Comptia A+ core 2 wrong answers
A user contacts the help desk and complains they are getting an error when they attempt to open a 4 GB .dmg file on their Windows 10 workstation. Which of the following should you tell them?
A .dmg file is a disk image file on a macOS computer. These file types normally are used to download and install applications for macOS. Essentially, a .dmg file on a macOS computer is like a .iso file on a Windows computer. Windows cannot open .dmg files without using special software tools.
Which of the following components presents the largest risk of electrical shock to a technician?
A CRT monitor is an older-style computer monitor that contains large capacitors which retain high levels of electricity even after being disconnected. A CRT should be disposed of carefully. A technician should never open a CRT monitor or stick anything into its interior for fear of electrocution. Hard drives, LCD monitors, and laptop batteries do not contain high voltage levels.
You are assisting a network administrator with updating the firmware of a Cisco iOS-based router. This router is the only border router for your organization, and it connects them to the internet. A request for change (RFC) is being written and contains the purpose, plan, scope, and risk analysis of the proposed change. Which of the following should be added to the RFC before its approval?
A backout plan or rollback plan is a plan defined ahead of making any moves, adds, or changes so that if unforeseen problems arise when the change is made, there is a plan to put things back as they were before making the change. A firmware update of a router usually takes between 5-15 minutes to implement. If it is unsuccessful, the backout plan should revert to the previous firmware version and configuration. There is no secondary route that could be configured in this scenario. This is the only border router that the organization has connected to the internet, as described in the question. The asset management database should not be updated until after the firmware upgrade is completed, not before.
What type of structure is "IF THEN ELSE" in scripting?
A branch is used to control the flow within a computer program or script, usually based on some logic condition. Often, these are implemented with IF THEN ELSE statements. A variable is a placeholder in a script containing a number, character, or string of characters. Variables in scripts do not have to be declared (unlike in programming languages) but can be assigned a value. Then, the variable name is referenced throughout the script instead of the value itself. A loop deviates from the initial program path to some sort of logic condition. In a loop, the computer repeats the task until a condition is met. Often implemented with For or While statements. For example, a short script like (For i=1 to 100, print I, next) would print the numbers from 1 to 100 to the screen. A constant is a specific identifier that contains a value that cannot be changed within the program. For example, the value to convert a number from F to C is always 5/9 because the formula is C = (F -32) * 5/9.
A programmer is writing a script to calculate the temperature in Fahrenheit when it receives input in celsius. The conversion factor used is 5/9. Which of the following would be used to store this fixed conversion factor in the script?
A constant is a specific identifier that contains a value that cannot be changed within the program. For example, the value to convert a number from F to C is always 5/9 because the formula is C = (F -32) * 5/9. A comment is written into the code to help a human understand the initial programmer's logic. In Python, for example, you can use the # symbol to comment on a line of code. Anything on the line after the # is ignored by the computer when the script is being executed. A variable is a placeholder in a script containing a number, character, or string of characters. Variables in scripts do not have to be declared (unlike in programming languages) but can be assigned a value. Then, the variable name is referenced throughout the script instead of the value itself. A loop deviates from the initial program path to some sort of logic condition. In a loop, the computer repeats the task until a condition is met. Often implemented with For or While statements. For example, a short script like (For i=1 to 100, print I, next) would print the numbers from 1 to 100 to the screen.
Which of the following data types would be used to store the number 3.14?
A floating-point number stores a fractional or decimal number, such as 3.14, 45.5, or 333.33. A floating-point number data type usually consumes 4 to 8 bytes of storage. An integer stores a whole number, such as 21, 143, or 1024. An integer data type usually consumes 8 bytes of storage. A boolean stores a value of TRUE (1) or FALSE (0). It usually consumes only 1 bit of storage (a zero or a one). A string stores a group of characters, such as Hello, PYTHON, or JasonDion. A string data type usually consumes as much storage as necessary. Each character in the string usually requires 1 byte of storage.
You are installing a new firewall for Dion Training's corporate network. Which of the following documents should you update FIRST?
A network topology is the shape or structure of a network in a physical or logical format as depicted in a network diagram. Physical network topologies include the actual appearance of the network layout. Logical network topologies include the flow of data across the network. A password policy is a set of rules designed to enhance computer security by encouraging users to employ strong passwords and use them properly. A password policy is often part of an organization's official regulations and may be taught as part of security awareness training. It contains items like password complexity, password age, and password history requirements. A Knowledge Base (KB) is a reference document that is used to assist a technician when they are installing, configuring, and troubleshooting hardware and software. A knowledge base article might be created by a vendor to support their products, too. A company might create an internal KB, populated with guidelines, procedures, information, and frequently asked questions from their service tickets. An incident database is used to document any issues, problems, or incidents in the network. An incident database is often called a trouble ticket system. The system should document the number of the incident, the point of contact for the workstation, the priority of the incident, the problem description, and a history of work performed to resolve the incident for the user.
You have been asked to configure your neighbor's SOHO network. Your neighbor wants to build a Minecraft server so that all their friends can play together over the internet. When configuring their firewall, where should you place the server?
A perimeter network (formerly called a Demilitarized Zone or DMZ) is a portion of a private network connected to the Internet and protected against intrusion. Certain services may need to be made publicly accessible from the Internet (such as a web, email, or Minecraft server) and they should be installed in the perimeter network instead of in your intranet. If communication is required between hosts on either side of a perimeter network, then a host within the perimeter network will act as a proxy to take the request. If the request is valid, it re-transmits it to the destination. External hosts have no idea about what is behind the perimeter network so that the intranet remains secure. A perimeter network can be implemented using either two firewalls (screened subnet) or a single three-legged firewall (one with three network ports). In this SOHO network, it would use a single three-legged firewall approach to separate the perimeter network from the LAN and WAN. A local area network (LAN) is a network where all the nodes or hosts participating in the network are directly connected with cables or short-range wireless media. A wide area network (WAN) is a network that spans multiple geographic locations such as the internet. A metropolitan area network (MAN) is a network that covers a geographical area equivalent to a city or municipality.
You are concerned that your servers could be damaged during a power failure or under-voltage event. Which TWO devices would protect against these conditions?
A power loss or power failure is a total loss of power in a particular area. An under-voltage event is a reduction in or restriction on the availability of electrical power in a particular area. The irregular power supply during the under-voltage event can ruin your computer and other electronic devices. Electronics are created to operate at specific voltages, so any fluctuations in power (both up and down) can damage them. To protect against an under-voltage event, you can use either a battery backup or a line conditioner. To protect against a power loss or power failure, a battery backup or generator should be used. Therefore, the best answer to this question is a battery backup and a line conditioner.
A user is complaining that when they attempt to access Google's homepage, it appears in a foreign language even though they are located in the United States. The user claims they are not using a VPN to access the internet. You have run a full anti-malware scan on the workstation and detected nothing unusual. Which of the following actions should you attempt NEXT?
A proxy server is a web server that acts as a gateway between a client application. A malicious actor could have reconfigured this user's web browser to use a particular proxy server in a foreign country to conduct a man-in-the-middle attack. An anti-malware scanner would not detect this since the use of a proxy server could also be for legitimate purposes. In fact, most large companies use their own proxy servers that users connect to when using the internet. Google would be detecting the language for the proxy server's location. If the malicious proxy server were located in Italy (for example), your Google homepage would be displayed in Italian even if your workstation is in the United States.
The customer service manager at Dion Training is having issues with her Windows 10 laptop. A technician believes that the operating system may have been corrupted by a piece of malware. The technician has removed the malware and wants to perform an installation or upgrade that will recopy the system files and revert most of the system settings to their default configurations while still preserving the user's personalization settings, data files, and any applications installed through the Windows store. The technician has been told that they may delete any applications installed by the user, though, since they may have been infected by the malware. Which of the following types of upgrades or installations should the technician use?
A refresh installation is a type of installation that will recopy the system files and revert most system settings to their default configuration while preserving user personalization settings, data files, and applications installed through the Windows Store. A clean install is an installation of the new operating system on a new computer or a computer that has been recently formatted. A clean install will completely replace the operating system software on the computer with the new operating system. During a clean install, all of the user's data, settings, and applications will be deleted. An in-place upgrade is an installation of the new operating system on top of an existing version of the operating system. An in-place upgrade will preserve the applications, user settings, and data files that already exist on the computer. Repair installation is a type of installation that attempts to replace the existing version of the operating system files with a new copy of the same version. A repair installation is useful when trying to repair a Windows computer that will not boot or when you believe the system files have become corrupted.
A network technician is tasked with designing a firewall to improve security for an existing FTP server on the company network. The FTP server must be accessible from the Internet. The security team is concerned that the FTP server could be compromised and used to attack the domain controller hosted within the company's internal network. What is the BEST way to mitigate this risk?
