C394_IT APPLICATIONS_TEST

What is it referred to in Performance Monitor where you can create log files? A) Counter Logs B) Trace Logs C) Data Collector Sets D) Objects

"C) Counter Logs allow you to collect statistics about resources, such as memory, disk, and processor. These can be used to determine system health and performance. Trace Logs can collect statistics about services, providing you with detailed reports about resource behavior. In essence, trace logs provide extensions to the Event Viewer logging data that would otherwise be inaccessible. In Performance Monitor, you can create log files, referred to as Data Collector Sets, to record information for viewing at a later date. Objects have counters representing different performance statistics and there can be multiple instances of the same type of object.

What category of user groups is given a standard set of rights that allows them to perform appropriate system tasks? A) Built-in Local Groups B) Administrators C) Guests D) Power Users

A) Built-in local groups are given a standard set of rights that allow them to perform appropriate system tasks. An Administrator account can perform all management tasks and generally has very high access to all files and other objects in the system. The Guests group has only limited rights; for example, members can browse the network and Internet and shut down the computer but cannot save changes made to the desktop environment. The Power Users group still appears to support legacy applications, but its use is strongly deprecated. The rights allocated to this account type can be abused to allow the user to obtain more powerful Administrator or System privileges.

Once a system has been cleaned then the appropriate steps need to be taken to prevent re-infection. What is it called when the Anti-Virus (A-V) software intercepts an Operating System (OS) call to open a file and scans the file before allowing or preventing it from being opened? A) Configuring On-access Scanning B) Configuring Scheduled Scans C) DNS Configuration D) Software Firewalls

A) Configuring on-access scanning means that the A-V software intercepts an OS call to open a file and scans the file before allowing or preventing it from being opened. This reduces performance somewhat but is essential to maintaining effective protection against malware. Configuring scheduled scans is supported by all security software. These scans can impact performance, however, so it is best to run them when the computer is otherwise unused. Symantec Endpoint Protection performs an "Active Scan" at startup, but the user can define any type of scan to run to a schedule of the user's own choosing. DNS spoofing allows attackers to direct victims away from the legitimate sites they were intending to visit and towards fake sites. As part of preventing re-infection, you should inspect and re-secure the DNS configuration. You should inspect the firewall policy to see if there are any unauthorized changes. Consider resetting the policy to the default.

What is a system maintenance task that enables you to store copies of critical data for safekeeping? A) Data restoration B) Disaster Recovery Plan (DRP) C) Recovery image D) Data backup

A) Data restoration is a system recovery task that enables you to access the backed-up data. Restored data does not include any changes made to the data after the backup operation. A disaster could be anything from a fairly trivial loss of power or failure of a minor component to man-made or natural disasters, such as fires, earthquakes, or acts of terrorism. An organization sensitive to these risks will develop an effective, documented Disaster Recovery Plan (DRP). A custom recovery image contains the current state of operating system files, plus all of the desktop applications installed to the boot partition. An image can be used to restore the (Operating System) OS and any critical applications to a workstation or Virtual Machine (VM) in one step. Data backup is a system maintenance task that enables you to store copies of critical data for safekeeping. Backups protect against loss of data due to disasters such as file corruption or hardware failure.

In an organization, which physical configuration is a means of establishing a more secure network? A) Demilitarized Zone (DMZ) B) Universal Plug and Play (UPnP) C) Port Triggering D) Whitelists/Blacklists

A) In an organization, a Demilitarized Zone (DMZ) is a means of establishing a more secure configuration. The idea of a DMZ is that hosts placed within it are untrusted by the local network zone. Services that require complex firewall configuration can use the Universal Plug and Play (UPnP) framework to send instructions to the firewall with the correct configuration parameters. Port Triggering is used to set up applications that require more than one port. Whitelists/blacklists are not physical configurations, but are firewall settings that work on the basis of blacklisting URLs that are known to harbor a particular type of content, whereas whitelisting a site means that it will be accessible even if a filter is applied.

Which of the following means to use a network protocol to prioritize certain types of traffic over others? A) Quality of Service (QoS) B) Network Interface Card (NIC) C) Roaming Aggressiveness D) Transmit Power

A) Quality of Service (QoS) means using a network protocol to prioritize certain types of traffic over others. Enterprise networks can use QoS protocols to make sure traffic such as Voice over IP calling or video conferencing is given higher priority than traffic where the timing of packets is less important, such as ordinary file downloads. The NIC joins a network by connecting the network adapter to a switch or wireless access point. For proper end user device configuration, the card settings should be configured to match the capabilities of the network appliance. Roaming Aggressiveness is when the adapter starts to move out of range of one access point; it might try to connect to another one with a better signal. Transmit Power sets the radio power level. It is typically set to the highest possible by default.

Windows is commercial software, meaning it must be paid for. A condition of installing Windows is accepting the End User License Agreement (EULA). Microsoft requires you to activate Windows when you install it, which helps them to verify that you are not breaking the terms of the license. What license would be used for personal use and may be transferred between computers but may only be installed on one computer at any one time? A) Retail B) Original Equipment Manufacturer (OEM) C) Volume D) Server

A) Retail is personal licenses that are subdivided into Full and Upgrade versions of software. The software may be transferred between computers but may only be installed on one computer at any one time. Upgrade versions require a valid license and setup media for a qualifying upgrade product. Original Equipment Manufacturer (OEM) is for pre-installed versions of Windows sold with new PCs. The license is not transferable and the software may not be installed on a different PC. Volume is enterprise licenses that are schemes to simplify license administration in larger organizations and businesses. A server license is different from licensing desktop software. As well as a license for the software installed on the server, Client Access Licenses (CAL) are required, based on the number of clients accessing the software services. CALs can be sold per server (limiting the number of simultaneous accesses) or per seat (specifying each unique device or user).

What is the concept in IT security described as the likelihood and impact (or consequence) of a threat actor exercising a vulnerability? A) Risk B) Vulnerability C) Threat D) Social Engineering

A) Risk is the likelihood and impact (or consequence) of a threat actor exercising a vulnerability. Vulnerability is a weakness that could be triggered accidentally or exploited intentionally to cause a security breach. Threat is the potential for a threat agent or threat actor (something or someone that may trigger a vulnerability accidentally or exploit it intentionally) to "exercise" a vulnerability (that is, to breach security). The path or tool used by the threat actor can be referred to as the threat vector. Social engineering refers to the means of getting users to reveal confidential information about the security system or allowing some sort of access to the organization that should not have been authorized.

What allows the user to shut down applications that are not responding? A) Task Manager B) Service C) Default Program D) Program and Features

A) Task Manager allows the user to shut down applications that are not responding. A Service is a Windows process that does not require any sort of user interaction and so it runs in the background. Services provide functionality for many parts of the Windows OS, such as allowing logon, browsing the network, or indexing file details to optimize searches. Use the Default Programs applet to set the programs you wish to use for particular tasks or to configure individual file associations. Program and features allows you to uninstall a program or add or remove component features of software such as Microsoft Office.

Password protection policies mitigate against the risk of attackers being able to compromise an account and use it to launch other attacks on the network. What are some examples that are used by Windows? (Select all that apply.) A) User cannot change password B) Minimum password length C) Enforce password history/Minimum password age D) Password must meet complexity requirements

ABCD) The user account setting stops the user from changing his or her account password. A minimum acceptable password length is specified. The setting to enforce password history/minimum password age specifies that a unique password must be used when the user changes the password. The system remembers up to 24 previously used passwords, so the minimum password age must be set to a value of 1 (day) or greater to make the policy effective; otherwise, users can quickly cycle through a number of passwords to get back to choosing an old favorite. Password complexity requirements usually include no using the username within a password, as well as having a combination of at least six upper/lower case alpha-numeric and non-alpha numeric characters. Note that this only applies when passwords are created or changed. Existing passwords are not tested against this policy.

If an attacker is able to gain access to a smartphone or tablet, they can obtain a huge amount of information and the tools with which to launch further attacks. It is imperative that data stored on the device be encrypted and access to the device be protected by a screen lock. What types of screen locks provide biometric authentication? (Select all that apply.) A) Fingerprint sensor B) Passcode C) Face lock D) Pattern locks

AC)

What is the folder permission that can create new folders and files, change attributes, view permissions and ownership, but not delete? A) Read B) Write C) Read & Execute D) Modify

B) Read is the folder permission that allows you to view files and subfolders including their attributes, permissions, and ownership but the file permission can read contents of the file and view attributes, ownership, and permissions. The folder permission Write creates new folders and files, changes attributes, views permissions and ownership but as a file permission can overwrite the files and view attributes, ownership, and permissions. The folder permission Read & Execute is a pass-through folder for which no permissions are assigned, plus read and list permissions but as a file permission can read permissions, plus has the ability to run applications. The folder permission Modify does what Read & Execute and Write permissions do, as well as it has the ability to rename and delete the folder but as a file permission can read/execute and write permissions, as well as it has the ability to rename and delete the file.

