PRACTICE TEST MISSED
Which file system type is used to mount remote storage devices on a Linux system?
OBJ-1.8: The Network File System (NFS) is used to mount remote storage devices into the local file system on a Linux system. It allows you to mount your local file systems over a network and remote hosts to interact with them while mounted locally on the same system. The extensible file allocation table (exFAT) is a file system optimized for external flash memory storage devices such as USB flash drives and SD cards. exFAT supports a maximum volume size of up to 128 PB with a recommended maximum volume size of 512 TB for the best reliability. The Apple file system (APFS) is the default file system for Mac computers using macOS 10.13 or later and features strong encryption, space sharing, snapshots, fast directory sizing, and improved file system fundamentals. The NT file system (NTFS) is a Windows file system that supports a 64-bit address space and can provide extra features such as file-by-file compression and RAID support as well as advanced file attribute management tools, encryption, and disk quotas. NTFS can support a maximum volume size of up to 8 PB.
A company has had several virus infections over the past few months. The root cause was determined to be known vulnerabilities in the software applications in use by the company. What should an administrator implement to prevent future outbreaks?
OBJ-1.11: Since the viruses exploited known vulnerabilities, there should be patches available from the manufacturer/vendor. Patch management is the process of distributing and applying updates to the software to prevent vulnerabilities from being exploited by an attacker or malware. Proper patch management is a technical control that would prevent future outbreaks. An acceptable use policy (AUP) is a document stipulating constraints and practices that a user must agree to for access to a corporate network or the Internet. While some items in the AUP might help prevent a malware infection (such as not allowing users to download and run programs from the internet), it is considered an administrative control, and choosing a technical control like patch management would better protect the network. An incident response team or emergency response team is a group of people who prepare for and respond to any emergency incident, such as a natural disaster or an interruption of business operations. An incident response team will respond to the virus infections, but they would not prevent them from occurring. Host-based intrusion detection systems (HIDS) help organizations to identify threats inside the network perimeter by monitoring host devices for malicious activity that, if left undetected, could lead to serious breaches. A HIDS may detect the effects of a virus infection, such as a client becoming a zombie in a botnet, but it will not prevent these outbreaks from occurring.
Which Linux command is used to print the full contents of a file to the screen at once?
OBJ-1.11: The cat (short for "concatenate") command is one of the most frequently used commands in Linux/Unix. The cat command allows the creation of single or multiple files, view file contents, concatenate files, and redirect output in the terminal to a file. The grep is a command-line utility for searching plain-text data sets for lines that match a regular expression. The grep command works on Unix, Linux, and macOS operating systems. Grep is an acronym that stands for Global Regular Expression Print. The dig command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information. The ls command lists the files or directories in the current path of a Unix, Linux, or Mac operating system. When invoked without any arguments, ls lists the files in the current working directory.
A file currently has permissions of 755. Which of the following commands would change file permission to r-xr--r--?
OBJ-1.11: The chmod command is used to change a file or directory's permissions from the command line or terminal. A technician can either use u+ to add user permission and g+ to add group permissions, or they can use the octal value. In this case, the octal value of r-wr--r-- is 544. In Linux, you can convert letter permissions to octal by giving 4 for each R, 2 for each W, and 1 for each X. R is for read-only, W is for write, and X is for execute. The permissions strings are written to represent the owner's permissions, the group's permissions, and the other user's permissions.
Which of the following commands is used on a Linux system to convert and copy files from one hard disk to another?
OBJ-1.11: The dd command is used to convert and copy files. On Unix and Unix-like operating systems like Linux, almost everything is treated as a file, even block devices like a hard disk drive. This makes dd useful to clone disks or wipe data from a drive. The mv command is a command-line utility that moves files or directories from one place to another. The mv command supports moving single files, multiple files, and directories. The mv command can prompt before overwriting files and will only move files that are newer than the destination. When the mv command is used, the file is copied to the new directory and removed from the old directory. The ls command lists the files or directories in the current path of a Unix, Linux, or Mac operating system. When invoked without any arguments, ls lists the files in the current working directory. The cd command is used to change the directory. If used with the "cd .." option, it will move up one directory in the file system's directory structure. If used with the "cd ."
Which command would a Linux user need to enter to change their password?
OBJ-1.11: The passwd command changes passwords for user accounts. A normal user may only change the password for their account, while the superuser may change the password for any user. The chown command is used to change the owner of the file, directory, or link in Linux. The pwd command displays the present working directory (current directory) path to the terminal or display. If you are working on a Linux system and are unsure of where you are in the directory structure, type "pwd" and hit enter to display the path to the screen. The ps command is used to list the currently running processes, and their PIDs and some other information depend on different options. It reads the process information from the virtual files in the /proc file system. The /proc directory contains virtual files and is known as a virtual file system.