A screened subnet (formerly called a demilitarized zone or DMZ) is a perimeter network that protects an organization's internal local area network (LAN) from untrusted traffic. A screened subnet is placed between the public internet and private networks. Public servers, such as the FTP server, should be installed in a screened subnet so that additional security mitigations like a web application firewall or application-aware firewall can be used to protect them. SFTP (Secure File Transfer Protocol) is a file transfer protocol that leverages a set of utilities that provide secure access to a remote computer to deliver secure communications by leveraging a secure shell (SSH) connection to encrypt the communication between the client and the server. This will prevent an attacker from eavesdropping on the communications between the SFTP server and a client, but it will not prevent an attacker from exploiting the SFTP server itself. An implicit deny is when a user or group is not granted specific permission in the security settings of an object, but they are not explicitly denied either. This is a best practice to enable, but the FTP server would still have some open ports, such as ports 20 and 21, to operate. These ports could then be used by the attacker to connect to the FTP server and exploit it. Adding a deny rule to the firewall's ACL that blocks port 21 outbound would simply prevent internal network users and servers from accessing external FTP servers. This would in no way prevent the exploitation of the company's FTP server since it has port 21 open and listening for inbound connections.
Your company is concerned about the possibility of power fluctuations that may occur and cause a large increase in the input power to their server room. What condition is this known as?
A significant over-voltage event that occurs for a very short period of time is known as a power spike. A power spike is a very short pulse of energy on a power line. Power spikes can contain very high voltages up to and beyond 6000 volts but usually last only a few milliseconds instead of longer but lower voltage power surges. An extended over-voltage event is known as a power surge. A power surge is basically an increase in your electrical current. A power surge often has levels of 10-30% above the normal line voltage and lasts from 15 milliseconds up to several minutes. An under-voltage event is a reduction in or restriction on the availability of electrical power in a particular area. The irregular power supply during an under-voltage event can ruin your computer and other electronic devices. Electronics are created to operate at specific voltages, so any fluctuations in power (both up and down) can damage them. To protect against an under-voltage event, you can use either a battery backup or a line conditioner. A power loss or power failure is a total loss of power in a particular area. To protect against a power loss or power failure, a battery backup should be used.
Your Windows 10 machine has just crashed. Where should you look to identify the cause of the system crash and how to fix it?
A stop error, commonly called the blue screen of death, blue screen, or BSoD, is an error screen displayed on a Windows computer system following a fatal system error. It indicates a system crash, in which the operating system has reached a condition where it can no longer operate safely. Each BSOD displays a "stop code" that can research the cause of the error and how to solve it. A Media Access Control (MAC) address is a unique physical hardware address for each Ethernet network adapter that is composed of 12 hexadecimal digits. A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. The Power On Self Test (POST) is a built-in diagnostic program that checks the hardware to ensure the components required to boot the PC are present and functioning correctly.
Which of the following data types would be used to store a user's name?
A string stores a group of characters, such as Hello, PYTHON, or JasonDion. A string data type usually consumes as much storage as necessary. Each character in the string usually requires 1 byte of storage. A boolean stores a value of TRUE (1) or FALSE (0). It usually consumes only 1 bit of storage (a zero or a one). An integer stores a whole number, such as 21, 143, or 1024. An integer data type usually consumes 8 bytes of storage. A floating-point number stores a fractional or decimal number, such as 3.14, 45.5, or 333.33. A floating-point number data type usually consumes 4 to 8 bytes of storage.
The Chief Financial Officer has asked Maria for a recommendation on how the company could reduce its software licensing costs while still maintaining the ability to access its application server remotely. Which of the following should Maria recommend? Use a Virtual Network Client (VNC) on a Windows 2019 server Use a Remote Desktop Protocol (RDP) application on a Windows 10 desktop (Incorrect) Install and deploy Windows 10 Home edition on each user's thick client Install and deploy thin clients without an operating system for each user (Correct)
A thin client is a small device that can operate with or without an operating system installed on the client device. Instead, it can boot directly from a network-based operating system on a common server and access applications on the company's application server. This type of architecture can drastically reduce the need for operating system licenses and reduce deployment costs. A thin client runs from resources stored on a central server instead of a localized hard drive. Thin clients work by connecting remotely to a server-based computing environment where most applications, sensitive data, and memory are stored.
A programmer is writing a script to calculate the disk space needed to perform a daily backup. The programming needs to store the amount of disk space in a temporary placeholder within the program that can be updated and changed during the script's execution. Which of the following would be used to store the value of the disk space needed?
A variable is a placeholder in a script containing a number, character, or string of characters. Variables in scripts do not have to be declared (unlike in programming languages) but can be assigned a value. Then, the variable name is referenced throughout the script instead of the value itself. A constant is a specific identifier that contains a value that cannot be changed within the program. For example, the value to convert a number from F to C is always 5/9 because the formula is C = (F -32) * 5/9. A loop deviates from the initial program path to some sort of logic condition. In a loop, the computer repeats the task until a condition is met. Often implemented with For or While statements. For example, a short script like (For i=1 to 100, print I, next) would print the numbers from 1 to 100 to the screen. A comment is written into the code to help a human understand the initial programmer's logic. In Python, for example, you can use the # symbol to comment on a line of code. Anything on the line after the # is ignored by the computer when the script is being executed.
You run the command ipconfig on your laptop and see that you have been assigned an IP address of 169.254.0.56. Which category of IPv4 address is this?
APIPA stands for Automatic Private IP Addressing and is a feature of Windows operating systems. When a client computer is configured to use automatic addressing (DHCP), APIPA assigns a class B IP address from 169.254.0.0 to 169.254.255.255 to the client if the DHCP server is unavailable. A static IP address is used when the DHCP server is disabled and clients are configured manually to join the network properly. A public IP address is the outward-facing (public-facing) IP address assigned to a client. A private IP address lets a router correctly direct traffic within its network and allows devices within a network to communicate with one another, but private IP addresses cannot be used to route traffic across the internet.
Which of the following types of encryption should be selected on a SOHO access point if you are running a coffee shop and want all of your customers to be able to join it by default?
An "open" wireless network is one in which no password or encryption is being used. If you have a public hotspot, such as in a library or coffee shop, then you may wish to configure it as "open." Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection. WEP is considered vulnerable to attacks that can break its encryption. WEP relies on the use of a 24-bit initialization vector to secure its preshared key. Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications designed to replace WEP. WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption.
Jason has built a custom Android application that he wants to install on an Android tablet without having to install it through the Play Store. Which of the following would be required to allow him to install the app's APK on the device?
An android application package (APK) is a third-party or custom program that is installed directly on an Android device to give users and business the flexibility to install apps directly on Android devices. Android supports sideloading through the APK package format. An APK file contains all of that program's code, including .dex files, resources, assets, certificates, and manifest files. Jailbreaking is conducted on an iOS device to remove manufacturer restrictions on the device and allow other software, operating systems, or networks to work with a device. A rooted device is an Android device that has been hacked to provide the user with administrative rights to install unapproved apps, update OS, delete unwanted apps, underclock or overclock the processor, replace firmware and customize anything else. A rooted device is not required just to install an APK outside of the Play Store, though, on an Android device. Devleoper mode is used on an Android device to show additional diagnostic information when using apps or making network connections.
What kind of attack is an example of IP spoofing?
An on-path attack (formerly known as a man-in-the-middle attack) intercepts communications between two systems. For example, in an HTTP transaction, the target is the TCP connection between client and server. Using different techniques, the attacker splits the original TCP connection into 2 new connections, one between the client and the attacker and the other between the attacker and the server. This often uses IP spoofing to trick a victim into connecting to the attack. SQL injection is a code injection technique used to attack data-driven applications. Malicious SQL statements are inserted into an entry field for execution, such as dumping the database contents to the attacker. An on-path attack is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other. ARP Poisoning, also known as ARP Spoofing, is a type of cyber attack carried out over a Local Area Network (LAN) that involves sending malicious ARP packets to a default gateway on a LAN to change the pairings in its IP to MAC address table. Cross-Site Scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in a browser side script, to a different end-user.
You recently moved 1.5 TB of data from your office's file server to a new 16 TB NAS and decommissioned the old file server. You verified all users had been given the same permissions to the new file shares on the NAS as they had on the old server. The users are receiving an error stating, "Windows cannot access \\server10\shared\" every time they click the Share drive icon on their desktop. What is MOST likely the source of this error?
Based on the error shown, it appears that the users are still mapped to the old server and not the new NAS. This is a common issue and oversight that occurs when companies migrate from one server to another. Even if every computer has an S:\ (share drive) shown, it is just a link to a network resource (like \\server10\shared\). If the new server is not named "server10" and is called "server11", then the mapping needs to be redone to reflect \\server11\shared, for example.
