Test 4 Flashcards
Which of the following is a connectionless protocol that utilizes on UDP?
-HTTP
-TFTP
-FTP
-HTTPS
TFTP
Explanation
OBJ-2.1: The user datagram protocol (UIDP) is a protocol in the TCP/IP suite that operates at the transport layer to provide connectionless, non-guaranteed communication with no sequencing or flow control. UDP is faster than TCP, but it does not provide reliable delivery of the packets. The trivial file transfer protocol (TFTP) is a protocol used to get a file from a remote host or put a file onto a remote host. TFTP is commonly used with embedded devices or systems that retrieve firmware, configuration information, or a system image during the boot process. TFTP operates over UDP port 69. The hypertext transfer protocol (HTTP) is a protocol used to provide web content to browsers using TCP port 80. The hypertext transfer protocol (HTTP) is a protocol used to provide web content to browsers using TCP port 80. The hypertext transfer protocol secure (HTTPS) is a secure protocol used to provide web content to browsers using SSL/TLS encryption over TCP port 443.
Which of the following network configurations is used to identify your computer’s individual host identifier and your computer’s network identifier?.
-Subnet mask
-Gateway
-WINS
-DNS
Subnet mask
Explanation
OBJ-1.6: The subnet mask is used to identify the host identifier and the network identifier uniquely in combination with the IP address. The subnet mask is used by the TCP/IP protocol to determine whether a host is on the local subnet or a remote network. The default gateway parameter is the IP address of a router to which packets destined for a remote network should be sent by default. This setting is not required, but if you do not have one included, your network traffic can never leave the local area network. Windows Internet Name Service (WINS) is a legacy computer name registration and resolution service that maps computer NetBIOS names to IP addresses. The domain name system (DNS) protocol is the protocol used to provide names for an IP address based on their mappings in a database using TCP/UDP port 53.
Which of the following installation types would allow a single technician to quickly install Windows 10 Enterprise on 50 workstations simultaneously?
-Image deployment
-In-place upgrade
-Refresh install
-Repair installation
Image deployment
Explanation
OBJ-1.9: An image deployment is a type of installation that uses a clone of an existing installation stored in an image file to perform the installation. The image can contain the base OS and configuration settings, service packs and updates, applications software, and whatever else is required. An image can be stored on DVD or USB media or can be accessed over a network. Repair installation is a type of installation that attempts to replace the existing version of the operating system files with a new copy of the same version. A repair installation is useful when trying to repair a Windows computer that will not boot or when you believe the system files have become corrupted. A refresh installation is a type of installation that will recopy the system files and revert most system settings to their default configuration while preserving user personalization settings, data files, and applications installed through the Windows Store. An in-place upgrade is an installation of the new operating system on top of an existing version of the operating system. An in-place upgrade will preserve the applications, user settings, and data files that already exist on the computer.
Dion Training is building a new computer for its video editor to use. The new computer will use four physical Intel Xeon processors, 128 GB of DDR4 memory, and a RAID 0 with two 2 TB SSDs for optimal performance. Which of the following editions of Windows 10 would support all of this computer’s resources properly?
-Pro
-Home
-Pro for Workstations
-Education
Pro for Workstations
Explanation
OBJ-1.1: Microsoft Windows 10 Pro for Workstations is designed to run on devices with high-performance configurations, including server-grade Intel Xeon and AMD Opteron processors. Windows 10 Pro for Workstations and Windows 10 Enterprise both support up to four physical CPUs and 6 TB of RAM. Windows 10 Pro and Windows 10 Education both only support two physical CPUs and 2 TB of RAM. Windows 10 Home only supports one physical CPU and up to 128 GB of RAM.
Question 11: Incorrect
A factory worker suspects that a legacy workstation is infected with malware. The workstation runs Windows XP and is used as part of an ICS/SCADA system to control industrial factory equipment. The workstation is connected to an isolated network that cannot reach the internet. The workstation receives the patterns for the manufactured designs through a USB drive. A technician is dispatched to remove the malware from this workstation. After its removal, the technician provides the factory worker with a new USB drive to move the pattern files to the workstation. Within a few days, the factory worker contacts the technician again to report the workstation appears to be reinfected with malware. Which of the following steps did the technician MOST likely forget to perform to prevent reinfection?