Jason is building an inexpensive workstation for one of the employees at Dion Training. The workstation will utilize an Intel x86 processor. Which of the following editions of Windows will support installation on this workstation?
OBJ-1.1: All editions of Windows 10 are available in either x86 (32-bit) or x64 (64-bit) versions. When using a 32-bit version of Windows 10, a maximum of 4 GB of RAM is supported. All editions of Windows 11 only support x64 (64-bit) processors due to the higher minimum memory requirements. All Windows 11 editions require a minimum of 4 GB of memory to operate.
Which command-line tool is used on a Windows system to move upward in a directory within the system's directory structure?
OBJ-1.2: The cd command is used to change the directory. If used with the "cd .." option, it will move up one directory in the file system's directory structure. If used with the "cd ." option, it will remain in the current directory. The cd command can be used to move directly to another directory or path if entered as "cd (some other directory or path)" into the command line. The dir command is used to list a directory's files and subdirectories. The ls command is used on a Linux system to list a directory's files and subdirectories. The ls command only works on a Windows system when you are using PowerShell, not the command line.
A workstation at Dion Training's office is taking a long time to boot up. Once it finishes booting to the Windows 10 desktop, which of the following tools can a technician use to diagnose and fix the boot issues?
OBJ-1.3: System configuration (msconfig.exe) is a system utility to troubleshoot the Microsoft Windows startup processes. MSConfig is used to disable or re-enable software, device drivers, and Windows services that run at startup, or to change boot parameters. PerfMon is a performance monitoring and system monitoring utility in Windows that is used to monitor the activities on CPU and memory activity on a computer. Performance monitor is used for viewing performance data either in real-time or from a log file. The performance monitor can only monitor the resource utilization, but it cannot manage or terminate those processes. Resource monitor is a utility used to display information about the use of hardware (CPU, memory, disk, and network) and software (file handles and modules) resources in real-time. The resource monitor helps check the performance counters of specific resources and decide a course of action to improve the performance. System information (msinfo32.exe) is a utility that gathers information about your computer and displays a comprehensive list of hardware, system components, and the software environment that can be used to diagnose computer issues.
Which of the following allows a user to save their current session to memory and put a Windows 10 computer into a minimal power state?
OBJ-1.4: Sleep or standby mode is used to save the current session to memory and put the computer into a minimal power state to save battery life when the system is not being used. The computer takes less time to start up again from the sleep or standby mode than it does from the hibernate mode. Hibernate mode is used to save the current session to disk before powering off the computer to save battery life when the system is not being used. The computer takes longer to start up again from hibernate mode than it does from the sleep or standby mode. Shutdown mode completely powers off the computer and does not save the current user session to disk. Instead, the shutdown will close all open files and log out the user during the shutdown process. A lock will secure the desktop with a password while leaving programs running.
Which of the following Control Panel sections would allow a technician to add or remove an external scanner from a Windows 10 computer?
OBJ-1.4: The Devices and Printers section of the Control Panel allows a technician to manage the printers, scanners, and other external devices connected to a Windows computer. The System section of the Control Panel allows a technician to see information about the workstation, including the processor type, amount of memory, and operating system version installed on the computer. The Device Manager is used to view and control the hardware attached to the computer. The device manager will highlight a piece of hardware that is not working so that a technician can repair or replace it. The Programs and Features section of the Control Panel allows a technician to install or remove applications, software packages, and features in the Windows operating system.
Dion Training uses DHCP to assign private Class A IP addresses to its Windows 10 workstations. Which of the following IP addresses is a Class A address?
OBJ-1.6: Private IP addresses are any addresses in a specified range that are not allowed to be routed over the Internet. This allows companies to use these private IP addresses in their local area networks without having to purchase them from an internet registry. The class A private IP address range contains the addresses from 10.0.0.0 to 10.255.255.255.255. The class B private IP address range contains the addresses from 172.16.0.0 to 172.31.255.255. The class C private IP address range contains the addresses from 192.168.0.0 to 192.168.255.255. The APIPA/link-local autoconfiguration range is from 169.254.0.0 to 169.254.255.255.
Dion Training uses DHCP to assign private Class C IP addresses to its Windows 10 workstations. Which of the following IP addresses is a Class C address?
OBJ-1.6: Private IP addresses are any addresses in a specified range that are not allowed to be routed over the Internet. This allows companies to use these private IP addresses in their local area networks without having to purchase them from an internet registry. The class A private IP address range contains the addresses from 10.0.0.0 to 10.255.255.255.255. The class B private IP address range contains the addresses from 172.16.0.0 to 172.31.255.255. The class C private IP address range contains the addresses from 192.168.0.0 to 192.168.255.255. The APIPA/link-local autoconfiguration range is from 169.254.0.0 to 169.254.255.255.
