test 2

Question 1

Describe this command/utility: Services

Answer 1

The Windows Services utility allows the system administrator to start, stop and
manage all of the functions of a background process.

Disable a background process

Question 2

Describe this command/utility: ODBC Data Sources

Answer 2

The ODBC (Open Database Connectivity) Data Sources utility integrates Windows applications with database services.

Create a database link to an external server.

Question 3

A network administrator is troubleshooting an intermittent Internet link
outage to a server at 8.8.8.8. The administrator believes that the outage is
occurring on one of the WAN connections between locations. Use a
Windows network utility that can identify the router that is closest
to the outage

Answer 3

tracert 8.8.8.8

Question 4

Which windows 10 editions include Domain Membership?

Answer 4

Pro and Enterprise

Question 5

Which windows 10 editions include AppLocker

Answer 5

Enterprise

AppLocker allows an administrator to manage which applications can run on
company computers. This feature is only available in Windows 10 Enterprise.

Question 6

Which windows 10 editions include BitLocker

Answer 6

Pro, Enterprise

Question 7

Which windows 10 editions include BranchCache?

Answer 7

Enterprise

Network administrators use BranchCache to store often-used files at a local site
instead of transmitting them across the network each time they’re used. This
feature is only available in Windows 10 Enterprise edition

Question 8

Which windows 10 editions include Hyper-V?

Answer 8

pro, enterprise

Hyper-V allows users to run multiple operating systems as virtual machines in
Windows 10. This feature is included in Windows 10 Pro and higher.

Question 9

A system administrator is concerned that the local Windows file system
may contain logical file system errors. Scan and repair any potential file
system errors from the Windows command line.

Answer 9

sfc /scannow

Question 10

A user runs a corporate app on their smartphone that downloads a
database each time the app is started. This download process normally
takes a few seconds, but today the download is taking minutes to
complete. Which of the following should a technician follow as the best
NEXT troubleshooting step?
❍ A. Disable Bluetooth
❍ B. Run a network speed check
❍ C. Evaluate the app with an app scanner
❍ D. Check the cloud storage resource usage

Answer 10

The Answer: B. Run a network speed check
Delays associated with the downloading process would initially indicate a
problem with the network connection. A speed check would evaluate the
network connectivity and provide a baseline for download speeds.
The incorrect answers:
A. Disable Bluetooth
The Bluetooth radio would not cause a delay in transmitting traffic
across the 802.11 network or cellular network. It’s unlikely that disabling
Bluetooth would provide any change to the download speed.
C. Evaluate the app with an app scanner
This app is a corporate published app, so using a third-party app scanner
to determine the safety and security of the app would be unnecessary.
D. Check the cloud storage resource usage
The resource usage of a cloud storage platform would not cause the delays
with this app.

Question 11

Jack, a user, has opened a help desk ticket to remove malware from his
laptop. A previous removal occurred two weeks earlier with a similar
malware infection. Which of the following was missed during the first
malware removal?
❍ A. Restart the computer
❍ B. Educate the end-user
❍ C. Enable System Protection
❍ D. Quarantine infected systems

Answer 11

The Answer: B. Educate the end-user
Of the available possible answers, this is the only one that would have
resulted in a reinfection if not properly followed. The users aren’t malware
experts, and they may not realize that their actions can have a negative
effect on their system. Spending some quality time explaining antimalware best practices can help prevent future infections.
The incorrect answers:
A. Restart the computer
Restarting the computer is not a necessary step in the malware removal
process, and it wouldn’t cause the computer to be more susceptible to
another malware infection.
C. Enable System Protection
Enabling System Protection after malware has been removed does not
make it more likely to receive another infection.
D. Quarantine infected systems
The quarantine process would prevent other devices from infection.
Missing the quarantine process would not necessarily cause the original
system to become infected again.

Question 12

Which of the following features would be found in Windows 10 
Enterprise but not in Windows 10 Pro? (Choose TWO)
❍ A. Domain membership
❍ B. BitLocker
❍ C. BranchCache
❍ D. Hyper-V
❍ E. Remote Desktop host
❍ F. AppLocker

Answer 12

The Answer: C. BranchCache, and F. AppLocker
BranchCache provides a method of caching data at remote sites to save
time and bandwidth, and AppLocker provides administrative control
of what applications can run in Windows. Both features are available in
Windows 10 Enterprise but not in Windows 10 Pro

Question 13

A local coffee shop has a public wireless network for customers and a
private wireless network for company devices. The shop owner wants to be
sure that customers can never connect to the company network. Which of
the following should be configured on this network?
❍ A. Enable WPS on the customer network
❍ B. Configure WPA2 on the company network
❍ C. Require static IP addresses on the customer network
❍ D. Assign MAC filters to the company network
❍ E. Use a firewall between the customer and corporate network