-Update the anti-malware solution
-Quarantine the infected system
-Disable System restore in Windows
-Investigate and verify malware symptoms
-Enable System Restore and create a restore point in Window
-Remediate the infected systems
Update the anti-malware solution
Explanation
OBJ-3.3: Since the workstation is isolated from the internet, the anti-malware solution will need to be manually updated to ensure it has the latest virus definitions. Without the latest virus definitions, the system can easily become reinfected. The seven steps of the malware removal procedures are (1) Investigate and verify malware symptoms, (2) Quarantine the infected systems, (3) Disable System Restore in Windows, (4) Remediate the infected systems, update anti-malware software, scan the system, and use removal techniques (e.g., safe mode, pre-installation environment), (5) Schedule scans and run updates, (6) Enable System Restore and create a restore point in Windows, and (7) Educate the end user.
The customer service manager at Dion Training is having issues with her Windows 10 laptop. A technician believes that the operating system may have been corrupted by a piece of malware. The technician has removed the malware and wants to perform an installation or upgrade that will recopy the system files and revert most of the system settings to their default configurations while still preserving the user’s personalization settings, data files, and any applications installed through the Windows store. The technician has been told that they may delete any applications installed by the user, though, since they may have been infected by the malware. Which of the following types of upgrades or installations should the technician use?
-Clean install
-Repair installation
-In-place upgrade
-Refresh installation
Refresh installation
Explanation
OBJ-1.9: A refresh installation is a type of installation that will recopy the system files and revert most system settings to their default configuration while preserving user personalization settings, data files, and applications installed through the Windows Store. A clean install is an installation of the new operating system on a new computer or a computer that has been recently formatted. A clean install will completely replace the operating system software on the computer with the new operating system. During a clean install, all of the user’s data, settings, and applications will be deleted. An in-place upgrade is an installation of the new operating system on top of an existing version of the operating system. An in-place upgrade will preserve the applications, user settings, and data files that already exist on the computer. Repair installation is a type of installation that attempts to replace the existing version of the operating system files with a new copy of the same version. A repair installation is useful when trying to repair a Windows computer that will not boot or when you believe the system files have become corrupted.
A home user contacts the help desk and states that their desktop applications are running very slowly. The user also says that they have not received any emails all morning, but they normally get at least 5-10 emails each day. The help desk technician gets permission from the home user to remotely access their computer and runs some diagnostic scripts. The technician determines that the CPU performance is normal, the system can ping the local router/gateway, and the system can load websites slowly, or they fail to load completely. During the diagnosis, the technician also observes the remote connection dropping and reconnecting intermittently. Which of the following should the technician attempt to perform NEXT to resolve the user’s issue?
-Reboot into safe mode, uninstall the last OS update, and run a CHKDSK against the hard
-Update the anti-virus software, run a full scan of the system, and verify the web browser’s and email client’s settings
-Empty the web browser’s cache, send a test email to the technician’s personal account, and open the Explorer to check the file system
-Boot into the BIOS setup, enable TPM, reboot into safe mode, and perform a System Restore
Update the anti-virus software, run a full scan of the system, and verify the web browser’s and email client’s settings
Explanation
OBJ-3.2: Based on the symptoms, it appears that the system may be infected with malware. Therefore, it would be best to attempt to remediate the system by updating the anti-virus, performing a full system scan, and verifying that the web browser and email client’s settings are correct. There is no indication that a recent OS update was performed, so there is no need to reboot into safe mode and roll back that update. Enabling TPM would not help with this issue since TPM is used to store encryption keys for a BitLocker encrypted hard disk. A technician should never send test emails to their personal account as it is considered unprofessional.
Eduardo is installing Windows 11 (64-bit) in a virtual machine on his macOS desktop. The installation is continually failing and producing an error. Eduardo has configured the virtual machine with a 2.2 GHz processor, 4 GB of memory, a 64 GB hard drive, and a 1280 x 720 screen resolution. Which item in the virtual machine should be increased to fix the installation issue experienced?