What type of security software is designed to monitor the permissions allocated to apps and how they are using (or abusing) them? A) Firewall Apps B) Anti-virus Apps C) App Scanner D) Patches

C)Firewall apps for mobile devices can be used to monitor app activity and prevent connections to particular ports or IP addresses. One issue for firewalls is that they must be able to control other apps and therefore logically work at a higher permission level. Anti-Virus apps have become popular in the Android app market especially after some publicized cases of viral infection on Android devices. App Scanners is a class of security software that is designed to monitor the permissions allocated to apps and how they are using (or abusing) them. Patches are what you use to keep a mobile OS and its apps up-to-date. It is as critical on a mobile OS as it is on a desktop computer.

There can be many different symptoms of malware infection. What is the symptom called when the computer is slow or "behaving oddly"? A) Application Crashes and Service Problems B) File System Errors and Anomalies C) Event Viewer D) Performance Symptoms

D) Application crashes and service problems is when the security related application, such as antivirus, firewall, and Windows update stop working. You might also notice that applications or Windows tools stop working or crash frequently. A "red flag" for malware infection is changes to system files and/or file permissions. You can use Event Viewer to check the system, application, and security logs in detecting malware that is attempting to remain concealed. High numbers of audit failures in the security log or unexpected Windows Installer events are the types of things that warrant further investigation. Performance symptoms is when the computer is slow or "behaving oddly". When this happens, you should suspect a malware infection.

What is the science of collecting evidence from computer systems to a standard that will be accepted in a court of law? A) Latent B) Incident C) Whistleblower D) Forensics

D) Latent means that the evidence cannot be seen with the naked eye; rather, it must be interpreted using a machine or process. Like DNA or fingerprints, digital evidence is mostly latent. An incident is any event that breaches security policy. Of course, this covers a huge number and variety of different scenarios. An employee (or ex-employee) who reports misconduct is referred to as a whistleblower. Forensics is the science of collecting evidence from computer systems to a standard that will be accepted in a court of law. It is highly unlikely that a computer forensic professional will be retained by an organization so such investigations are normally handled by law enforcement agencies.

What is the practice of monitoring, obtaining, evaluating, testing and deploying fixes and updates? A) OS Updates B) Disk Defragmenter C) Check Disk D) Patch Management

D) OS Updates is the process involved in performing updates in different operating systems. The Disk Defragmenter reorganizes a drive to store information relating to each file in contiguous sectors of the disk. The Disk Defragmenter can also move data to the start of the disk, leaving a single free area of disk for use by new files. The Check Disk Windows utility checks the integrity of disks and can repair any problems detected. Patch management is an important maintenance task to ensure that PCs operate reliably and securely. Patch Management is the practice of monitoring, obtaining, evaluating, testing and deploying fixes and updates.

The use of encryption and other digital security techniques provides users with three important security requirements on computer networks: confidentiality, integrity, and availability. What are the principal types of cryptographic technology? (Select all that apply.) A) Public Key Infrastructure (PKI) B) Cryptographic Hashes C) Asymmetric Encryption D) Symmetric Encryption

"BCD) Asymmetric Encryption is an important part of Public Key Infrastructure (PKI). PKI is a solution to the problem of authenticating subjects on public networks. Under PKI, users or server computers are validated by a Certificate Authority (CA), which issues the subject a digital certificate. A cryptographic hash is a principal type of cryptographic technology that makes it impossible to recover the original string from the hash value. This technique can be used to prove that a message has not been tampered with (integrity). Asymmetric Encryption is a principal type of cryptographic technology that if a public key is used to encrypt data, only a mathematically related private key can be used to decrypt it. Symmetric Encryption is a principal type of cryptographic technology where a single secret key is used to both encrypt and decrypt data. The secret key is so-called because it must be kept secret. If the key is lost or stolen, the security is breached."

What displays summary information about the computer, including the processor type and installed Random Access Memory (RAM), plus the Windows edition, product key, and activation status? A) Remote Settings B) System Protection C) System Properties D) System Restore

"C) The Remote Settings tab enables (or disables) connections to the local PC from another PC on the network. There are two types of remote connections, Remote Assistance and Remote Desktop. The System Protection tab provides options for configuring the System Restore feature. The System Properties home page displays summary information about the computer, including the processor type and installed RAM, plus the Windows edition, product key and activation status.

Malware often targets the web browser. What is it called when the user tries to open one page but gets sent to another? A) Redirection B) Rootkits C) Hoax virus alerts D) Rogue antivirus

A) A Redirection is where the user tries to open one page but gets sent to another. Often this may imitate the target page. In adware, this is just a blunt means of driving traffic through a site, but spyware may exploit it to capture authentication details. Rootkits are used to scan other hosts for weaknesses and launch Denial of Service (DoS) attacks against networks. Most ISPs monitor the user of scanning tools and will warn you if they detect their use coming from your IP address. Hoax virus alerts are quite common, they are often sent as mass emails as a prank. Most advise you to forward the "alert" to everyone in your address book. Some hoax virus alerts describe a number of steps that you "must take" to remove the virus, following these steps may cause damage to your computer. A Rogue antivirus is a particularly popular way to disguise a Trojan.

When the user wants to finish using Windows, simply disconnecting the power runs a risk of losing data or corrupting system files. There are various choices for closing or suspending a session. Which choice below will save the current session to disk before powering off the computer? A) Hibernate B) Shut down C) Log off D) Standby/Sleep

A) Choosing to hibernate saves the current session to disk before powering off the computer. Choosing to shut down will close all open programs and services before powering off the computer. The user should save changes in any open files first but will be prompted to save any open files during shut down. Choosing to log off will close all open programs and services started under the user account but leave the computer running. Choosing to standby/sleep saves the current session to memory and puts the computer into a minimal power state.

What is the software component that provides the core set of operating system functions and is the core of Linux? A) Kernel B) Red Hat/CentOS C) SUSE (Software und System Entwicklung) D) Debian/Ubuntu

A) Kernel is the software component that provides the core set of operating system functions and is the core of Linux. Red Hat/CentOS distribution is a stable, predictable, manageable and reproducible platform derived from the sources of Red Hat Enterprise Linux (RHEL). Red Hat/CentOS is the most commercially successful distribution. SUSE is a commercial distribution of Linux originally developed in Germany, the company was bought out by US networking company Novell. Debian/Ubuntu is one of the many volunteer-driven distributions. Ubuntu is one of the most widely used versions of Debian.

Like any other computer, mobile devices can have their own issues that need diagnosing and fixing. What is one of the common issues that usually happens when the user has set the backlight to its lowest setting? A) Dim Display B) Touchscreen Unresponsive C) External Monitor Issues D) Sound Issues

A) One of the most common issues is a dim display. This usually happens when the user has set the backlight to its lowest setting or the phone is set to conserve power by auto dimming the light. If the touchscreen is unresponsive or does not register touches at the correct coordinates, first check for obvious hardware issues. If a screen protector is fitted, check that it is securely adhered to the surface and that there are no bubbles or lifts. A soft reset will usually fix the problem in the short term. If the problem is persistent, either try to identify whether the problem is linked to running a particular app or try freeing space by removing data or apps. Screen sharing can be enabled via an adapter cable. If there is a problem, you should try to rule out a bad cable. If no sound is playing from the device speakers, first check that the volume controls are not turned all the way down and that the mute switch is not activated. Next verify that the device is not in a silent/no interruptions mode.

What windows performance management tool displays a log of "System Stability" events, so you can see at a glance whether a particular application has stopped responding frequently? A) Reliability Monitor B) Task Manager C) Resource Monitor D) Performance Monitor

A) Reliability Monitor displays a log of "system stability" events, so you can see at a glance whether a particular application has stopped responding frequently. Task Manager is where you can monitor utilization statistics in real time. Resource Monitor shows an enhanced version of the sort of snapshot monitoring provided by Task Manager. You can see graphs of resource performance along with key statistics, such as threads started by a process or hard page faults/second. Performance Monitor is used to configure detailed reports on different system statistics and log performance over time.