A home user contacts the help desk and states that their desktop applications are running very slowly. The user also says that they have not received any emails all morning, but they normally get at least 5-10 emails each day. The help desk technician gets permission from the home user to remotely access their computer and runs some diagnostic scripts. The technician determines that the CPU performance is normal, the system can ping the local router/gateway, and the system can load websites slowly, or they fail to load completely. During the diagnosis, the technician also observes the remote connection dropping and reconnecting intermittently. Which of the following should the technician attempt to perform NEXT to resolve the user's issue?
Based on the symptoms, it appears that the system may be infected with malware. Therefore, it would be best to attempt to remediate the system by updating the anti-virus, performing a full system scan, and verifying that the web browser and email client's settings are correct. There is no indication that a recent OS update was performed, so there is no need to reboot into safe mode and roll back that update. Enabling TPM would not help with this issue since TPM is used to store encryption keys for a BitLocker encrypted hard disk. A technician should never send test emails to their personal account as it is considered unprofessional.
A coworker is creating a file containing a script. You look over their shoulder and see "net use s:\\fileserver\videos" in the file. Based on this, what type of file extension should this script use?
Batch scripts run on the Windows operating system and, in their simplest form, contain a list of several commands that are executed in a sequence. A .bat file is used for a batch script. You can run the file by calling its name from the command line or double-clicking the file in File Explorer. Generally, batch file scripts run from end to end and are limited in branching and user input. Python is a general-purpose programming language that can develop many different kinds of applications. It is designed to be easy to read, and the programs use fewer lines of code compared to other programming languages. The code runs in an interpreter. Python is preinstalled on many Linux distributions and can be installed on Windows. Python scripts are saved using the .py extension. JavaScript is a scripting language that is designed to create interactive web-based content and web apps. The scripts are executed automatically by placing the script in the HTML code for a web page so that when the HTML code for the page loads, the script is run. JavaScript is stored in a .js file or as part of an HTML file. VBScript is a scripting language based on Microsoft's Visual Basic programming language. Network administrators often use VBScript to perform repetitive administrative tasks. With VBScript, you can run your scripts from either the command-line or the Windows graphical interface. Scripts that you write must be run within a host environment. Windows 10 provides Internet Explorer, IIS, and Windows Script Host (WSH) for this purpose.
A developer uses a MacBook Pro when working from home, but they need access to both a Windows and macOS system to test their programs. Which of the following tools should be used to allow both operating systems to exist on their MacBook Pro?
Boot Camp is used to allow dual booting on a Macintosh computer. It allows the user to boot into either macOS (OS X) or Windows as the computer is rebooted. Boot Camp is only supported on Intel-based macOS systems, though. The terminal in macOS is the equivalent to the Windows Command Prompt window. The terminal is used to run network troubleshooting utilities such as the ping command and other advanced commands to modify the macOS environment. Mission Control is an application for facilitating multiple desktops in the macOS environment. The Device Manager is used to view and control the hardware attached to the computer. The device manager will highlight a piece of hardware that is not working so that a technician can repair or replace it.
When Jonathan opens the web browser on his computer, the initial page loads up to a search engine that he does not recognize. Jonathan attempts to use the search engine, but the results are abysmal, and the browser creates numerous pop-ups. Jonathan asks for your assistance in fixing this issue. Which TWO of the following actions do you recommend Jonathan perform first?
Browser redirection and pop-ups are common symptoms of malware being installed on a computer. It is recommended that the web browser be reset to its default settings and configurations to remove any redirection settings that the malware may have made to the browser. Additionally, any unapproved applications should be unchecked from the Startup tab in Task Manager to ensure the malware isn't reloaded during the next reboot.
Which of the following tools should a technician use to modify the HOSTS file on a Windows 10 system to solve a website address resolution issue?
Browser redirection usually occurs if the browser's proxy is modified or the hosts.ini file is modified. If the redirection occurs only for a small number of sites or occurs in all web browsers on a system, it is most likely a maliciously modified hosts.ini file. The hosts.ini file is a local text file that allows a user to specify specific domain names to map to particular addresses. It can be edited using any basic text editor, such as notepad. It works as an elementary DNS server and can redirect a system's internet connection. For example, if your children are overusing YouTube, you can change YouTube.com to resolve to YourSchool.edu for just your child's laptop. The Microsoft management console (MMC) is a utility that uses snap-ins for various Windows tools such as disk management, computer management, performance monitor, print management, and others to perform operations on a local or networked computer. The task manager is an advanced Windows tool that has 7 tabs that are used to monitor the Processes, Performance, App History, Startup, Users, Details, and Services on a computer. By clicking the Services tab, the technician can list all of the services installed on the computer, display their status, and start/stop/restart those services. The registry editor (RegEdit) allows you to view and make changes to system files and programs that you wouldn't be able to access otherwise. The registry is a database made up of hives and keys that control various settings on a Windows system. Incorrectly editing the Registry can permanently damage your computer, so it is important to be very careful when modifying the registry using RegEdit.
A system administrator is assigned an approved change request with a change window of 120 minutes. After 90 minutes, the change is stuck on step five of a five-step change. The server manager decides to initiate a rollback. Which describes what the system administrator should do next?
By performing a rollback, the administrator will change everything back to the last known good configuration before the change is started. Every change should be accompanied by a rollback (or backout) plan so that the change can be reversed if it has harmful or unforeseen consequences. Changes should also be scheduled sensitively if they are likely to cause system downtime or other negative impacts on the workflow of the business units that depend on the IT system being modified. Most organizations have a scheduled maintenance window period for authorized downtime.
An employee's inbox is now filled with unwanted emails after their email password had been compromised last week. You helped them reset their password and regain access to their account. Many of the emails are coming from different email addresses ending in spamyou.com. Which of the following actions should you take to help reduce the amount of spam this and other users in your organization are receiving?
Email filtering is any technique used to prevent a user from being overwhelmed with spam or junk email. By creating a domain-based email filter, all emails from the spamyou.com domain could be blocked and prevented from being delivered to the user. Spam can be blocked from reaching an organization using a mail gateway to filter messages. At the user level, the software can redirect spam to a junk folder or similar. Anti-spam filtering needs to balance blocking illegitimate traffic with permitting legitimate messages. Anti-spam techniques can also use lists of known spam servers by establishing a blocklist. If an allow list is used, only a small number of senders could send emails to the user.
How would you represent the Linux permissions rwxr-xr-- in octal notation?
OBJ-2.6: RWX is 7, R-X is 5, and R-- is 4. In Linux, you can convert letter permissions to octal by giving 4 for each R, 2 for each W, and 1 for each X. R is for read-only, W is for write, and X is for execute. The permissions strings are written to represent the owner's permissions, the group's permissions, and the other user's permissions.
What is the minimum processor required to install Windows 10 (x64) on a device?
For the Windows 10 (32-bit) operating system, the minimum requirements are a 1 GHz processor and 1 GB of RAM. For the Windows 10 (64-bit) operating system, the minimum requirements are a 1 GHz processor and 2 GB of RAM. For the Windows 11 (64-bit) operating system, the minimum requirements are a dual-core 1 GHz processor and 4 GB of RAM.
Gina just installed a 4 TB HDD into her Windows 10 computer and wants to assign the drive letter "M" to store her media files. Which type of partition should Gina use if she wants to mount the drive as a single partition?
GPT is a newer way to partition disks that allows partition sizes over the 2 TB limit imposed by MBR. The GUID partition table (GPT) is a modern disk partitioning system allowing large numbers of partitions and very large partition sizes. The GPT is used in modern computers that support the UEFI standard and can support a maximum capacity of up to 9.7 ZB and up to 128 partitions. The master boot record (MBR) is a sector on a hard disk storing information about partitions configured on the disk. The MBR holds the information on how the logical partitions that contain the file systems are organized on the physical disk. Systems that rely on BIOS utilize the MBR to determine which partitions are on a given hard disk. MBR partition tables have a maximum capacity of 2 TB and only 4 separation partitions. An optical disc image (ISO) file is a file that contains all of the contents from an optical disc in a single file which can be mounted to the file system as though it were a physical optical drive. An ISO is a disk image that contains everything that would be written to an optical disc, disk sector by disc sector, including the optical disc file system. The file allocation table 32-bit (FAT32) is the 32-bit file system supported by Windows, macOS, and Linux computers. FAT32 can support maximum volume sizes of up to 2 TB and maximum file sizes of up to 4 GB.
Your boss from work just sent you an important email, but you are not in the office. You tried to open the email from your smartphone, but it is encrypted and won't open. What should you do?
