test 4

Question 1

An attacker is using a word list that contains 1 million possible passwords as they attempt to crack your Windows password. What type of password attack is this?

Rainbow Table
Brute-Force
Dictionary
Hybrid

Answer 1

Answer: Dictionary Attack

Explanation
OBJ-2.5: A dictionary attack uses a list of common passwords to crack a user’s password. These lists do not have just dictionary words, though. For example, the word Dr@g0nBr3@+h (dragon breath) may be one such word but rewritten by substituting symbols or numbers for various letters. The dictionary file might have words like DRAGON, dragon, Dr@g0n, and many other forms. Most dictionary files contain millions of entries, and the password cracking tries each one until a match is found. A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. A hybrid attack combines a dictionary list with the ability to add brute-force combinations to crack a password that is slightly different than the dictionary list entry. A rainbow table is a tool for speeding up attacks against Windows passwords by precomputing possible hashes. A rainbow table is used to authenticate users by comparing the hash value of the entered password against the one stored in the rainbow table. Using a rainbow table makes password cracking a lot faster and easier for an attacker.

Question 2

A home user brought their Windows 10 laptop to the electronics store where you work. They claim their computer has become infected with malware. You begin troubleshooting the issue by first pressing the power button, and the laptop loads properly without any issues. When you open Microsoft Edge, you notice that multiple pop-ups appear almost immediately. Which of the following actions should you take NEXT?

1. Quarantine the machine and report it as infected to your company’s cybersecurity department for investigation.
2. Clear the browser’s cookies and history, enable the pop-up blocker, and scan the system for malware.
3. Document the pop-ups displayed and take a screenshot
4. reinstall or reimage the operating system

Answer 2

Answer: Clear the browser’s cookies and history, enable the pop-up blocker, and scan the system for malware.

Explanation
OBJ-3.3: Malware often targets the web browser. Malware such as adware and spyware is designed with commercial or criminal intent rather than to vandalize the computer system. Common infection symptoms of spyware or adware are pop-ups or additional toolbars, the home page or search provider changing suddenly, searches returning results that are different to other computers, slow performance, and excessive crashing. Viruses and Trojans may spawn pop-ups without the user opening the browser. Since this is a home user’s laptop, you should remediate the issue and return the system to them. Since this is not a system owned by your company, there is no reason to report it to your company’s cybersecurity department.

Question 3

Which of the following types of installations would you use on a system with slow performance or one that you cannot isolate a single cause of the system’s issues?

in-place upgrade
remote network installation
image deployment
repair installation

Answer 3

Answer: repair installation

Explanation
OBJ-1.7: Repair installation is a type of installation that attempts to replace the existing version of the operating system files with a new copy of the same version. A repair installation is useful when trying to repair a Windows computer that will not boot or when you believe the system files have become corrupted. An image deployment is a type of installation that uses a clone of an existing installation stored in an image file to perform the installation. The image can contain the base OS and configuration settings, service packs and updates, applications software, and whatever else is required. An image can be stored on DVD or USB media or can be accessed over a network. A remote network installation connects to a shared folder containing the installation files. During the remote network installation, the target PC will boot to a Preboot eXecution Environment (PXE) and then copy the files to a temporary location on its hard drive before fully installing them to the target PC. Most commonly, a remote network installation will be combined with an image deployment for a more efficient installation across the network. An in-place upgrade is an installation of the new operating system on top of an existing version of the operating system. An in-place upgrade will preserve the applications, user settings, and data files that already exist on the computer.

Question 4

Your company wants to get rid of some old paper files. The files contain PII from previous customers, including their names, birth dates, and social security numbers. Which of the following are the appropriate data destruction and disposal techniques that should be utilized for these papers?

Recycling bin
strip-cut shredder
cross-cut shredder
micro-cut shredder

Answer 4

Answer: micro-cut shredder

Explanation
OBJ-2.9: The three most common types are; strip-cut, cross-cut, and micro-cut. The strip-cut machines shred long vertical pieces, as cross-cut adds horizontal cuts to make the shred pieces even smaller. Micro-cut machines shred to an even higher level of security, essentially converting your documents into tiny particles.