Answer 13

The Answer: B. Configure WPA2 on the company network
Enabling WPA2 (Wi-Fi Protected Access version 2) would require a
password to connect and would prevent customers from connecting to the
company wireless network

Question 14

A user in the shipping department has logged into the Windows domain.
However, the desktop does not show the user’s normal wallpaper and all
of the user’s spreadsheets and documents in the “My Documents” folder
are missing. Which of these would be the BEST way to restore the user’s
normal work environment?
❍ A. Rename the user’s folder and delete their profile in the registry
❍ B. Boot into Safe Mode and disable all startup applications
❍ C. Add the user to the Administrator group
❍ D. Update to the latest operating system version

Answer 14

The Answer: A. Rename the user’s folder and delete their profile
in the registry
Problems with a user profile causes display problems on the desktop and
user documents to disappear. To recreate the profile, the user’s folder
is deleted and the profile setting in the registry is deleted. Once the
computer is restarted and the user logs in, a new profile will be created.
The incorrect answers:
B. Boot into Safe Mode and disable all startup applications
There’s nothing associated with this issue that would indicate a problem
with a startup application, and it would not be necessary to boot into Safe
Mode if there was an issue with a startup application.
C. Add the user to the Administrator group
The user doesn’t need administrator rights and permissions to load their
own desktop and files. Adding the user to the Administrator group would
not resolve the issue and would create a larger security concern.
D. Update to the latest operating system version
The current version of the operating system should properly load a user’s
profile and their documents. Updating the operating system would be a
significant and unnecessary change

Question 15

Which of the following Windows Share permissions has the priority 
when assigning access on a mapped drive?
❍ A. Allow 
❍ B. Full control
❍ C. List folder contents
❍ D. Deny

Answer 15

The Answer: D. Deny
In Windows shares, the most restrictive setting has priority over all others.
For example, the deny option takes priority over all other permissions.
The incorrect answers:
A. Allow
If a share is configured to deny access, it will take priority over an allow.
B. Full control
The permission option for full control would be configured for allow or
deny access, and does not itself have priority over the deny option.
C. List folder contents
Listing folder contents is an NTFS permission that would be configured
to allow or deny. These permission categories do not take priority over a
deny setting.

Question 16

Which of the following partition types limit a Windows installation to a 
maximum partition size of 2 TB?
❍ A. FAT32
❍ B. GPT
❍ C. NTFS
❍ D. MBR

Answer 16

The Answer: D. MBR
The MBR (Master Boot Record) partition style is an older method
partitioning files, and the maximum partition size of an MBR partition is
2 terabytes in size.
The incorrect answers:
A. FAT32
FAT32 (File Allocation Table 32-bit) is a Microsoft file system originally
designed for earlier versions of Windows. FAT32 is not a partition type.
B. GPT
GPT (GUID Partition Table) is a modern partition style that increases
the number of partitions and partition sizes over the older MBR style.
C. NTFS
NTFS (NT File System) is a Microsoft file system designed to replace the
older FAT32 file system. NTFS is not a type of partition.

Question 17

A help desk technician has been tasked with rebuilding an email server
that recently crashed. Which of the following would be the BEST source
for this information?
❍ A. Compliance report
❍ B. Acceptable use policies
❍ C. Network topology map
❍ D. Knowledge base

Answer 17

The Answer: D. Knowledge base
A knowledge base commonly contains information about processes,
procedures, and documentation for resolving technical issues. An internal
knowledgebase would contain important historical information about the
email server and would potentially document the hardware and software
specifications for the server.
The incorrect answers:
A. Compliance report
A compliance report would document how closely the email server
complied with a set of rules or regulations associated with the company or
service. A compliance report might document how long email messages
were stored and how they were protected, but it would not commonly
contain the information required to rebuild the server.
B. Acceptable use policies
An acceptable use policy (AUP) describes the rules of behavior for users of
the organization’s services and equipment. An AUP does not contain any
information that would assist with the rebuilding of an email server.
C. Network topology map
A network topology map would display the location of the email server
in the organization’s network, but it would not contain the information
required to rebuild the hardware and software of the server.

Question 18

A technician is troubleshooting an issue with an iOS tablet randomly
restarting during normal use. A check of the device shows there have
been no significant application updates and the operating system was
upgraded to a new version three days ago. The user states the tablet
was working normally last week. Which of the following would be the
MOST likely reason for these random reboots?
❍ A. Faulty OS upgrade
❍ B. Invalid device certificate
❍ C. Malware infection
❍ D. Faulty battery
❍ E. Incorrect network settings

Answer 18

The Answer: A. Faulty OS upgrade
The last change to the tablet was an upgrade just three days ago, and the
tablet worked normally before that event. This documented change would
be the most likely reason for this issue.
The incorrect answers:
B. Invalid device certificate
An invalid device certificate may cause authentication issues, but it would
not cause the tablet to randomly restart.
C. Malware infection
Random reboots could possibly be caused by malware infections, but the
documented OS upgrade is a more obvious change to the system.
D. Faulty battery
A faulty battery could be considered an issue if no other changes were
made to the tablet and the tablet didn’t restart after powering down.
E. Incorrect network settings
Incorrect network settings might cause connectivity issues to remote
devices, but it wouldn’t cause the tablet to randomly restart.