If an encrypted email does not open in your mail app, you most likely need to verify that your digital certificates are properly installed on the device as these are used to decrypt encrypted emails. If the email was sent to your Gmail account, it would be sent unencrypted. You should not ask for the email to be sent unencrypted since it removes the confidentiality and privacy of the email. Regardless of whether you are using the email client or the mobile web browser, if the digital certificate is not properly installed then the encrypted email will not be able to be read.
Tim has created a new iOS application that he wants to install on an iPad without having to install it through the official App Store. To save some money, he has not purchased a developer certificate from Apple since he isn't planning to sell this app to others. Which of the following would allow Tim to install this unofficial app on his own iPad for testing?
Jailbreaking is conducted on an iOS device to remove manufacturer restrictions on the device and allow other software, operating systems, or networks to work with a device. An android application package (APK) is a third-party or custom program that is installed directly on an Android device to give users and business the flexibility to install apps directly on Android devices. Android supports sideloading through the APK package format. An APK file contains all of that program's code, including .dex files, resources, assets, certificates, and manifest files. A rooted device is an Android device that has been hacked to provide the user with administrative rights to install unapproved apps, update OS, delete unwanted apps, underclock or overclock the processor, replace firmware and customize anything else. A rooted device is not required just to install an APK outside of the Play Store, though, on an Android device. Devleoper mode is used on an Android device to show additional diagnostic information when using apps or making network connections.
John is setting up 100 Windows 10 computers for a new corporate office. He wants to ensure that no one can change the boot order and boot from an unauthorized operating system. What feature should he ensure is enabled?
John should utilize the BIOS to set up a password to prevent unauthorized access to the Basic Input/Output System (BIOS) by other users. The BIOS is software that utilizes a small memory chip on the motherboard to hold the settings specialized for an organization to prevent access and tampering, thus reducing the workstations' overall attack surface and the network. Full disk encryption is used to encrypt the user and system data stored in the device's internal storage. RAM integrity checking is conducted by default on most systems during the initial boot process but it doesn't prevent a user from booting the system or changing the boot order. The purpose of Secure Boot is to prevent malicious and unauthorized apps from loading into the operating system (OS) during the startup process. Secure Boot is enabled by default in Windows 10. When the PC starts, the firmware checks the signature of each piece of boot software, including UEFI firmware drivers (also known as Option ROMs), EFI applications, and the operating system. If the signatures are valid, the PC boots and the firmware gives control to the operating system.
You have been asked to recycle 20 of your company's old laptops. The laptops will be donated to a local community center for underprivileged children. Which of the following data destruction and disposal methods is MOST appropriate to allow the data on the drives to be fully destroyed and the drives to be reused by the community center?
Low-level formatting is a hard disk operation that should make recovering data from your storage devices impossible once the operation is complete. It sounds like something you might want to do if giving away a hard disk or discarding an old computer that may have contained useful and important private information. Standard formatting of the drives could allow the data to be restored and make the data vulnerable to exposure. Drilling or hammering the HDD platters would physically destroy the drives and the data, making the laptops useless for the community center. Degaussing the drives would also render the drives useless to the community center. Therefore, the safest method is a low-level format since it fully destroys the data and allows the drives to be reused by the community center.
Dion Training is building a new computer for its video editor to use. The new computer will use four physical Intel Xeon processors, 128 GB of DDR4 memory, and a RAID 0 with two 2 TB SSDs for optimal performance. Which of the following editions of Windows 10 would support all of this computer's resources properly?
Microsoft Windows 10 Pro for Workstations is designed to run on devices with high-performance configurations, including server-grade Intel Xeon and AMD Opteron processors. Windows 10 Pro for Workstations and Windows 10 Enterprise both support up to four physical CPUs and 6 TB of RAM. Windows 10 Pro and Windows 10 Education both only support two physical CPUs and 2 TB of RAM. Windows 10 Home only supports one physical CPU and up to 128 GB of RAM.
You are configuring a SOHO network that will contain 7 devices, but you only have a single public IP address. Which of the following concepts should be configured to allow the 7 devices to share that single IP when connecting to the internet?
Network address translation (NAT) is a network service provided by a router or proxy server to map private local addresses to one or more publicly accessible IP addresses. NAT can use static mappings but is commonly implemented as network port address translation (PAT) or NAT overloading, where a few public IP addresses are mapped to multiple LAN hosts using port allocations. The dynamic host control protocol (DHCP) is a protocol used to allocate IP addresses to a host when it joins a network. Universal plug-and-play (UPnP) is a protocol framework allowing network devices to autoconfigure services, such as allowing a games console to request appropriate settings from a firewall. A perimeter network (formerly called a Demilitarized Zone or DMZ) is a portion of a private network connected to the Internet and protected against intrusion. Certain services may need to be made publicly accessible from the Internet (such as a web, email, or Minecraft server) and they should be installed in the perimeter network instead of in your intranet. If communication is required between hosts on either side of a perimeter network, then a host within the perimeter network will act as a proxy to take the request.
A user's workstation is running slowly and cannot open some larger program files. The user complains that they often get a warning that states memory is running low on their Windows 10 workstation. Which of the following should you configure until more memory can be installed to help alleviate this problem?
Pagefile in Windows 10 is a hidden system file with the .sys extension stored on your computer's system drive (usually C:\). The Pagefile allows the computer to perform smoothly by reducing the workload of physical memory. Simply put, every time you open more applications than the RAM on your PC can accommodate, the programs already present in the RAM are automatically transferred to the Pagefile. This process is technically called Paging. Because the Pagefile works as a secondary RAM, it is often referred to as Virtual Memory. Adding more physical memory will allow the computer to run faster, but increasing the pagefile size is an acceptable short-term solution.
Which of the following IP addresses is considered an APIPA address?
Private IP addresses are any addresses in a specified range that are not allowed to be routed over the Internet. This allows companies to use these private IP addresses in their local area networks without having to purchase them from an internet registry. The class A private IP address range contains the addresses from 10.0.0.0 to 10.255.255.255.255. The class B private IP address range contains the addresses from 172.16.0.0 to 172.31.255.255. The class C private IP address range contains the addresses from 192.168.0.0 to 192.168.255.255. The APIPA/link-local autoconfiguration range is from 169.254.0.0 to 169.254.255.255.
Your mother says there is something wrong with her computer, but unfortunately, she doesn't know how to fix it. She asks if you can remotely connect to her computer and see if you can fix it. Which of the following technologies would BEST allow you to remotely access her computer and interact with her Windows 10 laptop?
Remote Desktop Protocol (RDP) is a Microsoft protocol designed to facilitate application data transfer security and encryption between client user devices and a virtual network server. It enables a remote user to add a graphical interface to the desktop of another computer. Whether across the house or the country, you can now help solve your mother's computer problems anytime with RDP. Telnet should not be used in a network due to its weak security posture. Telnet transmits all of the data in plain text (without encryption), including usernames, passwords, commands, and data files. For this reason, it should never be used in production networks and has been replaced by SSH in most corporate networks. SSH (Secure Shell) is used to remotely connect to a network's switches and routers to configure them securely. SSH is typically used for logging into a remote machine and executing commands, but it also supports tunneling, forwarding TCP ports, and X11 connections; it can transfer files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols. SSH uses the client-server model. A remote-access VPN connection allows an individual user to connect to a private network from a remote location using a laptop or desktop computer connected to the internet. A remote-access VPN allows individual users to establish secure connections with a remote computer network. Once established, the remote user can access the corporate network and its capabilities as if they were accessing the network from their own office spaces.
Scheherazade, an IT technician, has been tasked with investigating a recent Windows upgrade and make a recommendation as to whether the company should upgrade its workstations. As she is thinking about the upgrade she checks the printer brands that her company uses. Which upgrade consideration is she examining?
She is considering whether third party drivers are available for the new operating system. If third-party drivers aren't available, the company may want to consider not upgrading Windows at this time. While third-party drivers are small pieces of software, they aren't considered separate applications, so application support isn't the right answer. Hardware compatibility considerations isn't correct because she isn't looking at whether the printers are compatible, but whether drivers can be downloaded. The scenario doesn't indicate that she has asked users about their preferences.
Dion Training has an open wireless network so that their students can connect to the network during class without logging in. The Dion Training security team is worried that the customers from the coffee shop next door may be connecting to the wireless network without permission. If Dion Training wants to keep the wireless network open for students but prevents the coffee shop's customers from using it, which of the following should be changed or modified?