Question 5

Which type of authentication method is commonly used with physical access control systems and relies upon RFID devices embedded into a token?

smart cards
proximity cards
TOTP
HOTP

Answer 5

answer: proximity cards

Explanation
OBJ-2.1: A proximity card is a contactless card that usually utilizes RFID to communicate with the reader on a physical access system. These are commonly used to access secured rooms (such as server rooms) or even a building itself (such as at an access control vestibule). Some smart cards contain proximity cards within them, but the best answer to this question is proximity cards since that is the function of the smart card would be the device used to meet this scenario’s requirements. An HMAC-based one-time password (HOTP) is a one-time password algorithm based on hash-based message authentication codes. A Time-based one-time password (TOTP) is a computer algorithm that generates a one-time password that uses the current time as a source of uniqueness.

Question 6

A customer’s Android smartphone is only 6 months old but is becoming excessively slow. When questioned, the customer states it was acting fine until they recently installed a new stock market tracking app. What action should you take to troubleshoot the slow performance on this phone?

1. uninstall the app, reboot the phone, and reinstall the app
2. replace the phone with a newer model
3. perform a hard reboot of the smartphone
4. Factory reset the smartphone and reinstall all the apps

Answer 6

Answer: uninstall the app, reboot the phone, and reinstall the app

Explanation
OBJ-3.4: The best option in this scenario is to uninstall and reinstall the stock market app. When apps are updated automatically, they can sometimes become faulty or corrupted and slow down performance on the device. With Android phones, much like iPhones, apps can run in the background and may begin to take up excess resources. If the app is removed, the phone is rebooted, and the app is reinstalled, and the issue persists, then the app should be removed, and an alternate app selected to replace it. Remember, in the CompTIA troubleshooting method we should always question the obvious. In the question, the thing that recently changed was the installing of a new app, so it is likely the issue.

Question 7

When Jason needs to log in to his bank, he must use a hardware token to generate a random number code automatically synchronized to a code on the server for authentication. What type of device is Jason using to log in?

smart card
piv card
biometric lock
key fob

Answer 7

answer: key fob

Explanation
OBJ-2.1: A key fob is a hardware token that generates a random number code synchronized to a code on the server. The code changes every 60 seconds or so. This is an example of a one-time password. A SecureID token is an example of a key fob that is produced by RSA. A smart card, chip card, PIV card, or integrated circuit card is a physical, electronic authorization device used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit chip. In high-security environments, employee badges may contain a smart card embedded chip that must be inserted into a smart card reader to log in or access information on the system. A biometric lock is any lock that can be activated by biometric features, such as a fingerprint, voiceprint, or retina scan. Biometric locks make it more difficult for someone to counterfeit the key used to open the lock or a user’s account. A smart card is a form of hardware token.

Question 8

Which TWO of the following would provide the BEST security for both computers and smartphones?

using a cable lock
enabling multifactor authentication
configuring organizational units
utilizing access control lists
enforcing trusted software sources
enabling data loss prevention

Answer 8

answers:
enabling multifactor authentication
enforcing trusted software sources

Explanation
OBJ-2.2: The use of multifactor authentication is considered an industry best practice for both computers and smartphones. Additionally, any software being installed should come from a trusted source to prevent malware infections. Access controls lists can be easily set up on a computer, but not a smartphone. Data loss prevention (DLP) software can identify data that has been classified and apply fine-grained user privileges to prevent copying it or forwarding it by email and more. DLP is usually installed on a server, although there are some versions made for computers. Organizational units in Windows Active Directory are a way of dividing the domain up into different administrative realms. Cable locks are effective for laptops, but not for smartphones.

Question 9

A user is complaining about slow data speeds when they are at home in a large apartment building. The user uses Wi-Fi when they get home, and the device works fine on other wireless networks they connect to. Which of the following actions should the user take to increase their data speeds?

1. increase the wifi signal being transmitted by their WAP
2. enable MAC filtering on their WAP
3. Turn off wifi and rely on their cellular data plan
4. upgrade to a new smartphone

Answer 9

answer: increase the wifi signal being transmitted by their WAP

Explanation
OBJ-3.5: Slow data speeds can be caused by too much interference or a weak signal. Try changing the channel on Wi-Fi routers to less-used channels or boost the signal being transmitted, and the performance should increase. Alternatively, if the cellular signal is too low, you can install a signal booster or microcell in the home or office. Enabling MAC filtering would block devices attempting to connect to the Wi-Fi. Turning off the Wi-Fi and using their cellular data plan might be a valid workaround, but it does not solve the issue of the Wi-Fi not functioning properly at home. Upgrading the smartphone would not increase the speed of their home Wi-Fi, as their current smartphone already operates at faster speeds on other Wi-Fi networks.