What is the minimum amount of RAM needed to install Windows 10 on a 32-bit system?
OBJ-1.7: For the Windows 10 (32-bit) operating system, the minimum requirements are a 1 GHz processor and 1 GB of RAM. For the Windows 10 (64-bit) operating system, the minimum requirements are a 1 GHz processor and 2 GB of RAM. For the Windows 11 (64-bit) operating system, the minimum requirements are a dual-core 1 GHz processor and 4 GB of RAM.
What is the minimum processor required to install Windows 10 (x64) on a device?
OBJ-1.7: For the Windows 10 (32-bit) operating system, the minimum requirements are a 1 GHz processor and 1 GB of RAM. For the Windows 10 (64-bit) operating system, the minimum requirements are a 1 GHz processor and 2 GB of RAM. For the Windows 11 (64-bit) operating system, the minimum requirements are a dual-core 1 GHz processor and 4 GB of RAM.
Will, an IT technician, has been tasked with investigating a recent Windows upgrade and make a recommendation as to whether the company should upgrade its workstations. He notices that the upgrade will not work with a drawing program that is key to the Drafting Department. He asks the Drafting Department if they would consider using a different drawing program. Which upgrade consideration is represented by his conversation with the Drafting Department?
OBJ-1.7: He is looking at user preferences. Although the conversation is the result of his considering whether existing software will work with the upgrade, the conversation addresses the user preference consideration because he is consulting users before making a decision about the upgrade. Since the potential issue is software based, this is not a hardware compatibility consideration. He will need to consider third-party drivers, but that isn't the consideration indicated in the scenario.
Which of the following contains virtual memory that can supplement the physical system memory in a Linux system?
OBJ-1.8: The swap partition on a Linux system is a portion of the hard disk formatted with a minimal kind of file system and used in situations when the operating system runs out of physical memory and needs more of it. It can only be used by the memory manager and not for the storage of ordinary data files. The third extended filesystem (ext3) is a journaled file system commonly used by the Linux kernel. The ext3 file system can support a maximum volume size of up to 32 TB. The fourth extended filesystem (ext4) is a journaled file system that is used natively by modern Linux operating systems such as Debian and Ubuntu. The ext4 file system can support a maximum volume size of up to 1 EB. The network file system (NFS) is used to mount remote storage devices into the local file system on a Linux system. It allows you to mount your local file systems over a network and remote hosts to interact with them while mounted locally on the same system.
A user with an older laptop running Windows 7 that has only 2 GB of RAM, 32 GB of SSD, and a 1.7 GHz 64-bit processor. The user would like to upgrade to a newer OS since Windows 7 is now considered end-of-life. Which of the following operating systems should the technician recommend to ensure the BEST performance on this computer?
OBJ-1.9: The user should update their laptop to Windows 10 since it is not considered end-of-life yet and will support being installed on a laptop with only 2 GB of RAM. Windows 10 minimum requirements for a 32-bit operating system are a 1 GHz processor, 1 GB of RAM, and at least 32 GB of hard drive space. Windows 10 minimum requirements for a 64-bit operating system are a 1 GHz processor, 2 GB of RAM, and at least 32 GB of hard drive space. Windows 11 requires a 1 GHz processor, 4 GB of RAM, and 64 GB of hard drive space. Windows 8 and Windows 8.1 are considered end-of-life and should not be installed.
Which type of authentication method is commonly used with physical access control systems and relies upon RFID devices embedded into a token?
OBJ-2.1: A proximity card is a contactless card that usually utilizes RFID to communicate with the reader on a physical access system. These are commonly used to access secured rooms (such as server rooms) or even a building itself (such as at an access control vestibule). Some smart cards contain proximity cards within them, but the best answer to this question is proximity cards since that is the function of the smart card would be the device used to meet this scenario's requirements. An HMAC-based one-time password (HOTP) is a one-time password algorithm based on hash-based message authentication codes. A Time-based one-time password (TOTP) is a computer algorithm that generates a one-time password that uses the current time as a source of uniqueness.
A network administrator has set up a firewall and set up only three allow rules so that traffic can be sent over ports 21, 110, and 25. Next, they added a final rule of "deny any any" to the end of the ACL to minimize the attack surface and better secure the network. Unfortunately, now the administrator is receiving complaints from users that they cannot access any web pages using their URLs, such as DionTraining.com. Which of the following should the administrator do to correct this issue?