"What is the file extension for PowerShell? A) .ps1 B) .bat C) .sh D) .py"

A) The file extension for PowerShell is .ps1. Windows PowerShell enables you to perform management and administrative tasks in Windows 7 and later. It is fully integrated with the operating system and supports both remote execution and scripting. The file extension for Windows batch file is .bat. Batch files are a collection of command-line instructions that you store in a .BAT file. You can run the file by calling its name from the command-line, or double clicking the file in File Explorer. The file extension for Linux shell script is .sh. In Linux, a shell script is the equivalent of a Windows batch file. A shell script is a file that contains a list of commands to be read and executed by the shell. The file extension for Python is .py. Python is a general-purpose programming language that can be used to develop many different kinds of applications. It is designed to be easy to read and a program using much fewer lines of code when compared to other programming languages.

There are several steps when configuring folder redirection. Which of these steps is the second thing to do, according to Microsoft's suggested order? A) Create a network file share to use for folder redirection. B) Create a security group for folder redirection and add group members. C) Configure Offline Files for folder redirection. D) Create a folder redirection group policy object.

A) The second step in configuring folder redirection is to create a network file share to use for folder redirection. The first step in configuring folder redirection is to create a security group for folder redirection and add group members. The fourth step in configuring folder redirection is to configure Offline Files for folder redirection. The third step in configuring folder redirection is to create a folder redirection group policy object.

How can door locks be categorized? (Select all that apply.) A) Deadbolt B) Electronic C) Conventional D) Token-based

ABCD) Deadbolt is a door lock that is a bolt on the frame of the door, separate from the handle mechanism. Electronic is a door lock that is operated by entering a PIN on an electronic keypad. This type of lock is also referred to as cipher, combination, or keyless. Conventional is a door lock that prevents the door handle from being operated without the use of a key. More expensive types offer greater resistance against lock picking. Token-based is a smart door lock that may be opened using a magnetic swipe card or feature a proximity reader to detect the presence of a wireless key fob or one-time password generator (physical tokens) or smart card.

Respect means that you treat others (and their property) as you would like to be treated. What are some elements of respect? (Select all that apply.) A) Avoid Distractions B) Prioritize Work C) Respect for Property and Confidentiality D) Cultural Sensitivity

ABD) Avoiding distractions is an element of respect. Do not allow interruptions when you are working at a customer's site. Do not take calls from colleagues unless they are work related, urgent, and important. Do not take personal calls or respond to texts or posts on social media. Prioritizing work is an element of professionalism. Time is an invaluable factor in the service industry because workload usually outweighs staff resources. Respect for property and confidentially is an element of respect. Cultural Sensitivity is an element of respect which means being aware of customs and habits used by other people. It is easy to associate culture simply with national elements, such as the difference between the way Americans and Japanese greet one another. Within each nation, there are many different cultures, created by things such as social class, business opportunities and leisure pursuits.

There are different guidelines when troubleshooting mobile app issues. What can be caused by newer apps requiring more resources than are available, reduced battery life, and lack of free storage space? A) Battery Life B) Slow Performance C) App Log Errors D) Apps Not Loading

B) Battery life degrades over time. Keep the OS up-to-date to ensure optimum operations and battery life conservation. CPU and GPU intensive apps such as games and video playback will drain the battery quickly. Slow performance can be caused by newer apps requiring more resources than are available, reduced battery life, and lack of free storage space. Check that recently installed apps are functioning correctly and are not running in the background. Examine app log files to determine if the issue can be tracked down in the log file. If an app is not loading, verify that it wasn't installed on a memory card that is not in the mobile device. Verify that the app is not corrupted; uninstall and reinstall the app.

The Event Viewer displays each line or item in the source log file as an event and categorizes each event. What type of event may indicate future problems, such as when the system runs low on disk space? A) Information B) Warning C) Error D) Failure Audit

B) In the Event Viewer, the Information event describes successful operations such as a driver or service starting or a document printing. In the Event Viewer, the Warning event indicates future problems such as when the system runs low on disk space. In the Event Viewer, the Error event is when there are significant problems such as service failures and device conflicts. In the Event Viewer, the Failure Audit event is when there are security access attempts that were unsuccessful. This may indicate a possible security breach or simply a user mistyping a password.

Accounts can be managed at the command line using the net user command. What example disables the dmartin account? A) Net user dmartin Pa$$w0rd/add/fullname "David Martin"/logonpasswordchg:yes B) Net user dmartin/active:no C) Net user dmartin D) Net localgroup Administrators dmartin/add

B) The command Net user dmartin, Pa$$word/add/fullname:"David Martin"/logonpasswordchg:yes, is an administrative command prompt that will add a new user account and forces the user to choose a new password at first login. The correct answer is, Net user dmartin/active:no, an administrative command prompt that will disable the dmartin account. The command, Net user dmartin, is an administrative command prompt that shows the properties of the dmartin account. The command, Net localgroup Administrators dmartin/add, is a command prompt that is used for adding the dmartin account to the Administrators local group.

What is the most prevalent physical hazard that computer technicians face? A) Fuses B) Equipment Grounding C) Electrical Hazards D) High Voltage Device

C) An electrical device must be fitted with a fuse appropriate to its power output. A fuse blows if there is a problem with electrical supply, breaking the circuit to the power source. Electrical equipment must be grounded. If there is a fault that causes metal parts in the equipment to become live, a ground provides a path of least resistance for the electrical current to flow away harmlessly. Most computer products are connected to the building ground via the power plug. However, the large metal equipment racks often used to house servers and network equipment must also be grounded. Do not disconnect the ground wire. It has to be removed, make sure it is replaced by a competent electrician. The most prevalent physical hazards that computer technicians face are electrical hazards. Electricity is necessary to run a computer, but it can also damage sensitive computer equipment, and in some cases, pose a danger to humans. Most of the internal circuitry in a computer is low voltage and low current, so there is not much of a threat to your personal safety.

Which of the following means identifying all components of the information and communications technology infrastructure properties? A) Change Management B) IT Infrastructure Library (ITIL) C) Configuration Management D) Baseline

C) Change management means putting polices in place to reduce the risk that changes to these components could cause service disruption (network downtime). IT Infrastructure Library (ITIL) is a popular documentation of good and best practice activities and processes for delivering IT services. Configuration management means identifying all components of the information and communications technology infrastructure and their properties. Baseline is a fundamental concept in configuration management. The baseline represents "the way it was." A baseline can be a configuration baseline (the ACL applied to a firewall, for instance) or a performance baseline (such as the throughput achieved by a server).

Which standard file system does Windows use to support multisession writing for optical media? A) FAT (File Application Table) 32 B) FAT (File Application Table) 16 C) UDF (Universal Disk Format) D) CDFS (Computer Disk File System)

C) File Application Table (FAT) 32 has a 32 bit allocation table. It supports larger volumes than FAT16. A File Application Table (FAT) 16 system does not support the recovery or security features of New Technology File System (NTFS). The maximum file size is the volume size minus 1 byte. Its only significant feature is that it is compatible with all Microsoft operating systems plus macOS and Linux, and therefore ideal in a multiboot environment or for removable media that must be shared between different operating systems. The Universal Disk Format (UDF or ISO 13346) is a standard Windows file system for optical media with support for multisession writing. The Computer Disk (CD) File System (CDFS or ISO 9660) is a legacy file system used for CD optical disk media (CD-Rom and CD-R).

What is the second step that CompTIA has identified as best practice for malware removal? A) Schedule scans and run updates. B) Identify and research malware symptoms. C) Quarantine infected systems. D) Remediate infected systems.

C) Schedule scans and run updates is the fifth step in the best practice procedure for malware removal. All security supports scheduled scans. These scans can impact performance, however, so it is best to run them when the computer is otherwise unused. Identify and research malware symptoms is the first step in the best practice procedure for malware removal. There are several websites dedicated to investigating the various new attacks that are developed against computer systems. Quarantine infected systems is the second step in the best practice procedure of malware removal. Malware such as worms propagate over networks. This means that one of the first actions should be to disconnect the network link. Infected files could have been uploaded to network servers or cloud services, though these systems should have server-side scanning software to block infected files. Remediate infected systems is the fourth step in the best practice procedure for malware removal. This can consist of using antivirus software to try to remove the infection, quarantining the file, erasing the file, or ignoring the threat in case of a false positive.

