issues, and many companies will install FOSS software on their systems.
D. The software is subject to the GDPR
The GDPR (General Data Protection Regulation) are rules in the
European Union that are specific to a user’s control of their personal data.
The GDPR regulations would not be the most likely reason for removing
this software.
A workstation on a manufacturing floor is taking much longer than
normal to boot. Which of the following would be the BEST way to
troubleshoot this issue?
❍ A. Replace the CPU
❍ B. Disable the startup applications
❍ C. Upgrade the RAM
❍ D. Install the latest OS patches
The Answer: B. Disable the startup applications
Delays during the boot process can be caused by many issues, but a device
that was previously working properly most likely has been changed. A
single application install can create issues, so disabling startup applications
would be an easy way to remove those from the troubleshooting process.
The incorrect answers:
A. Replace the CPU
If the CPU was faulty, the computer would most likely not be operational.
C. Upgrade the RAM
Upgrading RAM can often resolve application performance issues, but this
computer was previously working with the existing amount of memory.
D. Install the latest OS patches
It’s possible that problems might occur after an OS patch update, but it
would not be most likely that these issues would occur prior to patching.
Without knowing more about the issue, it would not be a best practice to
make such a significant change to the system.
A technician has been assigned a support ticket that urgently requests a
laptop repair, but there are already many open support tickets ahead of
this request. The technician doesn’t recognize the name associated with
the ticket. Which of these choices would be the best path to take?
❍ A. Place the ticket into the queue as first-come, first-served
❍ B. Prioritize the support tickets by device type
❍ C. Triage the queue and prioritize the tickets in order of repair complexity
❍ D. Contact the end-user and determine the urgency of the repair
The Answer: D. Contact the end-user and determine the urgency of the repair
A support ticket marked as “urgent” should be evaluated to determine the
timeframe for resolving the issue and the complexity of the task. If the end
user feels that the issue is time-sensitive, then it’s important to contact
them and see what options might be available to get them up and running
as quickly as possible.
The incorrect answers:
A. Place the ticket into the queue as first-come, first-served
Not all support tickets have the same priority, and it’s the responsibility of
the technician to properly triage the cases to handle the most critical first.
It will usually involve some communication with the client to determine
the scope of the issue.
B. Prioritize the support tickets by device type
The urgency of a technical issue isn’t determined by the type of the device.
Instead, the priority of issues should be based on the needs of the end user
and the importance of their task.
C. Triage the queue and prioritize the tickets in order of repair complexity
The complexity of a repair doesn’t consider the importance of the repair
to the organization’s goals and objectives. An executive going into an
important presentation may have a simple problem, but their issue has
greater importance to the organization.
A user has received a pop up message on their computer that states
applications on their computer are infected with a virus. A technician has
determined that the pop up message is a hoax that needs to be removed
from the computer. The technician has disabled System Restore to remove
all previous restore points. Which of the following tasks would be the best
NEXT step?
❍ A. Update the anti-virus signatures
❍ B. Educate the end-user
❍ C. Schedule anti-virus scans for midnight each day
❍ D. Boot the system with a pre-installation environment
The Answer: A. Update the anti-virus signatures
After disabling system restore, the next step in virus removal is to
remediate the system. To remove the malware, it’s important the
technician is using the latest set of signatures.
The incorrect answers:
B. Educate the end-user
This is one of the most important tasks for malware removal, but it’s
usually reserved for the final step when there’s no longer any urgency to
remove the malware.
C. Schedule anti-virus scans for midnight each day
Once the virus is removed, the system should be configured for ondemand scanning and additional scans each day. However, this would not
immediately follow the disabling of System Restore.
D. Boot the system with a pre-installation environment
A pre-installation environment may be required for more difficult
virus removal tasks, but this would only occur after the latest anti-virus
signatures were downloaded and installed
A network administrator needs to manage a switch and firewall at a
remote location. Which of the following would be the BEST choice for
this requirement?
❍ A. RDP
❍ B. Telnet
❍ C. SSH
❍ D. VNC
The Answer: C. SSH
SSH (Secure Shell) provides encrypted console communication, and it’s
commonly used to manage devices across the network. If an
administrator is managing a server, switch, router, or firewall, they’re
probably using SSH.