OBJ-2.1: The Hypertext Transfer Protocol (HTTP) uses port 80 and is an application layer protocol for distributed, collaborative, hypermedia information systems using unencrypted data transfer. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. If the outbound port 80 is not open, then users will not be able to connect to a remote web server. If the outbound port 53 is not open, then the users will be unable to conduct a DNS name resolution and determine the IP address of the given web server based on its domain name. Port 22 is used for SSH/SCP/SFTP. Port 143 is used for IMAP. Port 139 and 445 are used for SMB. Port 389 is used for LDAP. Port 110 is used for POP3.
Your company has just installed a brand new email server, but you determined that the server cannot send emails to another server during your initial testing. You decide to check the firewall's ACL to see if the server's outgoing email is being blocked. Which of the following ports should you ensure is open and not blocked by the firewall?
OBJ-2.1: The Simple Mail Transfer Protocol (SMTP) uses port 25 and is an internet standard communication protocol for electronic mail transmission. Internet Message Access Protocol (IMAP) uses port 143 and is an Internet standard protocol used by email clients to retrieve email messages from a mail server over a TCP/IP connection. Post Office Protocol version 3 (POP3) uses port 110 and is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. Secure Shell (SSH) uses port 22 to securely create communication sessions over the Internet for remote access to a server or system.
Dion Training wants to implement a new wireless network using WPA3 in their offices. Which of the following features of WPA3 is used to provide a password-based authentication using the dragonfly handshake instead of the older WPA 4-way handshake?
OBJ-2.2: Simultaneous Authentication of Equals (SAE) is a password-based authentication and password-authenticated key agreement method used in WPA3 that replaced the 4-way handshake used in WPA-based wireless networks. The SAE handshake is also known as the dragonfly handshake. Enhanced Open enables encryption for traffic being sent and received over a wireless network when still using open authentication. AES Galois Counter Mode Protocol (GCMP) is a high-performance mode of operation for symmetric encryption that supports authenticated encryption with associated data (AEAD). Management protection frames protect unicast and multicast management action frames to protect against eavesdropping and forgery in WPA3-based wireless networks.
Which of the following policies or plans would describe the access requirements for connecting a user's laptop to the corporate network?
OBJ-2.7: A bring your own device (BYOD) policy allows, and sometimes encourages, employees to access enterprise networks and systems using personal mobile devices such as smartphones, tablets, and laptops. A remote access policy is a document that outlines and defines acceptable methods of remotely connecting to the internal network. A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. This document promotes strong passwords by specifying a minimum password length, complexity requirements, requiring periodic password changes, and placing limits on the reuse of passwords. An onboarding policy is a documented policy that describes all the requirements for integrating a new employee into the company and its cultures, as well as getting that new hire all the tools and information they need to begin their job successfully.
A small doctor's office has asked you to configure their network to use the highest levels of wireless security and desktop authentication. The office only uses cloud-based SaaS applications to store their patient's sensitive data. Which TWO of the following protocols or authentication methods should you implement for the BEST security?
OBJ-2.2: Since everything is being stored within a cloud-based SaaS application, the doctor's office needs to ensure their network connection uses the highest encryption level (WPA2), and their desktop authentication should use a multifactor authentication system. Multifactor authentication relies on using at least 2 of the following factors: something you know (password or pin), something you have (smart card or key fob), something you are (fingerprint or retinal scan), or something you do (draw a pattern or how you sign your name). Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption. Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection. WEP is considered vulnerable to attacks that can break its encryption. WEP relies on the use of a 24-bit initialization vector to secure its preshared key. The Wi-Fi Protected Setup (WPS) is a mechanism for auto-configuring a WLAN securely for home users. On compatible equipment, users push a button on the access point and connect adapters to associate them securely. WPS is subject to brute force attacks against the PIN used to secure them, making them vulnerable to attack. The Remote Authentication Dial-in User Service (RADIUS) is used to manage remote and wireless authentication infrastructure. Users supply authentication information to RADIUS client devices, such as wireless access points.
Which of the following authentication protocols was developed by Cisco to provide authentication, authorization, and accounting services?
OBJ-2.2: TACACS+ is an extension to TACACS (Terminal Access Controller Access Control System) and was developed as a proprietary protocol by Cisco. The Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that operates on port 1812 and provides centralized Authentication, Authorization, and Accounting management for users who connect and use a network service, but Cisco did not develop it. Kerberos is a network authentication protocol designed to provide strong mutual authentication for client/server applications using secret-key cryptography developed by MIT. Challenge-Handshake Authentication Protocol (CHAP) is used to authenticate a user or network host to an authenticating entity. CHAP is an authentication protocol but does not provide authorization or accounting services.