Which ipconfig switch and arguments forces a Dynamic Host Configuration Protocol (DHCP) client to renew the lease it has for an Internet Protocol (IP) address? A) ipconfig/all B) ipconfig/release AdapterName C) ipconfig/renew AdapterName D) ipconfig/displaydns

C) The ipconfig switch and argument ipconfig/all displays detailed configuration, including DHCP and Domain Name System (DNS) servers, MAC address, and NetBIOS status. The ipconfig switch and argument ipconfig/release AdapterName releases the IP address obtained from a DHCP server so that the network adapter(s) will no longer have an IP address. The ipconfig switch and argument ipconfig/renew AdapterName forces a DHCP client to renew the lease it has for an IP address. The ipconfig switch and argument ipconfig/displaydns displays the DNS resolver cache. This contains host and domain names that have been queried recently. Caching the name to IP mappings reduces network traffic.

In Linux, if you want to run a batch of commands or a script to perform a backup or other maintenance task what is the scheduling service called? A) Task Scheduler B) Finder C) Cron D) Time Machine

C)Task Scheduler is a Windows tool that sets tasks to run at a particular time. Using the Finder window in Time Machine, you can find the folder with file (or files) that you want to restore. Cron is the scheduling service in Linux when you want to run a batch of commands or a script to perform a backup or other maintenance task. Time Machine utility enables data to be backed up to an external, attached drive. Time Machine keeps hourly backups for the past 24 hours, daily backups for a month and weekly backups for all previous months.

Which Secure Shell (SSH) method is when a client submits credentials that are verified by the SSH server either against a local user database or using an authentication server? A) Kerberos B) Host-based authentication C) Public Key authentication D) Username/Password

D) Kerberos allows Single Sign On (SSO) on a network that runs the Kerberos authentication protocol. Windows Active Directory domain networks use Kerberos. Host-based authentication is when the server is configured with a list of authorized client public keys. The client requests authentication using one of these keys and the server generates a challenge with the public key. The client must use the matching private key it holds to decrypt the challenge and complete the authentication process. This provides non-interactive login but there is considerable risk from intrusion if a client host's private key is compromised. Public key authentication cannot be used with fine-grained access controls as the access is granted to a single user account. The same sort of public key authentication method can be used for each user account. The user's private key can be configured with a passphrase that must be input to access the key, providing an additional measure of protection compared to host-based authentication. Username/password is when the client submits credentials that are verified by the SSH server either against a local user database or using an authentication server.

In Windows 7, which task management tool do you select to view connectivity resource usage? A) Networking B) Performance C) Users D) Processes

B) The Networking tab shows the status and utilization of the network adapter(s). Utilization is expressed as a percentage, so if the link is 10 Gbps, 10% utilization shows that the computer is transferring about 1 Gbps currently. The Performance tab is used to view resource usage. The Users tab shows who is logged on to the machine. An Administrator can disconnect or log off other users or send them a notification. On the Processes tab, you can expand each app or background process to view its sub-processes and view more clearly what resources each is taking up.

Which of the following refers to capturing and reading data packets as they move over the network? A) MAC (Media Access Control) Flooding B) ARP (Address Resolution Protocol) Poisoning C) Man-in-the-Middle (MITM) D) Eavesdropping

D) MAC Flooding is the kind of attack that overloads the switch's MAC cache, referred to as the Content Addressable Memory (CAM) table, using a tool such as Dsniff or Ettercap to prevent genuine devices from connecting and potentially forcing the switch into "hub" or "flooding" mode. ARP poisoning is the kind of attack where the attacker poisons the switch's ARP table with a false MAC-IP address mapping, typically allowing the attacker to masquerade as the subnet's default gateway. A Man-in-the-Middle (MITM) attack is another specific type of spoofing attack where the attacker sits between two communicating hosts and transparently monitors, captures, and relays all communication between them. Eavesdropping refers to capturing and reading data packets as they move over the network. When an attacker has gained access to the network, the attacker can use a packet sniffer such as Wireshark to capture live network traffic.

What app can be used to verify or repair a disk or file system in macOS? A) Disk Utility B) Patch Management C) Windows Update D) Package Manager

A) The Disk Utility app can be used to verify or repair a disk or file system. It can also be used to erase a disk with security options in case you are selling or passing on a Mac. Patch Management is an important maintenance task to ensure that PCs operate reliably and securely. Windows update is a website hosting maintenance updates for different versions of Microsoft Windows. To manage updates and software in Linux, the package manager needs to be configured with the web address of the software repository that you want to use.

The validity of the whole access control system depends on the credentials for an account being known to the account holder only. What is the format of the credentials called? A) Authentication factor B) BIOS (Basic input/output system )/UEFI (Unified Extensible Firmware Interface) Passwords C) Key fob D) Two-factor authentication

A) The format of the credentials is called an authentication factor. There are many different authentication factors. They can be categorized as something you know (such as a password), something you have (such as smart card), or something you are (such as a fingerprint). A system user password is one that is required before any operating system can boot. The system password can be configured by the BIOS or UEFI firmware setup program. A BIOS user password is shared by all users and consequently very rarely configured. A key fob generates a random number code synchronized to a code on the server. The code changes every 60 seconds or so. This is an example of a one-time password. Two-factor authentication combines something like a smart card or biometric mechanism with "something you know," such as a password or PIN.

Which of the following can give an external user system-level access to a mobile device? A) Unauthorized root access B) Unauthorized location tracking C) Unauthorized camera usage D) Unintended Bluetooth pairing

A) Unauthorized root access can be exploited on a mobile phone via multiple vulnerabilities. Root is an account with system-level access that can perform all types of changes and actions on the phone without the owner noticing. Unauthorized location tracking can give sensitive information to third-party applications as soon as the app is installed by the mobile phone user. Some applications do not explain why location tracking is needed. Unauthorized camera usage, although it can be exploited via root access, typically targets specific phone functions like a camera or microphone without accessing other parts of the phone. Unintended Bluetooth pairing is when anonymous devices can pair with Bluetooth-enabled devices. This may be unintentionally enabled by the mobile phone owner.

Which edition of Windows 10 is designed for small and medium-sized businesses and comes with networking and management features designed to allow network administrators more control over each client device? A) Windows 10 Pro B) Windows 10 Home C) Windows 10 Enterprise/Windows 10 Enterprise (Long Term Channel) D) Windows 10 Education/Pro Education

A) Windows 10 Home is designed for domestic consumers and Small Office Home Office (SOHO) business use. The home edition cannot be used to join a Windows domain network. Windows 10 Pro is designed for small and medium-sized businesses. Windows 10 Enterprise/Windows 10 Enterprise (Long Term Channel) are similar to the Pro edition but designed for volume licensing by medium and large enterprises. Windows 10 Education/Pro Education are variants of the Enterprise and Pro editions designed for licensing by schools and colleges.

A Small Office Home Office (SOHO) Local Area Network (LAN) is a business-oriented network. Which of these are common SOHO network hardware? (Select all that apply.) A) Modem B) Router C) Switch D) Access Point

ABCD) A modem is a common SOHO network hardware that connects to the service provider cabling and transfers frames over the link. The modem type must be matched to the network type. A router is a common SOHO network hardware that forwards packets over the WAN (Internet) interface if they do not have a local destination IP address. Some appliances may provide the ability to configure local subnets, though this is not typical of the devices supplied by the service providers. A switch is a common SOHO network hardware that allows local computers and other host types to connect to the network via RJ-45 ports. This will be an unmanaged switch, so no configuration is necessary. An access point is a common SOHO network hardware that allows hosts to connect to the network over Wi-Fi.

What actions may a technician utilize when troubleshooting a problematic mobile device? (Select all that apply.) A) Close running apps B) Uninstall apps C) Try a soft reset D) Perform a factory default reset

ABCD) Close running apps that are consuming too much power and draining the battery or those that are unresponsive. Both iOS and Android show a "multitasking" list of apps that the user has opened. However, this multitasking list doesn't actually mean that the app is loaded into memory. In Android you can remove an app from the list by pressing the multitasking button then swiping the app left or right off the screen. Uninstall apps that are no longer needed or reinstall apps after replacing a device or after previously uninstalling an app. To uninstall an iOS app, tap and hold it until it wiggles, then press the X icon and confirm by pressing Delete. Try a soft reset for devices that are frozen or unresponsive. If that doesn't work, use a forced restart. A factory default reset removes all user data, apps and settings, and can be used as a last resort to fix a device.