Since Dion Training wants to keep the wireless network open, the BEST option is to reduce the signal strength of the network's power level. This will ensure the wireless network can only be accessed from within its classrooms and not from the coffee shop next door. Changing the SSID won't prevent the coffee shop's customers from accessing the network. While MAC filtering could be used to create an approved allow list of MAC addresses for all Dion Training's students, this would also require it to be continuously updated with each class of students that is very time-intensive and inefficient. Therefore, the BEST solution is to reduce the signal strength.
Sam and Mary both work in the accounting department and use a web-based SaaS product as part of their job. Sam cannot log in to the website using his credentials from his computer, but Mary can log in with her credentials on her computer. Sam asks Mary to login into her account from his computer to see if the problem is with his account or computer. When Mary attempts to log in to Sam's computer, she receives an error. Mary noticed a pop-up notification about a new piece of software on Sam's computer when she attempted to log in to the website. Which TWO of the following steps should Mary take to resolve the issue with logging in from Sam's computer?
Since Mary was able to log in to the website from her computer but not from Sam's, this indicates an issue with Sam's computer and/or web browser. The pop-up notification about the new program being installed indicates that something exists on Sam's computer that doesn't exist on Mary's computer. Therefore, it could be the cause and should be investigated further. Additionally, the browser's configuration should be checked to ensure the correct settings are being used.
Your companies share drive has several folders that have become encrypted by a piece of ransomware. During your investigation, you found that only the Sales department folders were encrypted. You continue your investigation and find that a salesperson's workstation was also encrypted. You suspect that this workstation was the original source of the infection. Since it was connected to the Sales department share drive as a mapped S:\ drive, it was also encrypted. You have unplugged the network cable from this workstation. What action should you perform NEXT to restore the company's network to normal operation?
Since the share drive affects multiple users, not just this one salesperson, it should be prioritized for recovery first. Since the workstation has been quarantined from the network, it is no longer a threat to the shared drive data. Therefore, you should restore the latest backup of the Sales folders to the share drive. This will enable the rest of the Sales department to get back to normal operations. Then, you should focus on remediating this workstation. The next step for that remediation would be to disable System Restore, remediate the infected workstation by updating the anti-malware software, and conduct scans. The seven steps of the malware removal procedures are (1) Investigate and verify malware symptoms, (2) Quarantine the infected systems, (3) Disable System Restore in Windows, (4) Remediate the infected systems, update anti-malware software, scan the system, and use removal techniques (e.g., safe mode, pre-installation environment), (5) Schedule scans and run updates, (6) Enable System Restore and create a restore point in Windows, and (7) Educate the end user.
A factory worker suspects that a legacy workstation is infected with malware. The workstation runs Windows XP and is used as part of an ICS/SCADA system to control industrial factory equipment. The workstation is connected to an isolated network that cannot reach the internet. The workstation receives the patterns for the manufactured designs through a USB drive. A technician is dispatched to remove the malware from this workstation. After its removal, the technician provides the factory worker with a new USB drive to move the pattern files to the workstation. Within a few days, the factory worker contacts the technician again to report the workstation appears to be reinfected with malware. Which of the following steps did the technician MOST likely forget to perform to prevent reinfection?
Since the workstation is isolated from the internet, the anti-malware solution will need to be manually updated to ensure it has the latest virus definitions. Without the latest virus definitions, the system can easily become reinfected. The seven steps of the malware removal procedures are (1) Investigate and verify malware symptoms, (2) Quarantine the infected systems, (3) Disable System Restore in Windows, (4) Remediate the infected systems, update anti-malware software, scan the system, and use removal techniques (e.g., safe mode, pre-installation environment), (5) Schedule scans and run updates, (6) Enable System Restore and create a restore point in Windows, and (7) Educate the end user.
Which of the following provides accounting, authorization, and authentication via a centralized privileged database, as well as challenge/response and password encryption?
TACACS+ is a AAA (accounting, authorization, and authentication) protocol to provide AAA services for access to routers, network access points, and other networking devices. TACACS+ is a remote authentication protocol, which allows a remote access server to communicate with an authentication server to validate user access onto the network. TACACS+ allows a client to accept a username and password, and pass a query to a TACACS+ authentication server. Multifactor authentication is an authentication scheme that works based on something you know, something you have, something you are, something you do, or somewhere you are. These schemes can be made stronger by combining them (for example, protecting the use of a smart card certification [something you have] with a PIN [something you know]). Network Access Control (NAC) is a means of ensuring endpoint security by ensuring that all devices connecting to the network conform to a health policy such as its patch level, antivirus/firewall configuration, and other factors. Internet Security Association and Key Management Protocol (ISAKMP) is used for negotiating, establishing, modification, and deletion of SAs and related parameters in the IPSec protocol.
Which of the following types of remote access technologies should NOT be used in a network due to its lack of security?
Telnet should not be used in a network due to its weak security posture. Telnet transmits all of the data in plain text (without encryption), including usernames, passwords, commands, and data files. For this reason, it should never be used in production networks and has been replaced by SSH in most corporate networks. Remote Desktop Protocol (RDP) is a Microsoft protocol designed to facilitate application data transfer security and encryption between client user devices and a virtual network server. It enables a remote user to add a graphical interface to the desktop of another computer. SSH (Secure Shell) is used to remotely connect to a network's switches and routers to configure them securely. SSH is typically used for logging into a remote machine and executing commands, but it also supports tunneling, forwarding TCP ports, and X11 connections; it can transfer files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols. SSH uses the client-server model. A remote-access VPN connection allows an individual user to connect to a private network from a remote location using a laptop or desktop computer connected to the internet. A remote-access VPN allows individual users to establish secure connections with a remote computer network. Once established, the remote user can access the corporate network and its capabilities as if they were accessing the network from their own office spaces.
Which file system type is used to mount remote storage devices on a Linux system?
The Network File System (NFS) is used to mount remote storage devices into the local file system on a Linux system. It allows you to mount your local file systems over a network and remote hosts to interact with them while mounted locally on the same system. The extensible file allocation table (exFAT) is a file system optimized for external flash memory storage devices such as USB flash drives and SD cards. exFAT supports a maximum volume size of up to 128 PB with a recommended maximum volume size of 512 TB for the best reliability. The Apple file system (APFS) is the default file system for Mac computers using macOS 10.13 or later and features strong encryption, space sharing, snapshots, fast directory sizing, and improved file system fundamentals. The NT file system (NTFS) is a Windows file system that supports a 64-bit address space and can provide extra features such as file-by-file compression and RAID support as well as advanced file attribute management tools, encryption, and disk quotas. NTFS can support a maximum volume size of up to 8 PB.
Your company is setting up a system to accept credit cards in their retail and online locations. Which of the following compliance types should you be MOST concerned with dealing with credit cards?
The Payment Card Industry Data Security Standard (PCI-DSS) applies to companies of any size that accept credit card payments. If your company intends to accept card payment and store, process, and transmit cardholder data, you need to securely host your data and follow PCI compliance requirements. The General Data Protection Regulation (GDPR) is a regulation created in the European Union that creates provisions and requirements to protect the personal data of European Union (EU) citizens. Transfers of personal data outside the EU Single Market are restricted unless protected by like-for-like regulations, such as the US's Privacy Shield requirements. Personally identifiable information (PII) is data used to identify, contact, or locate an individual. Information such as social security number (SSN), name, date of birth, email address, telephone number, street address, and biometric data is considered PII. Protected health information (PHI) refers to medical and insurance records, plus associated hospital and laboratory test results.
Which of the following Control Panel sections would allow a technician to turn on Hyper-V on a Windows 10 Pro workstation?
The Programs and Features section of the Control Panel allows a technician to install or remove applications, software packages, and features in the Windows operating system. Hyper-V is considered an additional feature in Windows 10 Pro and can be enabled from the Windows Features section of the Programs and Features tool. The Devices and Printers section of the Control Panel allows a technician to manage the printers, scanners, and other external devices connected to a Windows computer. The System section of the Control Panel allows a technician to see information about the workstation, including the processor type, amount of memory, and operating system version installed on the computer. The Device Manager is used to view and control the hardware attached to the computer. The device manager will highlight a piece of hardware that is not working so that a technician can repair or replace it.
Your company has just installed a brand new email server, but you determined that the server cannot send emails to another server during your initial testing. You decide to check the firewall's ACL to see if the server's outgoing email is being blocked. Which of the following ports should you ensure is open and not blocked by the firewall?
The Simple Mail Transfer Protocol (SMTP) uses port 25 and is an internet standard communication protocol for electronic mail transmission. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. Post Office Protocol version 3 (POP3) uses port 110 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system.
You are working as a military defense contractor and have been asked to dispose of 5 laptop hard drives used in systems that processed classified information. Which of the following physical data destruction and disposal methods is MOST appropriate to ensure the data cannot be recovered?