-Amount of memory
-Amount of hard drive space
-Number of CPU cores
-The screen resolution
Number of CPU cores
Explanation
OBJ-1.7: The number of CPU cores needs to be increased. For the Windows 11 (64-bit) operating system, the minimum requirements are a dual-core 1 GHz processor, 4 GB of RAM, and at least 64 GB of hard drive space. For the Windows 10 (32-bit) operating system, the minimum requirements are a 1 GHz processor, 1 GB of RAM, and at least 16 GB of hard drive space. For the Windows 10 (64-bit) operating system, the minimum requirements are a 1 GHz processor, 2 GB of RAM, and at least 32 GB of hard drive space.
You are installing a new firewall for Dion Training’s corporate network. Which of the following documents should you update FIRST?
-Incident database
-Password policy
-Knowledge base articles
-Network topology diagrams
Network topology diagrams
Explanation
OBJ-4.1: A network topology is the shape or structure of a network in a physical or logical format as depicted in a network diagram. Physical network topologies include the actual appearance of the network layout. Logical network topologies include the flow of data across the network. A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization’s official regulations and may be taught as part of security awareness training. It contains items like password complexity, password age, and password history requirements. A Knowledge Base (KB) is a reference document that is used to assist a technician when they are installing, configuring, and troubleshooting hardware and software. A knowledge base article might be created by a vendor to support their products, too. A company might create an internal KB, populated with guidelines, procedures, information, and frequently asked questions from their service tickets. An incident database is used to document any issues, problems, or incidents in the network. An incident database is often called a trouble ticket system. The system should document the number of the incident, the point of contact for the workstation, the priority of the incident, the problem description, and a history of work performed to resolve the incident for the user.
Which of the following commands is used on a Linux system to switch to another user’s account?
-su
-passwd
-chown
-ps
su
Explanation
OBJ-1.11: The su command, which stands for substitute user, is used by a computer user to execute commands with the privileges of another user account. When executed, it invokes a shell without changing the current working directory or the user environment. When the command is used without specifying the new user id as a command-line argument, it defaults to using the system’s superuser account (user id 0). The command sudo is related and executes a command as another user but observes a set of constraints about which users can execute which other users can execute. The chown command is used to change the owner of the file, directory, or link in Linux. The ps command is used to list the currently running processes, and their PIDs and some other information depend on different options. It reads the process information from the virtual files in the /proc file system. The /proc directory contains virtual files and is known as a virtual file system. The passwd command changes passwords for user accounts. A normal user may only change the password for their account, while the superuser may change the password for any user.
A printing company uses an isolated Windows XP workstation to print out large format banners for its customers on a custom printer. Unfortunately, the printer does not support newer versions of Windows and would cost $50,000 to replace it. To mitigate this risk, the workstation is not connected to the internet or a local area network. When a customer needs a banner printer, the technician takes a copy of their PDF file and moves it to the Windows XP workstation using a USB thumb drive. The workstation recently became infected with malware when printing a customer’s file. The technician remediated the issue, but the workstation became infected again three weeks later. Which of the following actions did the technician forget to perform?
-Perform a data wipe operation on the USB thumb drive before its next use
-Connect the workstation to the Internet to receive the latest Windows XP patches
-Disable System Restore and remove the previous restore points
-Manually update the antivirus on the workstation and set it to perform on-access scans
Manually update the antivirus on the workstation and set it to perform on-access scans
Explanation
OBJ-2.4: This is a legacy workstation since it is running Windows XP. Since Windows XP is considered end-of-life, there are no security patches or updates available for it. To mitigate this risk, the workstation should be run only as an isolated workstation. Since the workstation is not connected to a network and receives files through the connection of a USB thumb drive, this would be the only way a piece of malware could enter the system. The technician most likely neglected to update the antivirus/antimalware software on this workstation during the remediation. The technician should manually update the antivirus/antimalware definitions weekly. The workstation should also be configured to conduct on-access/on-demand scanning, as well.
A user attempted to go to their favorite social media website this morning from their laptop. When they typed in Facebook.com, their browser redirected them to MalwareInfect.com instead. You asked the user to clear their cache, history, and cookies, but the problem remains. What should you do NEXT to solve this problem?