When selecting, installing, and configuring software applications, which compatibility and security concepts need to be considered? (Select all that apply.) A) OS Requirements B) System Requirements C) Installation and Deployment Options D) Permissions and Other Security Considerations

ABCD) OS requirements is something to consider. You cannot purchase software for macOS and then run it on Windows. Additionally, a software application might not be supported for use under new operating systems. System requirements refer to the PC specification required to run the application. Some applications, such as 3D games, may have high requirements for the CPU and GPU. Installation and deployment options is that most applications are installed from a set up file. The setup file packs the application's executable(s), configuration files, and media files within it. Permissions and other security considerations need to be considered when selecting, installing and configuring software applications.

What sets out procedures and guidelines for dealing with security incidents? Select all that apply. A) Incident Response Policy B) Security Incident C) Security Incident Handling Lifecycle D) Chain of Custody

AC) An incident response policy sets out procedures and guidelines for dealing with security incidents. The actions of staff immediately following detection of an incident can have a critical impact on these aims, so an effective policy and well-trained employees are crucial. A security incident could be one of a wide range of different scenarios, such as: finding prohibited material on a PC, illegal copies of copyrighted material, obscene content, or a confidential document that the user should not have access to. The NIST Computer Security Incident Handling Guide special publication SP800-61 identifies the following stages in an incident response lifecycle: Preparation, Detection/Analysis, Containment/Eradication/Recovery, and Post-Incident Activity. A Chain of Custody form records where, when, and who collected the evidence, who has handled it subsequently, and where it was stored.

What are the two main approaches to performing an attended installation? (Select all that apply.) A) Clean Install B) Verify Installation C) In-place Upgrade D) Check Compatibility

AC) Clean install is one of the approaches to performing an attended installation by installing the OS to a new computer or completely replacing the OS software on an old one. Any existing user data or settings would be deleted during the setup process. Verify installation is a phase of the installation of an operating system which checks logs and completes tests to confirm that installation has succeeded. In-place upgrade is one of the approaches to performing an attended installation by installing on top of an existing version of the OS, retaining applications, user settings, and data files. Check compatibility is a phase of the installation of an operating system that checks the core components of the computer are sufficient to run the OS and that peripheral devices have drivers suitable for use with the OS.

What are the two user accounts that are provided by Windows networking? (Select all that apply.) A) Local Accounts B) Active Directory C) Domain Accounts D) Member Servers

AC) Local accounts are one of the user accounts provided by Windows networking. Local accounts are stored in the Local Security Accounts database known as the Security Account Manager (SAM), stored in the registry, as a subkey of HKEY_LOCAL_MACHINE. An Active Directory is not a user account; it is a complex service with many components. Some of the components that you will encounter as an A+ technician include domain controllers, member servers and organizational units. Domain accounts are one of the user accounts provided by Windows networking. Domain accounts are stored in the Active Directory (AD) on a Windows Server Domain Controller (DC). These accounts can be accessed from any computer joined to the domain. Member servers are not user accounts. Member servers are any server based systems that have been configured into the domain, but do not maintain a copy of the Active Directory database and are therefore unable to provide logon services.

What are some proper ways to clean and control the build-up of dust on or within a Personal Computer (PC)? (Select all that apply.) A) Anti-static cloth B) Blowing with your mouth C) Compressed air D) PC vacuum cleaner

ACD) An anti-static cloth can be used to wipe away dust without causing harm to any electrical components. Do not blow away dust with your mouth, as moisture may land on electronic components. Use a compressed air blaster to dislodge dust from difficult to reach areas. Take care with use, however, as you risk contaminating the environment with dust. Use a PC vacuum cleaner or natural bristle brush to remove dust from inside the system unit, especially from the motherboard, adapter cards, and fan assemblies. Use PC-safe vacuum to blow air as well as for suction. These vacuums can replace the need for compressed air canisters for blowing dust out of machines.

There are some non-interactive accounts that users cannot sign into. They are used to run Windows processes and services. Which of these are those accounts? (Select all that apply.) A) LocalSystem B) Network C) LocalService D) NetworkService

ACD) LocalSystem is an account with the same, or in some ways better, privileges as the default Administrator account. A process executed using the LocalSystem account is unrestricted in terms of making changes to the LocalSystem configuration and file system. Network is a system group that contains the user account(s) of any users currently connected to the computer over a network. LocalService is a limited account used to run services that cannot make system-wide changes. LocalService can access the network anonymously. NetworkService is an account that has the same privileges as LocalService

Which of these are firewall settings? (Select all that apply.) A) Port Forwarding B) Create PTR Records C) MAC Filtering D) Content Filtering/Parental Controls

ACD) Port forwarding means that the router takes requests from the Internet for a particular protocol and sends them to a designated host on the Local Area Network (LAN). Port forwarding is possible on a firewall. PTR records are known as pointer records and are created in the reverse lookup zone on a DNS (Domain Naming System) server. This is not a firewall setting. MAC filtering is a firewall setting where firewall, switches and access points can be configured either with whitelists of allowed MACs or blacklists of prohibited MACs. Content filtering/parental controls are firewall settings which block websites and services on the basis of keywords or site rating and classification services.

What policies enforce the use of Access Control List (ACL) and ensure that they are effective? (Select all that apply.) A) Requiring passwords B) Replay attack C) Change default admin user D) Disable guest account

ACD) Requiring passwords is a policy that enforces the use of ACLs (Access Control Lists). When Windows is used for home computers, local user accounts are allowed to be configured without passwords. In a business environment, the security policy will default to requiring the user to sign in with a password. If the token system is not designed securely, any third-party that is able to obtain the token from the user's device or capture it as it is transmitted over the network will be able to act as that user. This is called a replay attack. Change default admin user is a policy that enforces the use of ACLs. It is when you rename default accounts so attackers cannot use known account names to access the system. It can make it harder to "hack" a computer if the identity of the default administrator or root account is concealed. Disable guest account is a policy that enforces the use of ACLs. The guest account allows limited access to Windows but is disabled by default.

If you cannot diagnose a hardware driver or configuration problem via Device Manager, there are other tools you can use to get more information. Which tools are used to get more information? (Select all that apply.) A) Troubleshooting App B) Screen Resolution C) System Information D) DirectX Diagnostic Tool

ACD) Windows is bundled with several automated troubleshooting utilities. These guide you through the process of installing and configuring a device correctly. The troubleshooters are available from Control Panel in Windows 7 or the Settings app in Windows 10. Screen Resolution is not a diagnostic tool it is a personalization setting. It is where you go to adjust the resolution and the color depth of the computer screen. The System Information application provides a Windows interface to some of the configuration information contained in the registry. The DirectX Diagnostic Tool displays a report on the system's DirectX configuration, which determines its ability to support 3D graphics and sound.

The registry is structured as a set of five root keys that contain computer and user databases. Which of the following are root key names? (Select all that apply.) A) HKEY_LOCAL_MACHINE B) REG_BINARY C) REG_DWORD D) HKEY_USERS

AD) HKEY_LOCAL_MACHINE is a root key name that handles hardware information such as bus type, system memory, device drivers, and startup control data. REG_BINARY is a data type that is raw binary data. REG_DWORD is a data type that is data represented by a 4-byte number. Many parameters for device drivers and services are this type and can be displayed in binary, hex, or decimal format. HKEY_USERS is a root key name that contains all actively loaded user profiles, including HKEY_CURRENT_USER, which always refers to a child of HKEY_USERS, and the default profile.

What includes the practices and procedures that govern how an organization will respond to an incident in progress? A) Policy B) Incident Management C) Accident D) Acceptable Use Policy (AUP)

B) A policy is an overall statement of intent. In order to establish the correct working practices, three different mechanisms can be put in place: standard, procedure, and guidelines. Incident management includes the practices and procedures that govern how an organization will respond to an incident in progress. An accident is any instance where a person is injured or computer equipment is damaged due to environmental issues. This pertains to accidents involving hazardous materials, such as chemical spills, that could have an impact on the environment. An Acceptable Use Policy (AUP) sets out what someone is allowed to use a particular service or resource for. Such a policy might be used in different contexts. For example, an AUP could be enforced by a business to govern how employees use equipment and services such as telephone or Internet access provided to them at work.