The incorrect answers:
A. RDP
Microsoft RDP (Remote Desktop Protocol) is commonly used to share
the desktop of a Windows computer. Most switches and firewalls are
not Windows devices, so RDP would not be the best choice for this
connection.
B. Telnet
Telnet (Telecommunication Network) is very similar to SSH, but Telnet
does not use encrypted communication. Because Telnet traffic is sent in
the clear, it’s not a good choice for most networks. Don’t use Telnet!
D. VNC
VNC (Virtual Network Computing) is a screen sharing technology that
is common to many non-Windows operating systems. If a technician is
sharing the screen of a macOS or Linux desktop, they may be using VNC.
Jack, a user, has opened a help desk ticket relating to email messages he’s
receiving. The messages appear to be replies to a message that Jack did
not send. Most of the messages contain information about third-party
product promotions and sales information. Which of the following is the
MOST likely cause of these messages?
❍ A. Man-in-the-middle
❍ B. Corrupted email database
❍ C. Adware
❍ D. Hijacked email
The Answer: D. Hijacked email
Of the available options, the most likely reason for these unusual email
replies is a hijacked email account. An attacker that gains access to an
email account can send spam, read messages, and effectively control
all emails associated with the account. Common responses to an email
hijacking are to change the passwords associated with the account and
scan for malware.
The incorrect answers:
A. Man-in-the-middle
A man-in-the-middle attack would include a third-party that was
intercepting and potentially modifying network data. In this situation,
there’s no evidence that a third-party is intercepting any network
communication.
B. Corrupted email database
A corrupted email database would cause the user’s emails to be unreadable
or would cause messages to be missing. Most email platforms will
recognize a corrupted database and would not allow the user to access
their mailbox.
C. Adware
Adware would show advertising and sales messages to the infected user
and would not commonly send email messages to other users.
A malware infection has recently been removed from a computer. When
starting the operating system, Windows shows errors during the startup
process indicating some core operating system files are missing. Which of
the following should be used to restore these missing files?
❍ A. gpupdate
❍ B. dism
❍ C. sfc
❍ D. diskpart
The Answer: C. sfc
The sfc (System File Checker) command is used to scan and replace
any core operating system files that may be corrupted or missing. It’s
common to run the sfc utility after removing malware or after a significant
operating system issue.
The incorrect answers:
A. gpupdate
The gpupdate (Group Policy Update) command is used to force a Group
Policy update to computers in a Windows Active Directory domain. The
gpupdate command would not restore any missing operating system files.
B. dism
The dism (Deployment Image Servicing and Management) tool is used to
make changes to Windows Imaging Format (WIM) files. This question
did not specify that the computer was using a WIM file, so the dism utility
would not be the best choice to restore any missing files.
D. diskpart
An administrator can manage disk configurations and partitions with the
Windows diskpart utility. The diskpart utility is not used to restore or
modify files within the Windows operating system.
A desktop administrator has determined that an employee in the
corporate office has been using their computer to share copyrighted
materials to others on the Internet. Which of the following should be the
best NEXT step?
❍ A. Create a firewall rule to block Internet access to this computer
❍ B. Create a hash for each file that was shared
❍ C. Compile a list of licenses for each set of copyrighted materials
❍ D. Retrieve and securely store the computer
The Answer: D. Retrieve and securely store the computer
When a security incident has occurred, it’s important to securely collect
and store any evidence. The computer that was used to share copyrighted
materials should be collected and stored until the proper authorities can
take control of this evidence.
The incorrect answers:
A. Create a firewall rule to block Internet access to this computer
Creating a firewall rule would stop anyone from accessing the computer,
but it wouldn’t stop the user from modifying or deleting files and evidence
from the PC.
B. Create a hash for each file that was shared
Although creating hashes of the files may be part of the evidence
gathering process, the immediate need is to impound and protect the data
on the system used in this event.
C. Compile a list of licenses for each set of copyrighted materials
The determination of copyright is part of the process that will occur later.
The more important task will be to collect the evidence and protect its
integrity.
A network consulting firm is creating a proposal to upgrade the Internet
firewalls for a large corporation. The proposal includes a description of
the project and the network topology changes that would be required
to support the upgrade. The proposal also describes the risks involved in
the process of making this upgrade. Which of the following should be
covered NEXT in the proposal?