-Conduct an antivirus scan
-Upgrade their web browser
-Disable System Restore
-Check the host.ini file
Check the host.ini file
Explanation
OBJ-3.2: The hosts.ini file is a local plain text file that maps servers or hostnames to IP addresses. It was the original method to resolve hostnames to a specific IP address. The hosts file is usually the first process in the domain name resolution procedure. When a user requests a webpage, the hosts.ini file is first checked for the IP address. If the IP address isn’t found in the hosts.ini file, then the workstation requests the IP address from the DNS server. Attackers often modify host.ini files to redirect users to a malicious webpage instead of one they would commonly use like Google, Facebook, and others.
Jason checks the Dion Training server room and finds that it currently has only 10% humidity. Which of the following risks to the servers could occur due to this low humidity level?
-Corrosion of the servers
-An over-voltage event
-Accidental static discharge
-An under-voltage event
Accidental static discharge
Explanation
OBJ-4.5: When humidity is low, static discharge is the biggest threat. When humidity is low, static electricity is built up and can lead to an accidental release which damages components. When humidity is high, the water in the air can react with the components in the servers and cause corrosion. In a computer server room or work area, the humidity should be kept between 40-60% to prevent electrostatic discharge from low humidity and corrosion from high humidity. An electrostatic discharge (ESD) is the release of a charge from metal or plastic surfaces that occurs when a potential difference is formed between the charged object and an oppositely charged conductive object. This electrical discharge can damage silicon chips and computer components if they are exposed to it.
Your company is concerned about the possibility of power fluctuations that may occur and cause a large increase in the input power to their server room. What condition is this known as?
-Power failure
-Power surge
-Power spikes
-Under-voltage event
Power spikes
Explanation
OBJ-4.5: A significant over-voltage event that occurs for a very short period of time is known as a power spike. A power spike is a very short pulse of energy on a power line. Power spikes can contain very high voltages up to and beyond 6000 volts but usually last only a few milliseconds instead of longer but lower voltage power surges. An extended over-voltage event is known as a power surge. A power surge is basically an increase in your electrical current. A power surge often has levels of 10-30% above the normal line voltage and lasts from 15 milliseconds up to several minutes. An under-voltage event is a reduction in or restriction on the availability of electrical power in a particular area. The irregular power supply during an under-voltage event can ruin your computer and other electronic devices. Electronics are created to operate at specific voltages, so any fluctuations in power (both up and down) can damage them. To protect against an under-voltage event, you can use either a battery backup or a line conditioner. A power loss or power failure is a total loss of power in a particular area. To protect against a power loss or power failure, a battery backup should be used.
An increased amount of web traffic to an e-commerce server is observed by a network administrator but without increasing the number of financial transactions. Which kind of attack might the company be experiencing?
-Bluejacking
-DoS
-Phishing
-ARP spoofing
DoS
Explanation
OBJ-2.4: A DoS attack or denial-of-service attack works by overloading a server with multiple requests (more than it can handle), thus eventually knocking the server offline. When a denial-of-service attack occurs, there will be an increase in the amount of web traffic on the server, but since that traffic is not being sent by legitimate customers there will be no financial transactions occurring. ARP spoofing is a type of attack in which a malicious actor sends falsified ARP (Address Resolution Protocol) messages over a local area network. This results in the linking of an attacker’s MAC address with the IP address of a legitimate computer or server on the network. Phishing is a type of social engineering where an attacker sends a fraudulent email designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim’s infrastructure like ransomware. Bluejacking is the sending of unsolicited messages over Bluetooth to Bluetooth-enabled devices such as mobile phones, PDAs, or laptop computers, sending a vCard which typically contains a message in the name field to another Bluetooth-enabled device via the OBEX protocol.
During the reconnaissance phase of a penetration test, you have determined that your client’s employees all use iPhones that connect back to the corporate network over a secure VPN connection. Which of the following methods would MOST likely be the best method for exploiting these?
-Identify a jailbroken device for easy exploitation
-Use a tool like ICSSPLOIT to target specific vulnerabilities
-Use web-based exploits against the devices web interfaces
-Use social engineering to trick a user into opening a malicious APK
Identify a jailbroken device for easy exploitation
Explanation
OBJ-3.5: When targeting mobile devices, you must first determine if the company uses iPhones or Android-based devices. If they are using an iPhone, it becomes much more difficult to attack since iPhone users can only install trusted apps from the App Store. If the user has jailbroken their phone, they can sideload apps and other malware. After identifying a jailbroken device, you can use social engineering to trick the user into installing your malicious code and then take control of their device.