Which one of the user accounts in macOS can change their own settings, but not those of other users? A) Administrator B) Standard C) Managed with Parental Controls D) Sharing Only

B) Administrator is the user type created when you set up your Mac computer. From this user, additional administrator users or other user types can be created. An administrator user can convert users between standard and administrator user types. The standard user type can change their own settings, but not those of other users. They can also install apps for their own account. Managed with Parental Controls specifies which apps and other content can be accessed by this user type. Sharing Only is a user type to give someone permission to access your shared files or to share your screen. The user cannot log in to the computer and cannot make changes to any settings on the computer.

What types of operating systems (OSs) are designed to run on servers in a business network? A) Business Client B) Network Operating System (NOS) C) Home Client D) Cell Phone

B) Business Client is a type of OS designed to work as a client in business networks. Network Operating System (NOS) is a type of OS designed to run on servers in business networks. Home Client is a type of OS designed to work on standalone or workgroup Personal Computers (PC) in a home or small office.

Windows provides different levels of share permissions. Which one allows the user to edit a file, but does NOT allow the user to set permissions for others? A) Full Control B) Change C) ReadD) Shared Folders

B) Full Control allows users to read, edit, create, and delete files and subdirectories, and assign permissions to other users and groups. Change is similar to full control but does not allow the user to set permissions for others. Read is when users are permitted to connect to the resources, run programs, and view files. They are not allowed to edit, delete, or create files. The Shared Folders snap-in lets you view all the shares configured on the local machine, as well as any current user sessions and open files.

What type of Trojan is a set of tools designed to gain control of a computer without revealing its presence? A) Ransomware B) Rootkits C) Spyware D) Rogueware

B) Ransomware is a type of malware that tries to extort money from the victim. One class of ransomware will display threatening messages, such as requiring Windows to be reactivated or suggesting that the computer has been locked by the police because it was used to view child pornography or for terrorism. Rootkits are a set of tools designed to gain control of a computer without revealing its presence. They are so called because they execute with root or system-level privileges. Spyware is a program that monitors user activity and sends the information to someone else. It may be installed with or without the user's knowledge. Rogueware is the source of one of the few major security incidents to have affected macOS users.

What is a remote access tool that allows a user to ask for help from a technician or co-worker? A) Remote Desktop B) Remote Assistance C) Remote Credential Guard D) Telnet

B) Remote Desktop allows a remote user to connect to a desktop machine. The desktop machine functions as a terminal server and the dial-in machine as a Windows terminal. This allows the remote user to work as though physically connected to the dialed in workstation. Remote Assistance allows a user to ask for help from a technician or co-worker. The "helper" can then connect and join the session with the user. This session can include an interactive desktop, whereby the helper can control the system of the user. If Remote Desktop is used to connect to a machine that has been compromised by malware, the credentials of the user account used to make the connection becomes highly vulnerable. Remote Credential Guard is a means of mitigating this risk. Telnet is not a remote access tool but is a command-line terminal emulation protocol and program.

What is it called when you have two sets of interlocking doors inside a small space, where the first set of doors must close before the second set opens? A) Tailgating B) Mantrap C) Security Guards D) Multifactor

B) Tailgating is a means of entering a secure area without authorization by following close behind the person who has been allowed to open the door or checkpoint. A mantrap is two sets of interlocking doors inside a small space, where the first set of doors must close before the second set opens. If the mantrap is manual, a guard locks and unlocks each door in sequence. Human security guards, armed and unarmed, can be placed in front of and around a location to protect it. They can monitor critical checkpoints and verify identification, allow or disallow access, and log physical entry occurrences. Multifactor is a door lock that may combine different methods, such as a smart card with PIN.

What principal Windows log file holds the audit data for the system? A) System Log B) Security Log C) Application Log D) Setup

B) The System Log is a principal default Windows log file that contains information about service load failures, hardware conflicts, and driver load failures. The Security Log is a principal default Windows log file that holds the audit data for the system. The Application Log is a principal default Windows log file that contains information regarding application errors. There are many other logs stored under the Applications log. You would investigate these when troubleshooting a particular Windows service or third-party application. The Setup is a principal default Windows log file that records events generated during installation.

What network connection uses an analog modem to dial another modem on the Internet Service Provider (ISP) remote access server, which then transfers the data onto the ISP's network and to and from the wider Internet? A) Wireless WAN (Cellular) B) Dial Up C) Virtual Private Network (VPN) D) SOHO (small office/home office)

B) The Wireless WAN (Cellular) internet access refers to using an adapter to link to a cellular phone provider's network via the nearest available transmitter (base station). The Dial Up connection uses an analog modem to dial another modem on the ISP's remote access server, which then transfers the data onto the ISP's network and to and from the wider Internet. A Virtual Private Network (VPN) is a "tunnel" through the Internet. It allows a remote computer to join the local network securely. Most residential and small office networks connect to the Internet via a SOHO "router".

What is the first step in replacing (rather than upgrading) an existing installation? A) Reinstall software applications and utilities. B) Back up data from existing system. C) Restore data from the previous system using the backup you made. D) Install the new OS.

B) The third step in replacing an existing installation is to reinstall software applications and utilities. The first step in replacing an existing installation is to back up data from an existing system. You can use a backup program supplied with the OS or a third-party backup program. The fourth step in replacing an existing installation is to restore data from the previous system using the backup you made. The second step in replacing an existing installation is to install the new OS, overwriting the existing target and optionally reconfiguring the disk partition and file system structure, too.

Document classification determines who can and cannot view restricted information. Many organizations develop classification levels and some follow the guidance provided by the US military/government. What general category restricts viewing only to the owner organization or to third parties under a Non-disclosure Agreement (NDA)? A) Unclassified B) Classified C) Confidential D) Secret

B) Unclassified is the classification level where there is no restrictions on viewing the document. Classified is the classification level where viewing is restricted to the owner organization or to third-parties under a Non-disclosure Agreement (NDA). Confidential is the classification level where the information is highly sensitive, for viewing only by approved persons within the organization (and possibly by trusted third-parties under a NDA). Confidential information should be securely protected for storage transmission. Secret is the classification level when the information is too valuable to permit any risk of its capture. Viewing is severely restricted. Secret should be securely protected for storage and transmission.

Authentication methods are stronger when they are combined. What authentication method means using at least two different methods? A) Authenticator Application B) Multifactor Authentication C) Mobile Device Management (MDM) D) One Time Password (OTP)

B) When you use a new computer or device to access the service, the authenticator application sends a code in the form of a One Time Password (OTP) to your phone. Multifactor Authentication means using at least two different methods to authenticate the user. There are four main types of "factor" describing different authentication methods: something you know, something you are, something you have and somewhere you are. Mobile Device Management (MDM) is a class of enterprise software designed to apply security policies to the use of smartphones and tablets in business networks. A One Time Password (OTP) is supplied when you are using a new computer or device and use the authenticator application. You must then supply the account user name and password and the OTP code to authenticate.

To the left of the menu bar is the Apple menu, represented by the Apple icon. When clicking this icon, what are some of the items found in the "About this Mac" section? Assume the computer is running macOS High Sierra (10.13) or macOS Mojave (10.14). (Select all that apply.) A) The Dock B) Displays C) Storage D) Service

BCD) The dock is at the bottom of the screen and gives one-click access to your favorite apps and files. Displays is a key menu item that shows the current display and its configuration. Click Displays Preferences to change the display resolution of the screen, to calibrate the color settings, or to AirPlay the display to a device such as an Apple TV. Storage is a key menu item that shows the capacity and current usage of the internal hard drive as well as any external drives that are connected to the Mac. Service is a key menu item that will recommend that you follow the instructions and obtain help and support through an Apple Authorized Service Provider.

Logical security refers to controls implemented in software to create an access control system. What functions describe the overall operation of an access control system? (Select all that apply.) A) Availability B) Authentication C) Authorization D) Accounting

BCD)Availability is a property of secure information that means that information is accessible to those authorized to view or modify it. Authentication is one of the functions for the overall operation of an access control system that means one or more methods of proving that user is who she/he says she/he is. Authorization is one of the functions for the overall operation on an access control system that means creating one or more barriers around the resource such that only authenticated users can gain access. Accounting is one of the functions for the overall operation of an access control system that means recording when and by whom a resource was accessed.