Which of the following types of wireless encryption uses a 40-bit encryption key with an RC4 encryption cipher?
OBJ-2.2: The Wired Equivalent Privacy (WEP) encryption system is based on the RC4 encryption cipher. WEP uses a 40-bit encryption key and a 24-bit initialization vector by default, creating a 64-bit key. Newer versions of WEP support a 128-bit key size. A larger encryption key creates stronger encryption and is more difficult to attack. WEP is considered weak by today's standards and should be replaced by WPA2 or strong encryption schemes. Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications designed to replace WEP. WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption. An open network does not use an encryption key or preshared key to protect the network.
Which of the following encryption types was used by WPA to better secure wireless networks than WEP?
OBJ-2.2: Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications designed to replace WEP. WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection. WEP is considered vulnerable to attacks that can break its encryption. WEP relies on the use of a 24-bit initialization vector to secure its preshared key. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption.
Which of the following types of encryption uses a 128-bit encryption key but is considered weak due to its use of a 24-bit initialization vector?
OBJ-2.2: Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection. WEP is considered vulnerable to attacks that can break its encryption. WEP relies on the use of a 24-bit initialization vector to secure its preshared key. Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications designed to replace WEP. WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption. The Wi-Fi Protected Setup (WPS) is a mechanism for auto-configuring a WLAN securely for home users. On compatible equipment, users push a button on the access point and connect adapters to associate them securely. WPS is subject to brute force attacks against the PIN used to secure them, making them vulnerable to attack.
You are working as a mobile device technician for a large corporation's enterprise service desk. A user complains that every time they attempt to launch the company's mobile email application, it crashes and displays an error message of Code123. This is the third user with this error on an Android (model DTA) smartphone. The same app is working on your smartphone, but it is a model DTX. Which of the following should you do FIRST to attempt to solve this problem?
OBJ-3.4: Normally, your first step would be to uninstall and reinstall the application. But, since this issue is occurring on multiple devices with the same model, it would be a better first step to update the smartphone's OS. Based on the scenario, you know that the app works on a different smartphone model. With Android devices, the OS is usually modified by the smartphone manufacturer, specifically for their devices. If the app doesn't work on one model, but it does on another, it may be an operating system issue.
A corporate workstation was recently infected with malware. The malware was able to access the workstation's credential store and steal all the usernames and passwords from the machine. Then, the malware began to infect other workstations on the network using the usernames and passwords it stole from the first workstation. The IT Director has directed its IT staff to develop a plan to prevent this issue from occurring again. Which of the following would BEST prevent this from reoccurring?
OBJ-2.3: The only solution that could stop this from reoccurring would be to use an anti-virus or anti-malware solution with heuristic analysis. The other options might be able to monitor and detect the issue but not stop it from spreading. Heuristic analysis is a method employed by many computer anti-virus programs designed to detect previously unknown computer viruses and new variants of viruses already in the wild. This is behavior-based detection and prevention, so it should detect the issue and stop it from spreading throughout the network. A host-based intrusion detection system (HIDS) is a device or software application that monitors a system for malicious activity or policy violations. Any malicious activity or violation is typically reported to an administrator or collected centrally using a security information and event management system. The UTM is also acting as an IDS in this scenario based on the option presented.
Which attack utilizes a wireless access point made to look as if it belongs to the network by mimicking the corporate network's SSID to eavesdrop on the wireless traffic?
OBJ-2.4: An evil twin is meant to mimic a legitimate hotspot provided by a nearby business, such as a coffee shop that provides free Wi-Fi access to its patrons. An evil twin is a type of rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the user's knowledge. This type of attack may be used to steal the passwords of unsuspecting users by monitoring their connections or phishing, which involves setting up a fraudulent website and luring people there. A rogue access point is an access point installed on a network without the network owner's permission. For example, if an employee connected a wireless access point to a wall jack in their office so that they can use their smartphone or tablet, this would be considered a rogue access point. Therefore, an evil twin is the better answer to this question since it is specifically being made to look like it belongs on the network by mimicking the SSID of the corporate network. A WEP attack is a brute force password attack conducted against a wireless network that relies on WEP for its encryption and security. Shoulder surfing is a type of social engineering technique used to obtain information such as personal identification numbers, passwords, and other confidential data by looking over the victim's shoulder.
While investigating a data breach, you discover that the account credentials used belonged to an employee who was fired several months ago for misusing company IT systems. The IT department never deactivated the employee's account upon their termination. Which of the following categories would this breach be classified as?