The best option is to use degaussing on the hard drives. Degaussing exposes the disk to a powerful electromagnet that disrupts the magnetic pattern that stores the data on the disk surface. This renders the data on the disk inaccessible, but the disk will become unusable for other purposes. If the drive needs to be reused, repurposed, or recycled, you should not use degaussing. If the drive contains sensitive or classified information, then it should be degaussed or shredded. Standard formatting of the drives could allow the data to be restored and make the data vulnerable to exposure. Low-level formatting is a hard disk operation that will make recovering data from your storage devices difficult once the operation is complete.
You are working on a Windows 10 workstation with a 1 TB HDD and 16 GB of memory that is operating slowly when reading large files from its storage device. Which of the following commands should you use to speed up this workstation?
The chkdsk command is used to check the file system and file system metadata of a volume for logical and physical errors. If used without parameters, chkdsk displays only the status of the volume and does not fix any errors. If used with the /f, /r, /x, or /b parameters, it fixes errors on the volume. The format command creates a new root directory and file system for the disk. It can check for bad areas on the disk, and it can delete all data on the disk. To use a new disk, you must first use the format command to format the disk. The diskpart command is a command-line disk-partitioning utility available for Windows that is used to view, create, delete, and modify a computer's disk partitions. The ipconfig tool displays all current TCP/IP network configuration values on a given system.
A file currently has permissions of 755. Which of the following commands would change file permission to r-xr--r--?
The chmod command is used to change a file or directory's permissions from the command line or terminal. A technician can either use u+ to add user permission and g+ to add group permissions, or they can use the octal value. In this case, the octal value of r-wr--r-- is 544. In Linux, you can convert letter permissions to octal by giving 4 for each R, 2 for each W, and 1 for each X. R is for read-only, W is for write, and X is for execute. The permissions strings are written to represent the owner's permissions, the group's permissions, and the other user's permissions.
Which of the following commands is used on a Linux system to convert and copy files from one hard disk to another?
The dd command is used to convert and copy files. On Unix and Unix-like operating systems like Linux, almost everything is treated as a file, even block devices like a hard disk drive. This makes dd useful to clone disks or wipe data from a drive. The mv command is a command-line utility that moves files or directories from one place to another. The mv command supports moving single files, multiple files, and directories. The mv command can prompt before overwriting files and will only move files that are newer than the destination. When the mv command is used, the file is copied to the new directory and removed from the old directory. The ls command lists the files or directories in the current path of a Unix, Linux, or Mac operating system. When invoked without any arguments, ls lists the files in the current working directory. The cd command is used to change the directory. If used with the "cd .." option, it will move up one directory in the file system's directory structure. If used with the "cd ."
Which command-line tool is used on a Windows system to display a list of the files and directories within the current directory or path?
The dir command is used to list a directory's files and subdirectories. If used without parameters, this command displays the disk's volume label and serial number, followed by a list of directories and files on the disk (including their names and the date and time each was last modified). For files, this command displays the name extension and the size in bytes. This command also displays the total number of files and directories listed, their cumulative size, and the free space (in bytes) remaining on the disk. The ls command is used on a Linux system to list a directory's files and subdirectories. The ls command only works on a Windows system when you are using PowerShell, not the command line. The system file checker (SFC) command is a utility in Windows that allows users to scan for and restore corrupted Windows system files from the command line. The chkdsk command is used to check the file system and file system metadata of a volume for logical and physical errors. If used without parameters, chkdsk displays only the status of the volume and does not fix any errors. If used with the /f, /r, /x, or /b parameters, it fixes errors on the volume.
A user contacts the service desk after they just finished attempting to upgrade their laptop to Windows 10. The upgrade failed, and the user asks you to explain why. Which of the following log files should you review to determine the cause of the upgrade failure?
The event viewer shows a log of application and system messages, including errors, information messages, and warnings. It's a useful tool for troubleshooting all kinds of different Windows problems. The setup log contains a record of the events generated during the Windows installation or upgrade process. The file (setup.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The application log contains information regarding application errors. The file (application.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The system log contains information about service load failures, hardware conflicts, driver load failures, and more. The file (system.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The security log contains information regarding audit data and security on a system. For example, the security log contains a list of every successful and failed login attempt. The file (security.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer.
Which file system type should you format a 4 TB USB flash drive to use with both Windows and macOS laptops?
The extensible file allocation table (exFAT) is a file system optimized for external flash memory storage devices such as USB flash drives and SD cards. exFAT supports a maximum volume size of up to 128 PB with a recommended maximum volume size of 512 TB for the best reliability. exFAT is supported natively by both Windows and macOS. The NT file system (NTFS) is a Windows file system that supports a 64-bit address space and can provide extra features such as file-by-file compression and RAID support as well as advanced file attribute management tools, encryption, and disk quotas. NTFS can support a maximum volume size of up to 8 PB. NTFS is not supported natively by macOS. The Apple file system (APFS) is the default file system for Mac computers using macOS 10.13 or later and features strong encryption, space sharing, snapshots, fast directory sizing, and improved file system fundamentals. APFS is not supported natively by Windows. The file allocation table 32-bit (FAT32) is the 32-bit file system supported by Windows, macOS, and Linux computers. FAT32 can support maximum volume sizes of up to 2 TB and maximum file sizes of up to 4 GB.
Which of the following is considered a form of regulated data?
The four forms of regulated data covered by the exam are PII (Personally Identifiable Information), PCI (Payment Card Industry), GDPR (General Data Protection Regulation), and PHI (Protected Health Information). Personally identifiable information (PII) is data used to identify, contact, or locate an individual. Information such as social security number (SSN), name, date of birth, email address, telephone number, street address, and biometric data is considered PII. An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network or the Internet. While some items in the AUP might help prevent a malware infection (such as not allowing users to download and run programs from the internet), it is considered an administrative control, and choosing a technical control like patch management would better protect the network. Digital rights management (DRM) is a copyright protection technology for digital media. DRM solutions usually try to restrict the number of devices allowed for playback of a licensed digital file, such as a music track or ebook. The Digital Millennium Copyright Act (DMCA) is a 1998 United States copyright law that implements two 1996 treaties of the World Intellectual Property Organization that criminalizes production and dissemination of technology, devices, or services intended to circumvent measures that control access to copyrighted works.
A user attempted to go to their favorite social media website this morning from their laptop. When they typed in Facebook.com, their browser redirected them to MalwareInfect.com instead. You asked the user to clear their cache, history, and cookies, but the problem remains. What should you do NEXT to solve this problem?
The hosts file is a local plain text file that maps servers or hostnames to IP addresses. It was the original method to resolve hostnames to a specific IP address. The hosts file is usually the first process in the domain name resolution procedure. When a user requests a webpage, the hosts.ini file is first checked for the IP address. If the IP address isn't found in the hosts.ini file, then the workstation requests the IP address from the DNS server. Attackers often modify host.ini files to redirect users to a malicious webpage instead of one they would commonly use like Google, Facebook, and others.
You were troubleshooting a recently installed NIC on a workstation and decided to ping the NIC's loopback address. Which of the following IPv4 addresses should you ping?
The loopback address is 127.0.0.1 in IPv4, and it is reserved for troubleshooting and testing. The loopback address is used to receive a test signal to the NIC and its software/drivers to diagnose problems. Even if the network cable is unplugged, you should be able to ping your loopback address successfully. The other three IP addresses presented as options are private Class A, Class B, or Class C addresses, and not the loopback address.
Which of the following commands is used to edit a text file on a Linux server?
The nano utility is an easy-to-use command-line text editor for Linux systems. Nano includes the functionality of a regular text editor, as well as syntax highlighting, multiple buffers, search and replace with regular expression support, spellchecking, UTF-8 encoding, and more. The cat (short for "concatenate") command is one of the most frequently used commands in Linux/Unix. The cat command allows the creation of single or multiple files, view file contents, concatenate files, and redirect output in the terminal to a file. The grep is a command-line utility for searching plain-text data sets for lines that match a regular expression. The grep command works on Unix, Linux, and macOS operating systems. Grep is an acronym that stands for Global Regular Expression Print. The pwd command displays the present working directory (current directory) path to the terminal or display. If you are working on a Linux system and are unsure of where you are in the directory structure, type "pwd" and hit enter to display the path to the screen.
Eduardo is installing Windows 11 (64-bit) in a virtual machine on his macOS desktop. The installation is continually failing and producing an error. Eduardo has configured the virtual machine with a 2.2 GHz single core processor, 4 GB of memory, a 64 GB hard drive, and a 1280 x 720 screen resolution. Which item in the virtual machine should be increased to fix the installation issue experienced?