A new WiFi router is installed at a customer's home. Which actions can be taken to provide the minimum layer of security while using the latest router features? (Select all that apply.) A) Encryption B) Firmware update C) Service Set ID (SSID) D) Strong Passphrase

BD) Encryption is important, but in most cases, a default encryption method is already set, out of the box. The default encryption allows for quick and immediate use of the router. Updating the device firmware will provide the latest router features and even updated security patches, if applicable. The Service Set ID (SSID) is a name set up on the WiFi router for users to quickly identify and connect to it. The SSID can be broadcast or hidden from public view. A strong passphrase is the minimum layer of security required so that only users with the passphrase can access the WiFi router. This prevents potential hackers from gaining easy access to the Wireless Local Area Network (WLAN).

Select the Windows network type that a system is a member of by default and allows the ability to share resources such as folders, files, and printers. A) Homegroup B) Peer-to-peer network C) Workgroup D) Network and Sharing Center

C) A homegroup is a feature introduced in Windows 7 and continued in Windows 8 to simplify secure access to shared folders and printers on a home network. In a peer-to-peer network, each computer can be both a server and a client. Each user administers his or her PC and the resources on it. Workgroup is a type of network under Windows that a user can decide to give others access to files on his or her PC or to printers that are attached to it. On a private network, you can customize the sharing options to include printers and disable password-protected sharing. These options are configured via the Network and Sharing Center. but can access the network using the computer's machine account's credentials.

What environmental power problem is a complete power failure? A) Surges B) Blackouts C) Spike

C) A surge is an abrupt but brief change in the value of the voltage. It can last from a few billionths of a second to a few thousandths of a second. When a device is turned on that requires very high starting, or inrush, current, the large current surge into the device may cause the available voltage within the locality to dip for a brief period, causing a sag. If a sag lasts for longer than a second, it is often called a brownout. A complete power failure is called a blackout. A blackout may be caused by a disruption to the power distribution grid or may simply happen because a fuse has blown or a circuit breaker has tripped. A spike is a powerful surge, such as that caused by a lightning storm. A surge or spike can be caused by high power devices, such as machinery, being turned on or off.

What is used in a program to access a program element? A) Variable B) Constant C) Identifier D) Environment variable

C) A variable contains a value that can change during the execution of the program. This value might be a text string, a number, or any other data type. A constant is a specific identifier that contains a value that cannot be changed within the program. For example, you might want to reference the numerical value for the screen dimensions or resolution. An identifier is used in a program to access a program element. For example, as a stored value you might assign the identifier FirstName to a stored value that contains a user's first name. An environment variable is a storage location in the environment of the operating system's command shell. For example, when you are entering directory paths as arguments in a script automating some task in Windows, you may not know exactly which locations were chosen for installation.

Which Administrative Tool allows the default management console with multiple snap-ins to configure local users and groups, disks, services, and devices? A) Component Services B) Data Sources C) Computer Management D) Local Security Policy

C) Component Services enables you to register new server applications or reconfigure security permissions for existing services. Data Sources control connections to databases set up on the local computer. Computer Management is the default management console with multiple snap-ins to configure local users and groups, disks, services, devices and so on. Local Security Policy allows you to view and edit the current security policy. A computer that is a member of a domain will have the security settings defined in the domain security policy.

There are several steps that can be taken to reduce the risk and impact of malware. Which one of the following is NOT a step that should be taken? A) Do not allow users to bring in their own software programs. B) Install and use an anti-virus package. C) Always log on with administrative privileges. D) Select antivirus software that scans automatically.

C) Do not allow users to bring in their own software program is one of the steps that can be taken to reduce the risk and impact of malware. If necessary, measures such as removing (or disabling) removable drives can be used. Install and use an anti-virus package is one of the steps that can be taken to reduce the risk and impact of malware. The virus package must be kept up-to-date with updated signatures (or definitions), since viruses are continually being developed and the latest signatures offer the most protection. Always log on with administrative privileges is not one of the steps. You actually should not log in with administrative privileges except where necessary. Limit administrative privileges to a few, selected accounts. Keep passwords for these accounts secure. Select antivirus software that scans automatically is one of the steps that can be taken to reduce the risk and impact of malware. This provides much more reliable protection against web and email attachment threats.

How is a website and program code made trustworthy by proving the site or code author's identity? A) Certificate Authority (CA) B) Root Certificates C) Digital Certificate D) Public Key

C) Most certificates are issued and vouched for by a third-party called a Certificate Authority (CA). The CA adds its own signature to the site certificate. The user can validate the CA's signature, because the CA's root certificate is installed on the computer. The user can validate the CA's signature, because the CA's root certificate is installed on the computer. Root certificates have to be trusted implicitly, so it would be highly advantageous if a malicious user could install a bogus root certificate and become a trusted root CA. Websites and program code are very often made trustworthy by proving the site or code author's identity using a digital certificate. The certificate is a wrapper for the public key in public/private key pair. The public key enables a client to read the certificate holder's signature, created using an encryption mechanism.

There are several approaches to the problem of data remnants on magnetic disks. If a disk can be recycled or repurposed, destruction is obviously not an option so what do you do instead? A) Physical Destruction B) Remnant Removal C) Overwriting/Disk Wiping D) Low Level Format

C) Physical Destruction is when a magnetic disk can be mechanically shredded, incinerated, or degaussed with special machinery. Shredding the disk is grounding it into little pieces, incineration is exposing the disk to high heat to melt its components, and degaussing is exposing the disk to a powerful electromagnet to disrupt the magnetic pattern that stores the data on the disk surface. Remnant Removal refers to decommissioning data storage media, including hard disks, flash drives, tape media, and CDs/DVDs. Overwriting/Disk Wiping software ensures that old data is destroyed by writing to each location on the media, either using zeroes or in a random pattern. Low Level Format tools are when most disk vendors supply tools to reset a disk to its factory condition.

The National Institute of Standards and Technology (NIST) Computer Security Incident Handling Guide special publication SP800-61 identifies several stages in an incident response lifecycle. Which stage is determining whether an incident has taken place and assessing how severe it might be, followed by notification of the incident to stakeholders? A) Post-incident Activity B) Preparation C) Detection and Analysis D) Containment, Eradication, and Recovery

C) Post-incident stage is analyzing the incident and responses to identify whether procedures or system could be improved. It is also imperative to document the incident. Preparation stage is making the system resilient to attack in the first place. This includes hardening systems, writing procedures, and establishing confidential lines of communication. It also implies creating incident response resources and procedures. Detection and Analysis stage determines whether an incident has taken place and assessing how severe it might be, followed by notification of the incident to stakeholders. Containment, Eradication, and Recovery is the stage limiting the scope and magnitude of the incident. The typical response is to "pull the plug" on the affected system, but this is not always appropriate. Once the incident is contained, the cause can then be removed and the system brought back to a secure state.

The rise in consciousness of identity theft as a serious crime and growing threat means that there is an increasing impetus on government, educational, and commercial organizations to take steps to process more information more sensitively and securely. What is the name of the data that can be used to identify, contact, or locate an individual or, in the case of identity theft, to impersonate them. A) Protected Health Information (PHI) B) Payment Card Industry Data Security Standard (PCI DSS) C) Personally Identifiable Information (PII) D) Top Secret

C) Protected Health Information (PHI) refers to medical and insurance records, plus associated hospital and laboratory test results. PHI may be associated with a specific person or used as an anonymized or de-identified data set for analysis and research. There are industry-enforced regulations mandating data security. A good example is the Payment Card Industry Data Security Standard (PCI DSS) governing processing of credit card and other bank card payments. It sets out protections that must be provided if cardholder data-names, addresses, account numbers, and card numbers and expiry dates-is stored. Personal Identifiable Information (PII) is data that can be used to identify, contact, or locate an individual or, in the case of identity theft to impersonate them. A social security number is a good example of PII. Other examples include names, date of birth, email address, telephone number, street address and biometric data. Top Secret is a classification level that is the highest level of classification

Which of the following refer to stealing a password or PIN, or other secure information, by watching the user type it? A) Tailgating B) Impersonation C) Shoulder Surfing D) Pharming

C) Tailgating is a means of entering a secure area without authorization by following close behind the person that has been allowed to open the door or checkpoint. Impersonation is one of the basic social engineering techniques. The classic impersonation attack is for an attacker to phone into a department, claim he/she has to adjust something on the user's system remotely, and get the user to reveal his/her password. Shoulder surfing refers to stealing a password or PIN, or other secure information, by watching the user type it. Despite the name, the attacker may not have to be near the target. The attacker could use high-powered binoculars or CCTV to directly observe the target from a remote location. Pharming is a means of redirecting users from a legitimate website to a malicious one.