❍ A. End-user approvals
❍ B. Backout plan
❍ C. Change control application
❍ D. Detailed upgrade plan
The Answer: D. Detailed upgrade plan
Before working through the remaining change control steps, it’s important
to have a detailed explanation of the steps that will be required to
complete the change. This detailed plan will provide decision-making
information to the change control board and provide the information
needed to create a backout plan.
The incorrect answers:
A. End-user approvals
Without a detailed plan, it’s difficult to determine who the end users are.
Since the end-user approvals are required to continue with the change
control process, the detailed plan will need to be created first.
B. Backout plan
A backout plan can’t be created until you know the specific changes that
are planned.
C. Change control application
The change control committee will need specific details about the
proposed changes so they can understand the scope of what they are
approving.
A data center manager requires each server to maintain at least fifteen
minutes of uptime during a power failure. Which of these would be the
BEST choice for this requirement?
❍ A. Cloud-based storage
❍ B. UPS
❍ C. Redundant power supplies
❍ D. Surge suppressor
The Answer: B. UPS
A UPS (Uninterruptible Power Supply) provides short-term backup
power if a power outage or low-voltage situation was to occur.
The incorrect answers:
A. Cloud-based storage
The use of cloud-based storage does not provide any server uptime if a
power outage occurs.
C. Redundant power supplies
Some servers might use redundant power supplies to maintain uptime if
one of the power supplies was to fail. If there’s a power outage, then none
of the power supplies will be working properly.
D. Surge suppressor
A surge suppressor will protect a computer from spikes and noise, but it
won’t provide any uptime if the primary power source was to fail.
Give a description of the following technologies: UPS
A UPS (Uninterruptible Power Supply) provides short-term backup power if a power outage or low-voltage situation was to occur.
A system administrator has booted a computer using PXE. Which of the
following would be the MOST likely reason for this task?
❍ A. Monthly OS patch install
❍ B. OS installation from a network drive
❍ C. Boot to Safe Mode
❍ D. Control the computer remotely
The Answer: B. OS installation from a network drive
PXE (Preboot eXecution Environment), or “Pixie,” is a method of booting
a computer from an image file located on a network server. One common
use of PXE boots are to install an operating system across many systems at
the same time.
The incorrect answers:
A. Monthly OS patch install
It’s not necessary to boot from a network drive to install the monthly
Microsoft operating system patches.
C. Boot to Safe Mode
Booting into Safe Mode can be managed on a local computer without the
requirement of booting across the network using PXE.
D. Control the computer remotely
Remote control or remote desktop functionality is managed with
applications on the operating system. It is not necessary to boot with PXE
to control a device remotely
A business partner in a different country needs to access an internal
company server during the very early morning hours. The internal firewall
will limit the partner’s access to this single server. Which of these would
be the MOST important security task to perform on this server?
❍ A. Install the latest OS patches
❍ B. Remove the server from the Active Directory domain
❍ C. Use only 64-bit applications
❍ D. Run a weekly anti-virus scan
The Answer: A. Install the latest OS patches
This system will be used during non-working hours from a location that
is not part of your organization, so keeping the operating system secure
will be important. Maintaining an aggressive patching schedule will ensure
that any known vulnerabilities are always removed before they could
possibly be exploited.
The incorrect answers:
B. Remove the server from the Active Directory domain
An Active Directory domain allows a domain administrator to centrally
manage security policies and to provide ongoing monitoring of a device.
The server would be less secure if it were removed from the AD domain.
C. Use only 64-bit applications
There’s no enhanced security with 64-bit applications, so ensuring the use
of those applications wouldn’t provide any significant security advantages.
D. Run a weekly anti-virus scan
The concern with this server is that it will be accessed by unknown thirdparties from the partner’s network. Running an anti-virus scan every week
would not provide any significant security benefit, and would probably be
delivered too late to be of use.
A Linux administrator has been asked to upgrade the web server software
on a device. Which of the following would provide the administrator with
the appropriate rights and permissions for this upgrade?
❍ A. chmod
❍ B. apt-get
❍ C. ifconfig
❍ D. sudo
The Answer: D. sudo
The sudo (superuser do) command will execute a command as
the superuser or any other user on the system. When performing
administrative tasks such as upgrading software, it’s often necessary to use
elevated rights and permissions.
The incorrect answers:
A. chmod
The chmod (change mode) command will modify the read, write, and
execution permissions for a file system object. The mode of a file or folder
would not commonly need to be modified during an upgrade.