The number of CPU cores needs to be increased. For the Windows 11 (64-bit) operating system, the minimum requirements are a dual-core 1 GHz processor, 4 GB of RAM, and at least 64 GB of hard drive space. For the Windows 10 (32-bit) operating system, the minimum requirements are a 1 GHz processor, 1 GB of RAM, and at least 16 GB of hard drive space. For the Windows 10 (64-bit) operating system, the minimum requirements are a 1 GHz processor, 2 GB of RAM, and at least 32 GB of hard drive space.
You are helping to set up a backup plan for your organization. The current plan states that all of the organization's Linux servers must have a daily backup conducted. These backups are then saved to a local NAS device. You have been asked to recommend a method to ensure the backups will work when needed for restoration. Which of the following should you recommend?
The only way to fully ensure that a backup will work when needed is to restore the files from the backups. To do that, it is best to restore them to a test server since this will not affect your production environment.
Which command would a Linux user need to enter to change their password?
The passwd command changes passwords for user accounts. A normal user may only change the password for their account, while the superuser may change the password for any user. The chown command is used to change the owner of the file, directory, or link in Linux. The pwd command displays the present working directory (current directory) path to the terminal or display. If you are working on a Linux system and are unsure of where you are in the directory structure, type "pwd" and hit enter to display the path to the screen. The ps command is used to list the currently running processes, and their PIDs and some other information depend on different options. It reads the process information from the virtual files in the /proc file system. The /proc directory contains virtual files and is known as a virtual file system.
Which of the following commands is used on a Linux system to safely turn off a server?
The shutdown command brings the system down in a secure way. When the shutdown is initiated, all logged-in users and processes are notified that the system is going down, and no further logins are allowed. You can shut down your system immediately or at the specified time. The ps command is used to list the currently running processes, and their PIDs and some other information depend on different options. It reads the process information from the virtual files in the /proc file system. The /proc directory contains virtual files and is known as a virtual file system. The kill command sends a signal to specified processes or process groups, causing them to act according to the signal. When the signal is not specified, it defaults to -15 (-TERM), which terminates the specified process by gracefully stopping it. If "kill -9" is used instead, it will immediately kill the process. The rm command is a command-line utility for removing files or directories. To remove a file, pass the name of a file or files to the rm command, and those files will be removed immediately from the file system.
Which of the following commands is used on a Linux system to switch to another user's account?
The su command, which stands for substitute user, is used by a computer user to execute commands with the privileges of another user account. When executed, it invokes a shell without changing the current working directory or the user environment. When the command is used without specifying the new user id as a command-line argument, it defaults to using the system's superuser account (user id 0). The command sudo is related and executes a command as another user but observes a set of constraints about which users can execute which other users can execute. The chown command is used to change the owner of the file, directory, or link in Linux. The ps command is used to list the currently running processes, and their PIDs and some other information depend on different options. It reads the process information from the virtual files in the /proc file system. The /proc directory contains virtual files and is known as a virtual file system. The passwd command changes passwords for user accounts. A normal user may only change the password for their account, while the superuser may change the password for any user.
Which of the following network configurations is used to identify your computer's individual host identifier and your computer's network identifier?
The subnet mask is used to identify the host identifier and the network identifier uniquely in combination with the IP address. The subnet mask is used by the TCP/IP protocol to determine whether a host is on the local subnet or a remote network. The default gateway parameter is the IP address of a router to which packets destined for a remote network should be sent by default. This setting is not required, but if you do not have one included, your network traffic can never leave the local area network. Windows Internet Name Service (WINS) is a legacy computer name registration and resolution service that maps computer NetBIOS names to IP addresses. The domain name system (DNS) protocol is the protocol used to provide names for an IP address based on their mappings in a database using TCP/UDP port 53.
Which of the following contains virtual memory that can supplement the physical system memory in a Linux system?
The swap partition on a Linux system is a portion of the hard disk formatted with a minimal kind of file system and used in situations when the operating system runs out of physical memory and needs more of it. It can only be used by the memory manager and not for the storage of ordinary data files. The third extended filesystem (ext3) is a journaled file system commonly used by the Linux kernel. The ext3 file system can support a maximum volume size of up to 32 TB. The fourth extended filesystem (ext4) is a journaled file system that is used natively by modern Linux operating systems such as Debian and Ubuntu. The ext4 file system can support a maximum volume size of up to 1 EB. The network file system (NFS) is used to mount remote storage devices into the local file system on a Linux system. It allows you to mount your local file systems over a network and remote hosts to interact with them while mounted locally on the same system.
A system administrator has noticed that an employee's account has been attempting to log in to multiple workstations and servers across the network. This employee does not have access to these systems, and the login attempts are unsuccessful. Which of the following actions should the administrator do to this employee's account in Active Directory?
The system administrator should disable the user's account to prevent further login attempts. The system administrator should notify security, who will investigate whether the employee or another malicious actor is taking the actions. An administrator can disable an account, but they cannot lock it. A lockout occurs when the preconfigured threshold for the number of failed login attempts is met. Resetting the password would not solve this issue, and deleting the account would remove the user and their files from the system.
Which of the following is a connectionless protocol that utilizes on UDP?
The user datagram protocol (UIDP) is a protocol in the TCP/IP suite that operates at the transport layer to provide connectionless, non-guaranteed communication with no sequencing or flow control. UDP is faster than TCP, but it does not provide reliable delivery of the packets. The trivial file transfer protocol (TFTP) is a protocol used to get a file from a remote host or put a file onto a remote host. TFTP is commonly used with embedded devices or systems that retrieve firmware, configuration information, or a system image during the boot process. TFTP operates over UDP port 69. The hypertext transfer protocol (HTTP) is a protocol used to provide web content to browsers using TCP port 80. The hypertext transfer protocol (HTTP) is a protocol used to provide web content to browsers using TCP port 80. The hypertext transfer protocol secure (HTTPS) is a secure protocol used to provide web content to browsers using SSL/TLS encryption over TCP port 443.
Which of the following commands is used on a Linux system to edit a text file on a server?
The vi (visual) utility is a popular screen-oriented text editor in Linux, Unix, and other Unix-like operating systems. When using vi, the terminal screen acts as a window into the editing buffer. Changes made to the editing buffer shall be reflected in the screen display, and the position of the cursor on the screen will indicate the position within the editing buffer. The ps command is used to list the currently running processes, and their PIDs and some other information depend on different options. It reads the process information from the virtual files in the /proc file system. The /proc directory contains virtual files and is known as a virtual file system. The pwd command displays the present working directory (current directory) path to the terminal or display. If you are working on a Linux system and are unsure of where you are in the directory structure, type "pwd" and hit enter to display the path to the screen. The chown command is used to change the owner of the file, directory, or link in Linux.
Which of the following Windows tools should a technician use to import and install data in the x.509 format?
The x.509 format is used to define a public key certificate used by TLS/SSL and other internet protocols. Certificate manager (certmgr.msc) is a utility used to manage digital certificates on a Windows system. The certificate manager can list, search, open, delete, import, and export digital certificates on a computer. Device manager (devmgmt.msc) is a utility used to view and control the hardware attached to the computer. The device manager will highlight a piece of hardware that is not working so that a technician can repair or replace it. Group policy editor (gpedit.msc) is a utility used to define and control how programs, network resources, and the operating system operate for users and computers in an organization. In an active directory environment, a group policy is applied to users or computers based on their membership in sites, domains, or organizational units. Remote desktop services (RDS) is used to connect to a remote desktop session host servers or other remote computers, edit an existing remote desktop connection (.rdp) configuration file, and migrate legacy connection files that were created with the client connection manager to the newer .rdp connection file type.
A printing company uses an isolated Windows XP workstation to print out large format banners for its customers on a custom printer. Unfortunately, the printer does not support newer versions of Windows and would cost $50,000 to replace it. To mitigate this risk, the workstation is not connected to the internet or a local area network. When a customer needs a banner printer, the technician takes a copy of their PDF file and moves it to the Windows XP workstation using a USB thumb drive. The workstation recently became infected with malware when printing a customer's file. The technician remediated the issue, but the workstation became infected again three weeks later. Which of the following actions did the technician forget to perform?
This is a legacy workstation since it is running Windows XP. Since Windows XP is considered end-of-life, there are no security patches or updates available for it. To mitigate this risk, the workstation should be run only as an isolated workstation. Since the workstation is not connected to a network and receives files through the connection of a USB thumb drive, this would be the only way a piece of malware could enter the system. The technician most likely neglected to update the antivirus/antimalware software on this workstation during the remediation. The technician should manually update the antivirus/antimalware definitions weekly. The workstation should also be configured to conduct on-access/on-demand scanning, as well.
A corporate user has called the enterprise service desk because they believe their computer has become infected with malware. When you arrive at their desktop to troubleshoot the issue, you notice it was powered down. You press the power button, the system loads without any issues. When you open Google Chrome, you notice that multiple pop-ups appear almost immediately. Which of the following actions should you take NEXT?