What del command switch allows you to suppress prompt on a wildcard delete? A) /p B) /f C) /q D) /s

C) To remove a file from a directory or disk using the del command, the /p switch will prompt a delete for each file. To remove a file from a directory or a disk using the del command, the /f switch will suppress prompt for read-only files. To remove a file from a directory or a disk using the del command, the /q switch will suppress prompt on a wildcard delete. To remove a file from a directory or a disk using the del command, the /s switch will delete files from subdirectories.

Each disk and drive displays status indicators in the Disk Management program. What indicator will show up if the disk is damaged? A) Online B) Not Initialized C) Unreadable D)Foreign

C) When seeing the indicator Online, it means the disk is OK. When seeing the Not Initialized indicator, it means that a new unpartitioned disk was added. A wizard runs, prompting you to initialize, partition and format the disk. When seeing the Unreadable indicator, it means that the disk is damaged. When seeing the Foreign indicator, it means that you configured a disk as dynamic on one computer, then installed the disk in another computer. It will be marked as foreign. Right-click the disk and select Import Foreign Disk to make it accessible to the system.

A user downloads a game from a blogging website and installs it. Unbeknownst to the user, the game also included a hidden keylogger that is now installed on the computer. Malicious software that is disguised as a legitimate software is known as which of the following? A) Worms B) Backdoor C) Trojan Horse D) Spyware

C) Worms are memory resident malware that replicate over network resources. Unlike a virus, a worm is self-contained; that is, it does not need to attach itself to another executable file. Many Trojans function as a backdoor application. Once the Trojan backdoor is installed, it allows the attacker to access the PC, upload files, and install software on it. A Trojan Horse, or simply referred to as a Trojan, is a malicious software that is packaged or disguised as something else that is usually legitimate like a computer game. This malicious software can be a virus, spyware, or a rootkit. Spyware is a program that monitors user activity and sends the information to someone else. A keylogger installed on its own is spyware. In this case, when the keylogger is packaged with a legitimate software, it is then known as a Trojan Horse.

What can you do to your mobile device that will remove all user data, apps and settings? A) Rebooting a mobile device B) Uninstall / Reinstall Apps C) Closing running apps D) Factory Default Reset

D) A reboot can resolve many software-related issues on a mobile device. Users generally leave their mobile devices in a sleep state. Powering the device off closes all applications and clears any data from RAM. Uninstalling an app can solve an issue with an app. Apps can be reinstalled via the store. To uninstall an iOS app, tap and hold it until it wiggles, then press the X icon and confirm by pressing delete. In Android, use Settings-Apps to uninstall or disable apps. If an app is actually unresponsive, it can be closed via the force stop option. In Android, open Settings-Apps. Tap an app, then select the Force Stop option to close it or the Disable option to make it unavailable. In iOS, clearing an app from the multitasking list also force stops it. Double tap the Home button then swipe the app up and off the screen. A factory default reset removes all user data, apps, and settings. The device will either have to be manually reconfigured with a new user account and apps reloaded, or restored from a backup configuration.

If a mobile device is lost or stolen, there are mechanisms to recover it and to prevent any misuse or loss of data stored on the device. What physical technology are most smartphones and many tablets equipped with that can determine a receiver's position on the Earth based on information received from satellites? A) Indoor Positioning Systems (IPS) B) Geotracking C) Location applications D) Global Positioning System (GPS)

D) As GPS requires line-of-sight, it does not work indoors. Indoor Positioning Systems (IPS) work out a device's location by triangulating its proximity to other radio sources, such as Wi-Fi access points or Bluetooth beacons. Knowing the device's position is known as geotracking. This allows app vendors and websites to offer location-specific services and advertising. Locator applications are now standard service for all major mobile OSes. You may be more familiar to it being called Find my Phone. Most smartphones and many tablets are now fitted with Global Positioning System (GPS) receivers. GPS is a means of determining a receiver's position on the Earth based on information received from GPS satellites.

There are several different types of viruses, and they are generally classified by the different ways they can infect the computer. Which type of virus affects Office documents by using the programming code that underpins macro functionality maliciously? A) Boot sector viruses B) Firmware viruses C) Script viruses D) Macro viruses

D) Boot sector viruses attack the boot sector information, the partition table, and sometimes the file system. Firmware viruses are targeted against the firmware of a specific component, such as the drive controller. Such viruses are often only used in highly directed attacks, as the firmware is specific to particular models of drive, the firmware code is difficult to obtain and compromise, and executing the firmware update without the user realizing it is tricky. Script viruses are powerful languages used to automate OS functions and add interactivity to web pages. Scripts are executed by an interpreter rather than self-executing. Most script viruses target vulnerabilities in the interpreter. Macro viruses affect Office documents by using the programming code that underpins macro functionality maliciously.

What component of the Active Directory is the basic administrative building block in Windows client/server networking? A) Member Servers B) Organizational Units (OUs) C) Domain Accounts D) Domain

D) Member servers are any server-based systems that have been configured into the domain, but do not maintain a copy of the Active Directory database and are therefore unable to provide logon services. Because the user validation process consumes resources, most servers are configured as member servers rather than domain controllers. Organizational Units (OUs) provide a way of dividing a domain up into different administrative realms. You might create OUs to delegate responsibility for administering different company departments or locations. Domain Accounts are user accounts that are stored in Active Directory on a Windows Server Domain Controller (DC). Domain is the basic administrative building block in Windows client/server networking. To create a domain, you need one or more Windows servers configured as domain controllers.

The New Technology File System (NTFS) is a proprietary file system developed exclusively for use with Windows. Which NTFS feature is a disk management feature allowing space on multiple physical disks to be combined into volumes? A) Recovery B) Security C) POSIX Compliance D) Dynamic Disks

D) Recovery is an NTFS feature that utilizes sector sparing and transaction tracking to provide reliable data transfer. When data is written to an NTFS volume, it is re-read and verified. In the event of a problem, the sector concerned is marked as bad and the data is relocated. Transaction tracking logs all disk and file system activity, making recovery after power outage a faster and more reliable process. NTFS has many security features and these include file permissions and ownership, file access audit trails, quota management, and Encrypting File System (EFS). NTFS is not case sensitive, but it does have the capability to preserve case for POSIX compliance. Dynamic Disks is a disk management feature allowing space on multiple physical disks to be combined into volumes.

The System Configuration Utility is used to modify various settings and files that affect the way the computer boots and loads Windows. Which tab in the System Configuration Utility contains shortcuts to various administrative utilities including System Information, Configuring User Access Control (UAC), and Registry Editor? A) General Tab B) Boot Tab C) Service Tab D) Tools Tab

D) The General tab allows you to configure the startup mode, choosing between Normal, Diagnostic, and a Selective startup, where each portion of the boot sequence can be selected. The Boot tab lets you configure basic settings in the Boot Configuration Data (BCD) store. You can change the default OS, add boot options, such as Safe boot, with minimal drivers and services, and set the timeout value, the duration for which the boot options menu is displayed. The Services tab lets you choose specifically which services are configured to run at startup. The date that a service was disabled is also shown to make troubleshooting easier. The Tools tab contains shortcuts to various administrative utilities including System Information, Configuring UAC and Registry Editor.

What refers to logical security technologies designed to prevent malicious software from running on a host and can establish a security system that does not entirely depend on the good behavior of individual users? A) Trusted/Untrusted Software Sources B) Disable Auto Run C) Anti-Virus/Anti-Malware D) Execution Control

D) To prevent the spread of malware such as Trojans, it is necessary to restrict the ability of users to run unapproved program code, especially code that can modify the OS, such as an application installer. Windows uses the system of Administrator and Standard user accounts, along with User Account Control (UAC) and system policies, to enforce these restrictions. One of the problems with legacy versions of Windows is that when an optical disk is inserted, or USB or network drive is attached, Windows would automatically run commands defined in an autorun.inf file stored in the root of the drive. A typical autorun.inf would define an icon for a disk and the path to a setup file. This could lead to malware being able to install itself automatically. Anti-virus is software that can detect malware and prevent it from executing. The primary means of detection is to use a database of known virus patterns, called definitions, signatures, or patterns. Execution control refers to logical security technologies designed to prevent malicious software from running on a host. Execution control can establish a security system that does not entirely depend on the good behavior of individual users.