OBJ-2.4: An insider threat is any current or former employee, contractor, or business partner who has or had authorized access to an organization's network, system, or data and intentionally exceeded or misused that access in a manner that negatively affected the confidentiality, integrity, or availability of the organization's information or information systems. Based on the details provided in the question, it appears the employee's legitimate credentials were used to conduct the breach. This would be classified as an insider threat. A zero-day is a vulnerability in software unpatched by the developer or an attack that exploits such a vulnerability. A known threat is a threat that can be identified using a basic signature or pattern matching. An advanced persistent threat (APT) is an attacker with the ability to obtain, maintain, and diversify access to network systems using exploits and malware.
Windows file servers commonly hold sensitive files, databases, passwords, and more. What common vulnerability is usually used against a Windows file server to expose sensitive files, databases, and passwords?
OBJ-2.4: Missing patches are the most common vulnerability found on both Windows and Linux systems. When a security patch is released, attackers begin to reverse engineer the security patch to exploit the vulnerability. If your servers are not patched against the vulnerability, they can become victims of the exploit, and the server's data can become compromised. Cross-Site Scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. Cross-site scripting focuses on exploiting a user's workstation, not a server. CRLF injection is a software application coding vulnerability that occurs when an attacker injects a CRLF character sequence where it is not expected. SQL injection is the placement of malicious code in SQL statements via web page input. SQL is commonly used against databases, but they are not useful when attacking file servers.
Which type of antivirus scan provides the best protection for a typical home user?
OBJ-2.5: On-access scans are a type of antivirus scan where the AV software intercepts operating system calls to open files to scan the file before allowing or preventing the file from being opened. On-access scans reduce performance somewhat but are essential to maintaining effective protection against malware. Weekly and daily scans are good to use, but they are not as effective in preventing infections as an on-access scan. A system administrator normally conducts safe mode scans after malware is found by an on-access scan, daily, or weekly scan.
What permissions would be represented by the octal 517?
OBJ-2.6: R-X is 5, --X is 1, and RWX is 7. In Linux, you can convert letter permissions to octal by giving 4 for each R, 2 for each W, and 1 for each X. R is for read-only, W is for write, and X is for execute. The permissions strings are written to represent the owner's permissions, the group's permissions, and the other user's permissions.
What umask should be set for a directory to have 700 as its octal permissions?
OBJ-2.6: RWX is 7 and --- is 0. In Linux, you can convert letter permissions to octal by giving 4 for each R, 2 for each W, and 1 for each X. R is for read-only, W is for write, and X is for execute. The permissions strings are written to represent the owner's permissions, the group's permissions, and the other user's permissions.
Chris just downloaded a new third-party email client for his smartphone. When Chris attempts to log in to his email with his username and password, the email client generates an error messaging stating that "Invalid credentials" were entered. Chris assumes he must have forgotten his password, so he resets his email username and password and then reenters them into the email client. Again, Chris receives an "Invalid credentials" error. What is MOST likely causing the "Invalid credentials" error regarding Chris's email client?
OBJ-2.7: If a user or system has configured their email accounts to require two-factor authentication (2FA) or multifactor authentication, then even if they enter their username and password correctly in the third-party email client, they will receive the "Invalid credentials" error message. Some email servers will allow the user to create an application-specific password to bypass the multifactor authentication requirement to overcome this. If not, then the user will have to use an email client that supports multifactor authentication. His email account is not locked out or requiring a stronger password, otherwise, those issues would have been solved when he reset the password. Full device encryption on the smartphone would not affect the use of the email client since the device is unencrypted once a user enters their PIN, password, TouchID, or FaceID as authentication.
Your company has just finished replacing all of its computers with brand new workstations. Colleen, one of your coworkers, has asked the company's owner if she can have the old computers that are about to be thrown away. Colleen would like to refurbish the old computers by reinstalling a new operating system and donating them to a local community center for disadvantaged children in the neighborhood. The owner thinks this is a great idea but is concerned that the private and sensitive corporate data on the old computer's hard drives might be placed at risk of exposure. You have been asked to choose the best solution to sanitize or destroy the data while ensuring the computers will still be usable by the community center. What type of data destruction or sanitization method do you recommend?
OBJ-2.8: Data wiping or clearing occurs by using a software tool to overwrite the data on a hard drive to destroy all electronic data on a hard disk or other media. Data wiping may be performed with a 1x, 7x, or 35x overwriting, with a higher number of times being more secure. This allows the hard drive to remain functional and allows for hardware reuse. Degaussing a hard drive involves demagnetizing a hard drive to erase its stored data. You cannot reuse a hard drive once it has been degaussed. Therefore, it is a bad solution for this scenario. Purging involves removing sensitive data from a hard drive using the device's internal electronics or an outside source such as a degausser, or by using a cryptographic erase function if the drive supports one. Shredding involves the physical destruction of the hard drive. This is a secure method of destruction but doesn't allow for device reuse.