This is a tricky question because many technicians might try to fix the issue by clearing the browser or reinstalling/reimaging the machine. If this were a home user's machine, this would be an appropriate response, but you should follow the company's procedures since this is a corporate workstation. Most companies require any machines suspected of malware infection to be scanned/analyzed by the cybersecurity department before remediating or reimaging them. Therefore, the best thing to do is to remediate the system. This also follows the malware removal process since the technician just investigated and verified the malware symptoms. The seven steps of the malware removal procedures are (1) Investigate and verify malware symptoms, (2) Quarantine the infected systems, (3) Disable System Restore in Windows, (4) Remediate the infected systems, update anti-malware software, scan the system, and use removal techniques (e.g., safe mode, pre-installation environment), (5) Schedule scans and run updates, (6) Enable System Restore and create a restore point in Windows, and (7) Educate the end user.
Tony works for a company as a cybersecurity analyst. His company runs a website that allows public postings. Recently, users have started complaining about the website having pop-up messages asking for their username and password. Simultaneously, your security team has noticed a large increase in the number of compromised user accounts on the system. What type of attack is most likely the cause of both of these events?
This scenario is a perfect example of the effects of a cross-site scripting (XSS) attack. If your website's HTML code does not perform input validation to remove scripts that may be entered by a user, then an attacker can create a popup window that collects passwords and uses that information to compromise other accounts further. A cross-site request forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated. An XSS will allow an attacker to execute arbitrary JavaScript within the victim's browser (such as creating pop-ups). A CSRF would allow an attack to induce a victim to perform actions they do not intend to perform. A rootkit is a set of software tools that enable an unauthorized user to control a computer system without being detected. SQL injection is the placement of malicious code in SQL statements via web page input. None of the things described in this scenario would indicate a CSRF, rootkit, or SQL injection.
You are configuring a wireless access point (WAP) in a large apartment building for a home user. The home user is concerned that their neighbor may try to connect to their Wi-Fi and wants to prevent it. Which THREE of the following actions should you perform to increase the wireless network's security?
To BEST secure this wireless network in a large apartment building, you should first reduce the transit power. This will ensure the network's radio frequency signals remain within the apartment itself. You should then disable the SSID broadcast since this will prevent the home user's neighbor from seeing the network as available. Finally, the home user should use WPA3 encryption since it is the strongest encryption method for Wi-Fi networks. Reducing the channel availability would minimize the bandwidth available for the users. Disabling the DHCP server will prevent users from automatically getting their IP configuration settings when connecting to the network. WEP is considered a weak form of encryption and should not be used.
Your supervisor has requested remote access to a particular server to check on specific data and processes in the evenings and weekends. You are concerned that the server could become infected and want to take some precautions. Which of the following is the MOST important thing to do before granting remote access to the server to your supervisor?
To prevent infection, it is important that all servers and workstations remain patched and up to date on their security updates. After that, the next best thing would be to set up the anti-virus to update itself daily and run a full scan nightly automatically. Beyond that, educating your supervisor would be a good idea, as well. Disabling the internet access outside of normal business hours would not work since this would block your supervisor from accessing the server from their home.
You are working at the Dion Training headquarters in Puerto Rico. The island just suffered a power outage due to a hurricane. The server room in the headquarters has power, but the rest of the office does not. You verify that the diesel generator is running at full electrical load capacity. Which of the following solutions should you recommend to Dion Training to allow them to continue working during a long-term power outage?
When a hurricane causes a power outage on an island, it can be hours, days, or even months before the power is fully restored. Since the Dion Training headquarters is located in Puerto Rico, they should have a large capacity diesel generator to power their entire office during a long-term power outage. After Hurricane Maria in 2017, some parts of Puerto Rico went without grid power for nine-month. We have multiple redundant and high-capacity power sources at the Dion Training offices to ensure we can remain online and work even without any grid power available.
Regardless of what website Michelle types into her browser, she is being redirected to "malwarescammers.com." What should Michelle do to fix this problem?
When a browser redirect occurs, it usually results from a malicious proxy server setting being added to the browser. Michelle should first check her web browser's configuration for any malicious proxies under the Connections tab under Internet Options in the Control Panel. Next, she should check the hosts.ini file to ensure that single sites are not being redirected.
Jason checks the Dion Training server room and finds that it currently has over 80% humidity. Which of the following risks to the servers could occur due to this high humidity level?
When humidity is high, corrosion is the biggest threat. When humidity is high, the water in the air can react with the components in the servers and cause corrosion. When humidity is low, static electricity is built up and can lead to an accidental release which damages components. In a computer server room or work area, the humidity should be kept between 40-60% to prevent electrostatic discharge from low humidity and corrosion from high humidity. An electrostatic discharge (ESD) is the release of a charge from metal or plastic surfaces that occurs when a potential difference is formed between the charged object and an oppositely charged conductive object. This electrical discharge can damage silicon chips and computer components if they are exposed to it.
Which of the following encryption types was used by WPA to better secure wireless networks than WEP?
Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications designed to replace WEP. WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection. WEP is considered vulnerable to attacks that can break its encryption. WEP relies on the use of a 24-bit initialization vector to secure its preshared key. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption.
Which of the following types of encryption uses a 128-bit encryption key but is considered weak due to its use of a 24-bit initialization vector?
Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection. WEP is considered vulnerable to attacks that can break its encryption. WEP relies on the use of a 24-bit initialization vector to secure its preshared key. Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications designed to replace WEP. WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption. The Wi-Fi Protected Setup (WPS) is a mechanism for auto-configuring a WLAN securely for home users. On compatible equipment, users push a button on the access point and connect adapters to associate them securely. WPS is subject to brute force attacks against the PIN used to secure them, making them vulnerable to attack.
What type of wireless security measure can easily be defeated by a hacker by spoofing their network interface card's hardware address?
Wireless access points can utilize MAC filtering to ensure only known network interface cards are allowed to connect to the network. If the hacker changes their MAC address to a trusted MAC address, they can easily bypass this security mechanism. MAC filtering is considered a good security practice as part of a larger defense-in-depth strategy, but it won't stop a skilled hacker for long. MAC addresses are permanently burned into the network interface card by the manufacturer and serve as the device's physical address. WEP is the Wired Equivalent Privacy encryption standard, which is considered obsolete in modern wireless networks. WEP can be broken using a brute force attack within just a few minutes by an attacker. Another security technique is to disable the SSID broadcast of an access point. While this prevents the SSID broadcast, a skilled attacker can still find the SSID using discovery scanning techniques. WPS is the WiFi Protected Setup. WPS is used to connect and configure wireless devices to an access point easily.
Your company's wireless network was recently compromised by an attacker who utilized a brute force attack against the network's PIN to gain access. Once connected to the network, the attacker modified the DNS settings on the router and spread additional malware across the entire network. Which TWO of the following configurations were most likely used to allow the attack to occur?
Wireless networks that rely on a PIN to connect devices use the Wi-Fi Protected Setup (WPS). It is a wireless network security standard that tries to make connections between a router and wireless devices faster and easier. WPS relies on an 8-digit PIN, but it is easily defeated using a brute force attack due to a poor design. Once connected to the network using the WPS PIN, the attacker may have logged into the router using the default administrative login credentials and then modified the router/gateway's DNS. Commonly, many network administrators forget to change the default username/password of their devices, leaving an easy vulnerability for an attacker to exploit.
A user's workstation is infected with malware. You have quarantined it from the network. When you attempt to boot it to the Windows 10 desktop, it fails. Which of the following should you do NEXT to begin remediating this system?
he system should be rebooted into Safe Mode and an antivirus scan conducted. Safe Mode starts Windows in a basic state, using a limited set of files and drivers. If a problem doesn't happen in Safe Mode, then the default settings and basic device drivers aren't causing the issue. Observing Windows in safe mode enables you to narrow down the source of a problem and can help you troubleshoot problems on your PC. Safe Mode will allow you to restore an earlier System Restore point, but it will not allow you to disable System Restore. Restoring to the last system restore point may not restore the system to the time before the malware infection. Formatting and reinstalling Windows would lead to data loss for the user. Therefore, you should attempt to remediate the malware infection from Safe Mode first. The seven steps of the malware removal procedures are (1) Investigate and verify malware symptoms, (2) Quarantine the infected systems, (3) Disable System Restore in Windows, (4) Remediate the infected systems, update anti-malware software, scan the system, and use removal techniques (e.g., safe mode, pre-installation environment), (5) Schedule scans and run updates, (6) Enable System Restore and create a restore point in Windows, and (7) Educate the end user.