Question 10

Your company has just installed a new proxy server and has asked you to configure all of the Windows workstations to use it. Which of the following Internet Options tabs in the Windows Control Panel should you configure?

connections
privacy
content
general

Answer 10

answer: connections

Explanation
OBJ-1.6: The Connections tab in the Internet Options is used to set up the dial-up and VPN settings and the LAN settings. Under the LAN settings, you can configure the proxy server settings for the system.

Question 11

Which of the following authentication protocols was developed by Cisco to provide authentication, authorization, and accounting services?

RADIUS
TACACS+
CHAP
KERBEROS

Answer 11

answer: TACACS+

Explanation
OBJ-2.3: TACACS+ is an extension to TACACS (Terminal Access Controller Access Control System) and was developed as a proprietary protocol by Cisco. The Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that operates on port 1812 and provides centralized Authentication, Authorization, and Accounting management for users who connect and use a network service, but Cisco did not develop it. Kerberos is a network authentication protocol designed to provide strong mutual authentication for client/server applications using secret-key cryptography developed by MIT. Challenge-Handshake Authentication Protocol (CHAP) is used to authenticate a user or network host to an authenticating entity. CHAP is an authentication protocol but does not provide authorization or accounting services.

Question 12

what is TACACS+

Answer 12

TACACS+ is an extension to TACACS (Terminal Access Controller Access Control System) and was developed as a proprietary protocol by Cisco

Question 13

A cybersecurity analyst is auditing your company’s network logs and identifies that a USB mass storage device was previously inserted into many of the company’s servers. The logs also showed dozens of failed login attempts before a successful login occurred on the servers. Which TWO of the following actions are recommended to eliminate the vulnerabilities identified by the cybersecurity analyst?

INSTALL A HOST BASED FIREWALL ON THE SERVERS

CHANGE THE DEFAULT CREDENTIALS ON THE SERVER

REMOVE ADMINISTRATIVE PERMISSIONS

LOCKOUT THE ACCOUNT AFTER 3 FAILED LOGIN ATTEMPTS

INSTALL THE OPERATING SYSTEM SECURITY UPDATES

MODIFY THE AUTORUN SETTINGS

Answer 13

answers:
LOCKOUT THE ACCOUNT AFTER 3 FAILED LOGIN ATTEMPTS
MODIFY THE AUTORUN SETTINGS

Explanation
OBJ-2.7: Since the USB mass storage device was used to connect to the servers, it is recommended to modify the AutoRun settings. To prevent the password guessing attacks used, the servers should be configured to lock out any account after 3 failed login attempts. The other options are all considered good security practices, but they do not directly address the issues presented in this scenario.

Question 14

Regardless of what website Michelle types into her browser, she is being redirected to “malwarescammers.com.” What should Michelle do to fix this problem?

Reset the web browser’s proxy setting

update the anti-virus software and run a full system scan

restart the network services

rollback the application to the previous version

Answer 14

answer: Reset the web browser’s proxy setting

Explanation
OBJ-3.2: When a browser redirect occurs, it usually results from a malicious proxy server setting being added to the browser. Michelle should first check her web browser’s configuration for any malicious proxies under the Connections tab under Internet Options in the Control Panel. Next, she should check the hosts.ini file to ensure that single sites are not being redirected.

Question 15

Upon booting up a Windows 10 machine, you see an error message stating, “One or more services failed to start.” Which of the following actions should you take?

disable application startup

verify that disabling one service has not affected others

check the configuration of antivirus software

uninstall and reinstall the service

Answer 15

answer: verify that disabling one service has not affected others

Explanation
OBJ-3.1: If you see a message such as “One or more services failed to start” during the Windows load sequence, check Event Viewer and/or the Services snap-in to identify which service has failed. Troubleshooting services can be complex. Of the options presented in this question, only the one for verifying that disabling one service has not affected others would help correct a service that fails to start. This is because some services depend on other services to run, so if something or someone has disabled one service, it could have inadvertently affected others.