The server administrators have asked you to open the default port on the firewall for a new DNS server. Which of the following ports should you set to ALLOW in the ACL?
OBJ-2.9: Port 53 is used for DNS. The Domain Name System (DNS) is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network. Port 67 is used for DHCP. The Dynamic Host Configuration Protocol (DHCP) is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client-server architecture. Port 110 is used for POP3. Post Office Protocol version 3 (POP3) is an application-layer Internet standard protocol used by e-mail clients to retrieve e-mail from a mail server. Port 3389 is used for RDP. Remote Desktop Protocol (RDP) is a proprietary protocol developed by Microsoft which provides a user with a graphical interface to connect to another computer over a network connection.
Your home network is configured with a long, strong, and complex pre-shared key for its WPA2 encryption. You noticed that your wireless network has been running slow, so you checked the list of "connected clients" and see that "Bob's Laptop" is connected to it. Bob lives downstairs and is the maintenance man for your apartment building. You know that you never gave Bob your password, but somehow he has figured out how to connect to your wireless network. Which of the following actions should you take to prevent anyone from connecting to your wireless network without the proper WPA2 password?
OBJ-2.9: WPS was created to ease the setup and configuration of new wireless devices by allowing the router to automatically configure them after a short eight-digit PIN was entered. Unfortunately, WPS is vulnerable to a brute-force attack and is easily compromised. Therefore, WPS should be disabled on all wireless networks. If Bob could enter your apartment and press the WPS button, he could have configured his laptop to use your wireless network without your WPA2 password. While disabling the SSID broadcast could help prevent someone from seeing your network, the issue was someone connecting to your network without having the password. Disabling the SSID broadcast would not solve this issue.
You attempt to boot a Windows 10 laptop and receive an "Operating System Not Found" error on the screen. You can see the hard disk listed in the UEFI/BIOS of the system. Which of the following commands should you use to repair the boot sector of the hard disk?
OBJ-3.1: To repair the drive's boot sector, you should use the command "bootrec /fixboot" and reboot the computer. If the disk cannot be detected, enter the system setup and try modifying settings (or even resetting the default settings). If the system firmware reports the disk's presence, but Windows still will not boot, use a startup repair tool to open a recovery mode command prompt and use the bootrec tool to repair the drive's boot information. The "bootrec /fixmbr" command is used to attempt a repair of the master boot record of a drive. The "bootrec /rebuildbcd" command is used to add missing Windows installations to the Boot Configuration Database (BCD). The diskpart command is a command-line disk-partitioning utility available for Windows that is used to view, create, delete, and modify a computer's disk partitions.
Samuel's computer is taking a very long time to boot up, and he has asked for your help speeding it up. Which TWO of the following actions should you perform to BEST resolve this issue with the least amount of expense?
OBJ-3.1: To speed up the boot process, you can defragment the hard drive, remove unnecessary applications from startup, install additional RAM, and replace the hard drive with an SSD. But, to do it with the least amount of expense, you can only defragment the hard drive or remove unnecessary applications from starting up since these actions do not require any additional components to be purchased.
An employee's inbox is now filled with unwanted emails after their email password had been compromised last week. You helped them reset their password and regain access to their account. Many of the emails are coming from different email addresses such as @yahoo.com, @gmail.com, and @hotmail.com. Which of the following actions should the user take to help reduce the amount of spam they receive?
OBJ-3.2: At the user level, the software can redirect spam to a junk folder or similar. Email filtering is any technique used to prevent a user from being overwhelmed with spam or junk email. Spam can be blocked from reaching an organization using a mail gateway to filter messages. Anti-spam filtering needs to balance blocking illegitimate traffic with permitting legitimate messages. Anti-spam techniques can also use lists of known spam servers by establishing a blocklist. If an allow list is used, only a small number of senders could send emails to the user. The technician should not create a domain-based email filter since the spammers are using Yahoo, Gmail, and Hotmail accounts to send the spam. If a domain-based email filter is created, it will block emails from all users on those email providers and prevent legitimate emails from being received.
When Jonathan opens the web browser on his computer, the initial page loads up to a search engine that he does not recognize. Jonathan attempts to use the search engine, but the results are abysmal, and the browser creates numerous pop-ups. Jonathan asks for your assistance in fixing this issue. Which TWO of the following actions do you recommend Jonathan perform first?
OBJ-3.2: Browser redirection and pop-ups are common symptoms of malware being installed on a computer. It is recommended that the web browser be reset to its default settings and configurations to remove any redirection settings that the malware may have made to the browser. Additionally, any unapproved applications should be unchecked from the Startup tab in Task Manager to ensure the malware isn't reloaded during the next reboot.