B. apt-get
The apt-get (Advanced Packaging Tool) command is used to manage
application packages and software upgrades. The apt-get command does
not provide any additional rights and permissions, however.
C. ifconfig
The ifconfig (Interface Configuration) command displays or configures a
network interface and IP address configuration. No rights or permissions
are provided through the ifconfig command.
A network administrator is configuring a wireless network at a small
office. The administrator would like to allow wireless access for all
computers but exclude a single kiosk in the lobby. Which of the following
configuration settings would meet this requirement?
❍ A. SSID suppression
❍ B. Content filtering
❍ C. Static IP addressing
❍ D. WPS
❍ E. MAC filtering
The Answer: E. MAC filtering
MAC (Media Access Control) address filtering can be configured to
allow or deny access to the network based on the hardware address of
the wireless network adapter. Given the available options, MAC filtering
would be the only way to provide this type of device exclusion.
The incorrect answers:
A. SSID suppression
The SSID (Service Set Identifier) is the name of the wireless network, and
most access points allow the administrator to control the broadcasting of
the network name. This option would not display the name on a list of
available wireless networks, but a device could connect to the network if
the name was already known.
B. Content filtering
Content filtering refers to the control of information inside of an existing
data flow. This commonly controls based on the URLs (Uniform Resource
Locators) associated with websites, allowing the administrator to allow
or deny access to certain categories of online content. This functionality
would not be used to limit wireless network access for a single device.
Practice Exam A - Answers 125
C. Static IP addressing
Static IP addressing would require the administrator to manually assign IP
addresses to all of the devices on the network, but this manual assignment
is not a security feature and would not necessarily restrict access to the
network from any device.
D. WPS
WPS (Wi-Fi Protected Setup) is a configuration option on a wireless
access point that is designed to make it easier for other devices to connect
to the network. The use of WPS does not provide a way to limit or restrict
wireless network access if a device already has the proper credentials.
A security administrator has received an alert that a user’s workstation in
the shipping department has attempted to communicate to a command
and control server for a well-known botnet. The logs on the workstation
show that the user manually installed a new Internet browser the
previous day. Which of the following would be the BEST next step for
troubleshooting this issue?
❍ A. Uninstall the new browser
❍ B. Backup the user’s documents
❍ C. Roll back to a previous restore point
❍ D. Disable the user’s account
The Answer: D. Disable the user’s account
The first step after identifying a malware infection is to quarantine the
system. This would include removing the system from the network and
preventing the user’s account from accessing other network resources.
The incorrect answers:
A. Uninstall the new browser
Once the new browser was installed, the malware undoubtedly made
significant changes to the user’s operating system. Uninstalling the
browser would not remove the existing malware infection.
B. Backup the user’s documents
Although it will be important to preserve as much of the data as possible,
performing a backup of the user’s documents would not be the best next
step given the available options.
C. Roll back to a previous restore point
If the system is infected with malware, then it’s very likely that the
previous restore points have also been infected. Rolling back to a previous
restore point will most likely not remove the malware.
A technician is installing a new wireless network in a small remote office.
Which of the following should the technician choose to provide the
highest level of security on the network?
❍ A. WPA2
❍ B. MAC filtering
❍ C. Static IP addressing
❍ D. SSID suppression
The Answer: A. WPA2
WPA2 (Wi-Fi Protected Access 2) encryption is used to protect the
data transmitted over the wireless network. WPA2 or similar encryption
would be considered to be the highest level of data protection on a wireless
network.
The incorrect answers:
B. MAC filtering
MAC (Media Access Control) filtering is used to allow or deny access
to the network based on the hardware address of the wireless adapter.
However, MAC filtering can be easily circumvented and is not considered
a security feature.
C. Static IP addressing
Static IP address would require the network administrator to manually
assign IP addresses to the network devices. Static IP addressing does not
provide any security features.
D. SSID suppression
SSID (Service Set Identifier) suppression will prevent the name of the
wireless network from appearing in lists of available networks. SSID
suppression does not prevent someone from connecting to the network if
they already know the name, and it’s not considered a security feature
Give a description of the following technologies: PXE
PXE or “Pixie” (Preboot eXecution Environment) is a method of booting
a computer from a device over the network instead of from operating
system files on a local storage device. This method is especially useful when
managing large groups of devices, such as a training room.