Question 16

Which of the following must be enabled to allow a video game console or VoIP handset to configure your firewall automatically by opening the IP addresses and ports needed for the device to function?

NAT

MDM

DHCP

UPnP

Answer 16

answer: UPnP

Explanation
OBJ-2.10: Universal plug-and-play (UPnP) is a protocol framework allowing network devices to autoconfigure services, such as allowing a games console to request appropriate settings from a firewall. UPnP is associated with several security vulnerabilities and is best disabled if not required. You should ensure that the router does not accept UPnP configuration requests from the external (internet) interface. If using UPnP, keep up-to-date with any security advisories or firmware updates from the router manufacturer. A mobile device management (MDM) software suite is used to manage smartphones and tablets within an enterprise. The dynamic host control protocol (DHCP) is a protocol used to allocate IP addresses to a host when it joins a network. DHCP utilizes UDP ports 67 and 68. Network address translation (NAT) is a network service provided by the router or proxy server to map private local addresses to one or more publicly accessible IP addresses. NAT can use static mappings but is commonly implemented as network port address translation (PAT) or NAT overloading, where a few public IP addresses are mapped to multiple LAN hosts using port allocations.

Question 17

A corporate workstation was recently infected with malware. The malware was able to access the workstation’s credential store and steal all the usernames and passwords from the machine. Then, the malware began to infect other workstations on the network using the usernames and passwords it stole from the first workstation. The IT Director has directed its IT staff to develop a plan to prevent this issue from occurring again. Which of the following would BEST prevent this from reoccurring?

monitor all workstations for failed login attempts and forward them to a centralized SYSLOG server

install a unified threat management system on the network to monitor for suspicious traffic

install a host based intrusion detection system on all of the corporate workstations

install an antivirus or antimalware solution that uses heuristic analysis

Answer 17

answer: install an antivirus or antimalware solution that uses heuristic analysis

Explanation
OBJ-2.2: The only solution that could stop this from reoccurring would be to use an anti-virus or anti-malware solution with heuristic analysis. The other options might be able to monitor and detect the issue but not stop it from spreading. Heuristic analysis is a method employed by many computer anti-virus programs designed to detect previously unknown computer viruses and new variants of viruses already in the wild. This is behavior-based detection and prevention, so it should detect the issue and stop it from spreading throughout the network. A host-based intrusion detection system (HIDS) is a device or software application that monitors a system for malicious activity or policy violations. Any malicious activity or violation is typically reported to an administrator or collected centrally using a security information and event management system. The UTM is also acting as an IDS in this scenario based on the option presented.

Question 18

Which low power mode is used with Windows 10 laptops to save power, but it takes longer to turn back on and resume where the user left off?

balenced

power saver

hibernate

sleep

Answer 18

answer: hibernate

Explanation
OBJ-1.6: Hibernate mode is used to save the current session to disk before powering off the computer to save battery life when the system is not being used. The computer takes longer to start up again from hibernate mode than it does from the sleep or standby mode. Sleep or standby mode is used to save the current session to memory and put the computer into a minimal power state to save battery life when the system is not being used. The computer takes less time to start up again from the sleep or standby mode than it does from the hibernate mode. The high-performance power plan favors performance over energy savings. The balanced power plan adjusts the performance to conserve energy on capable hardware.

Question 19

Which of the following commands is used on a Linux system to copy a file from one directory to another directory?

mv
cp
rm
ls

Answer 19

answer: cp

Explanation
OBJ-1.9: The cp command is a command-line utility for copying files and directories. It supports moving one or more files or folders with options for taking backups and preserving attributes. Copies of files are independent of the original file, unlike the mv command. The mv command is a command-line utility that moves files or directories from one place to another. The mv command supports moving single files, multiple files, and directories. The mv command can prompt before overwriting files and will only move files that are newer than the destination. When the mv command is used, the file is copied to the new directory and removed from the old directory. The rm command is a command-line utility for removing files or directories. To remove a file, pass the name of a file or files to the rm command, and those files will be removed immediately from the file system. The ls command lists the files or directories in the current path of a Unix, Linux, or Mac operating system. When invoked without any arguments, ls lists the files in the current working directory.