Question 19

A server administrator has been planning an operating system upgrade
for a group of important services. The administrator has provided a
detailed scope and risk assessment of the change, and the plan has
been documented. However, the end-user acceptance approvals weren’t
completed until Friday afternoon, so the change cannot occur over the
weekend. Which of the following is preventing the upgrade
from occurring?
❍ A. Upgrade file availability
❍ B. Change board approval
❍ C. Not enough time to complete the upgrade
❍ D. Need more people for the upgrade process

Answer 19

The Answer: B. Change board approval
Before a change can proceed, the change board must evaluate and approve
the proposal. Most of these boards meet well before the change date to
make sure that all affected parties have a chance to evaluate the risk and
understand the scope of the change. The users approved the plan on a
Friday afternoon, but the change board did not have time to properly
evaluate and approve the change process for the weekend schedule.
The incorrect answers:
A. Upgrade file availability
Since the upgrade plan was already written, it’s most likely that all of the
upgrade files were in place and ready.
C. Not enough time to complete the upgrade
This question didn’t define a specific timeframe for completion, although
it’s common to complete changes during a weekend.
D. Need more people for the upgrade process
The question didn’t define any personnel requirements, so there did not
appear to be any constraints on the availability of personnel

Question 20

A user receives a browser security alert on his laptop when visiting any
website that uses HTTPS. If he uses his smartphone, he does not receive
any error messages. Which of the following would BEST describe
this situation?
❍ A. The date and time on the laptop is incorrect
❍ B. The smartphone is not updated with the latest OS version
❍ C. The laptop has an incorrect subnet mask
❍ D. The laptop does not have the latest anti-virus signatures

Answer 20

The Answer: A. The date and time on the laptop is incorrect
The date and time on a device is important when encryption is involved. If
a date is very different between devices, the encryption process may fail or
the encryption certificate may appear to be expired.
The incorrect answers:
B. The smartphone is not updated with the latest OS version
The smartphone doesn’t appear to have any issues with the encrypted
website, so updating the smartphone would not resolve the encryption
issue on the laptop.
C. The laptop has an incorrect subnet mask
An incorrect subnet mask might cause network connectivity issues, but it
would not commonly cause an error with the browser encryption process.
D. The laptop does not have the latest anti-virus signatures
The anti-virus signatures on a device are not related to the browser
encryption process.

Question 21

A system administrator would like to perform a Windows installation
while users are away from their desks. Which of the following would be
the BEST option for this installation?
❍ A. Unattended install
❍ B. Multiboot
❍ C. Repair installation
❍ D. In-place upgrade

Answer 21

The Answer: A. Unattended install
An unattended install uses a previously configured answer file instead of
prompting the user to provide answers during the installation process. This
allows the entire installation to occur without any user intervention and
can be used when users are not available.
The incorrect answers:
B. Multiboot
A multiboot system is installed with multiple operating systems that can
be selected during the boot process. A multiboot system does not itself
provide a way to install Windows without user intervention.
C. Repair installation
A repair installation will overwrite an existing installation with the same
version of the operating system in an effort to repair problems that may
have occurred with the existing installation. A repair installation does not
imply that the installation would be performed without user intervention.
D. In-place upgrade
An in-place upgrade will leave user documents and configurations in place
during the upgrade process. An in-place upgrade does not imply that the
installation would be performed without user intervention.

Question 22

Daniel, a user in the accounting department, has received an email asking
for payment of an outstanding invoice and a link to a third-party payment
site. The email contains purchase information that appears to be correct,
but additional research shows that the invoice number is not valid. Which
of the following would BEST describe this attack type?
❍ A. Spear phishing
❍ B. Spoofing
❍ C. Shoulder surfing
❍ D. Man-in-the-middle

Answer 22

The Answer: A. Spear phishing
A spear phishing attacker will focus their efforts on specific people or parts
of the organization. An attacker that contacts the accounting department
with an invoice and payment site details would be considered spear
phishing.
The incorrect answers:
B. Spoofing
Spoofing is a method of impersonation that attempts to gain access by
pretending to be someone else. This email was not making a direct attempt
to disguise itself as another person or entity.
C. Shoulder surfing
An attacker using shoulder surfing will read the contents of a screen from
another angle, such as over the shoulder. This email was not part of a
shoulder surfing attack.
D. Man-in-the-middle
A man-in-the-middle attack involves a third-party that is able to view
or modify the conversation between others without the knowledge of
the original parties. This email was directly from the attacker and did not
involve a third-party.
More informat

Question 23

A network administrator has found that a daily report shows a single
user with numerous visits to a website that violates the company’s AUP.
Which of the following should the administrator do NEXT?
❍ A. Create a firewall filter to block the website
❍ B. Scan all computers with the latest anti-malware signatures
❍ C. Contact the company’s security officer
❍ D. Change the user’s password

Answer 23

The Answer: C. Contact the company’s security officer
A company’s AUP (Acceptable Use Policy) is in place to limit the legal
liability of an organization. If a person in the organization is not following
the terms of the AUP, then the security officer’s team should manage the
results of that action.
The incorrect answers:
A. Create a firewall filter to block the website
A firewall filter may successfully prevent the user from visiting that site,
but the original problem of the user browsing to the site still exists. This
might be an eventual result of this situation, but it would not be the best
next step.
B. Scan all computers with the latest anti-malware signatures
There’s nothing in this particular situation that would indicate that the
inappropriate website was a security risk or that the end user’s computer
was infected with malware.
D. Change the user’s password
Locking out the user by changing their password might cause other issues
that are outside the scope of the AUP violation. This also does not resolve
the issue associated with the original website visits.

Question 24

A user took pictures of a new company product on their Apple tablet.
Those pictures were posted on an industry rumor website the following
week. Which of the following should be evaluated as the MOST likely
security concern?
❍ A. iCloud
❍ B. OneDrive
❍ C. Google Sync
❍ D. iTunes

Answer 24

The Answer: A. iCloud
Apple’s iCloud is the cloud-based service that provides an online backup
for iOS devices. If an attacker gains access to an iCloud account, they will
be able to access photos, notes, and other information from the iOS device.
The incorrect answers:
B. OneDrive
OneDrive is Microsoft’s cloud-based service for Windows computers.
Windows devices will store files, configurations, and other documents in
the OneDrive cloud.
C. Google Sync
Android devices use Google Sync to maintain a backup of an Android
phone or tablet.
D. iTunes
iTunes is software that runs on a local computer to manage and backup
Apple iOS devices. iTunes files are stored on local devices, making them
relatively more secure than files stored in the cloud.

Question 25

A server administrator has configured an automated process to backup
VM snapshots each evening during non-working hours. The backups
will be stored on a series of high-density tape drives. How can the
administrator confirm that these backups will be useful when a server
recovery is needed?
❍ A. Send the backups to an off-site facility
❍ B. Connect the tape drives to a UPS
❍ C. Create separate file-level backups
❍ D. Perform occasional recovery tests

Answer 25

The Answer: D. Perform occasional recovery tests
The best way to confirm that a backup will be useful when needed is
to perform occasional audits of the existing backup media. This is an
important step that should be followed for all backup processes.
The incorrect answers:
A. Send the backups to an off-site facility
Sending the backups to an off-site location may help protect the data and
preserve the information over a longer timeframe, but it doesn’t improve
the quality of data stored on the tapes.
B. Connect the tape drives to a UPS
Most of the infrastructure equipment in a data center should be connected
to a UPS (Uninterruptible Power Supply), but having that reliable power
connection doesn’t guarantee that the data stored on the tapes will be valid
during the restore process.
C. Create separate file-level backups
Creating additional backups is a good best practice, but having separate
backup files doesn’t change the quality of the data stored on the original
backup tapes.

Question 26

An organization has distributed new laptops to all of their
home-office employees. Although the users at home can successfully
connect through the Internet to resources at the corporate office, there
have been complaints that printers and shared drives at home are not
accessible. Which of the following would explain this issue?
❍ A. Incorrect login credentials
❍ B. Port security is turned on
❍ C. The corporate VPN is enabled
❍ D. Blocked by DLP

Answer 26

The Answer: C. The corporate VPN is enabled
A VPN (Virtual Private Network) connection that sends all traffic back to
the corporate office by default would effectively disconnect the user from
any other local resources, such as printers, other computers, and local file
shares.
The incorrect answers:
A. Incorrect login credentials
Incorrect login credentials would prevent access to all resources, including
those at the corporate office over the VPN.
B. Port security is turned on
Port security is a feature configured on a switch interface to prevent an
unauthorized user from physically connecting to a switch. Port security
would limit all traffic through the network, including the traffic intended
for the corporate office.
D. Blocked by DLP
DLP (Data Loss Prevention) is a security technology that will identify and
block the transfer of unauthorized materials through the network. DLP
solutions are often used to block private customer information, credit card
details, and other sensitive data. A DLP solution would not be the reason
that communication to home resources would be blocked