Question 20

Which RAID solution will provide the BEST speed and redundancy for a backup and disaster recovery server?

raid 0
raid 1
raid 5
raid 10

Answer 20

answer: raid 10

Explanation
OBJ-4.3: RAID 10 provides the system with both speed and efficiency. With RAID 10, the system has a mirror of striped disks for full redundancy and double fault tolerance. RAID 10 configuration (also known as RAID 1+0) requires a minimum of four disks and mirrors data across a striped disk pair. This is not only the best option presented in this question but also the most expensive option. A RAID 0 provides disk striping (speed/performance) but not mirroring with a minimum of two disks. A RAID 1 provides mirroring (redundancy) but not disk striping with a minimum of two disks. A RAID 5 provides block-level striping with distributed parity to provide redundancy using a minimum of three disks.

Question 21

A user attempted to go to their favorite social media website this morning from their laptop. When they typed in Facebook.com, their browser redirected them to MalwareInfect.com instead. You asked the user to clear their cache, history, and cookies, but the problem remains. What should you do NEXT to solve this problem?

conduct an antivirus scan

upgrade their web browser

check the host.ini file

disable system restore

Answer 21

answer: check the host.ini file

Explanation
OBJ-3.2: The hosts.ini file is a local plain text file that maps servers or hostnames to IP addresses. It was the original method to resolve hostnames to a specific IP address. The hosts file is usually the first process in the domain name resolution procedure. When a user requests a webpage, the hosts.ini file is first checked for the IP address. If the IP address isn’t found in the hosts.ini file, then the workstation requests the IP address from the DNS server. Attackers often modify host.ini files to redirect users to a malicious webpage instead of one they would commonly use like Google, Facebook, and others.

Question 22

A new corporate policy dictates that all access to network resources will be controlled based on the user’s job functions and tasks within the organization. For example, only people working in Human Resources can access employee records, and only the people working in finance can access customer payment histories. Which of the following security concepts is BEST described by this new policy?

least privilege

permission creep

directory permissions

blocklists

Answer 22

answer: least privilege

Explanation
OBJ-2.2: Least privilege is the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, legitimate activities. Privilege itself refers to the authorization to bypass certain security restraints. Permissions Creep, also known as privilege creep, is what happens when an employee moves between roles in an organization and keeps the access or permissions of the previous role. Directory permissions are used to determine which users can access, read, write, and delete files or directories within a given directory. A blocklist is a list of IP addresses, ports, or applications that are not allowed to be run or used on a given system.

Question 23

You are troubleshooting a user’s laptop that is unable to print a document. You have verified the printer is working and properly connected to the workstation by USB. Which log in Windows 10 would you review to determine if the print spooler service is causing this issue?

system log

setup

security log

application log

Answer 23

answer: system log

Explanation
OBJ-3.1: The event viewer shows a log of application and system messages, including errors, information messages, and warnings. It’s a useful tool for troubleshooting all kinds of different Windows problems. The system log contains information about service load failures, hardware conflicts, driver load failures, and more. The file (system.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The security log contains information regarding audit data and security on a system. For example, the security log contains a list of every successful and failed login attempt. The file (security.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The application log contains information regarding application errors. The file (application.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The setup log contains a record of the events generated during the Windows installation or upgrade process. The file (setup.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer.

Question 24

Which file system type is used to mount remote storage devices on a Linux system?

exFAT

NFS

NTFS

APFS

Answer 24

answer: NFS

Explanation
OBJ-1.3: The Network File System (NFS) is used to mount remote storage devices into the local file system on a Linux system. It allows you to mount your local file systems over a network and remote hosts to interact with them while mounted locally on the same system. The extensible file allocation table (exFAT) is a file system optimized for external flash memory storage devices such as USB flash drives and SD cards. exFAT supports a maximum volume size of up to 128 PB with a recommended maximum volume size of 512 TB for the best reliability. The Apple file system (APFS) is the default file system for Mac computers using macOS 10.13 or later and features strong encryption, space sharing, snapshots, fast directory sizing, and improved file system fundamentals. The NT file system (NTFS) is a Windows file system that supports a 64-bit address space and can provide extra features such as file-by-file compression and RAID support as well as advanced file attribute management tools, encryption, and disk quotas. NTFS can support a maximum volume size of up to 8 PB.