Which of the following tools should a technician use to modify the HOSTS file on a Windows 10 system to solve a website address resolution issue?
OBJ-3.2: Browser redirection usually occurs if the browser's proxy is modified or the hosts.ini file is modified. If the redirection occurs only for a small number of sites or occurs in all web browsers on a system, it is most likely a maliciously modified hosts.ini file. The hosts.ini file is a local text file that allows a user to specify specific domain names to map to particular addresses. It can be edited using any basic text editor, such as notepad. It works as an elementary DNS server and can redirect a system's internet connection. For example, if your children are overusing YouTube, you can change YouTube.com to resolve to YourSchool.edu for just your child's laptop. The Microsoft management console (MMC) is a utility that uses snap-ins for various Windows tools such as disk management, computer management, performance monitor, print management, and others to perform operations on a local or networked computer. The task manager is an advanced Windows tool that has 7 tabs that are used to monitor the Processes, Performance, App History, Startup, Users, Details, and Services on a computer. By clicking the Services tab, the technician can list all of the services installed on the computer, display their status, and start/stop/restart those services. The registry editor (RegEdit) allows you to view and make changes to system files and programs that you wouldn't be able to access otherwise. The registry is a database made up of hives and keys that control various settings on a Windows system. Incorrectly editing the Registry can permanently damage your computer, so it is important to be very careful when modifying the registry using RegEdit.
Susan is installing several updates on a Windows computer. Nine of the updates were installed without any issues, but one update produced an error and failed to install. Susan restarts the computer as part of the troubleshooting process, and the computer automatically attempts to install the failed update again. Again, the update fails to install. What should Susan do NEXT?
OBJ-3.2: If an automated system update fails to install, you should research the error number for the failed update to determine if the issue is a known error. Based on the error code, you can then determine the best method to overcome the issue. For example, a common cause of errors is inadequate space on the hard disk. If a technician needs to determine how to solve this issue best, researching the error code at Microsoft.com can help.
You are troubleshooting a user's workstation that is operating extremely slowly. You open the Task Manager and see that only Microsoft Word is currently running, but the CPU and network utilization is consistently running between 95-100%. Which of the following is MOST likely causing this issue?
OBJ-3.2: The workstation has most likely become a zombie. A zombie is any workstation running unauthorized software that directs the device to participate in a DDoS attack as part of a larger botnet. A botnet is a network of computers that have been compromised by a Trojan, rootkit, or worm malware. This workstation would then attempt to flood the victim's computer with requests over the network. These requests would require CPU and network resources to make, causing the utilization to rise to 95-100% resource utilization. Since Microsoft Word can run macros, it is possible it has become infected and is now part of a larger botnet.
You are troubleshooting a Windows 10 laptop that is infected with malware. You have already identified the type of malware on the laptop. What should you do NEXT? (Select THREE)
OBJ-3.3: The seven steps of the malware removal procedures are (1) Investigate and verify malware symptoms, (2) Quarantine the infected systems, (3) Disable System Restore in Windows, (4) Remediate the infected systems, update anti-malware software, scan the system, and use removal techniques (e.g., safe mode, pre-installation environment), (5) Schedule scans and run updates, (6) Enable System Restore and create a restore point in Windows, and (7) Educate the end user.
You have just installed a new photo-sharing social media app on your smartphone. When you try to take a photo with the app, you hear the picture-taking sound. Unfortunately, when you check the app and your photo album, you cannot find any new pictures. Which of the following actions should you take to fix this issue?
OBJ-3.4: Each app has to have the proper permissions to use the smartphone's various components, such as the microphone, camera, and storage. If the app has the correct permissions for the camera but not the storage, it will not store the photos being taken. This issue can be quickly corrected by checking the permissions under the app's settings and the smartphone's settings.
A user is having an issue with an application on their Android device. Whenever the user attempts to launch the application, the app fails and generates an error message. When asked, other users say they are not having the same issue. Which of the following should the technician attempt FIRST to solve this issue?
OBJ-3.4: To solve an issue with a mobile application, you should normally attempt the following steps. First, clear the application cache since this locally stored information can become glitchy and cause an app to crash. If you have two of the same smartphones having the same issue, it is unlikely to be the application cache causing the issue but in this case, only one user is having the issue. In this case, the technician would then attempt to update the OS of the smartphones. Updating the operating system can minimize compatibility issues and fix crashing applications. Third, you can try reinstalling the application if the other two options don't work.
You run the command ipconfig on your laptop and see that you have been assigned an IP address of 169.254.0.56. Which category of IPv4 address is this?
OBJ-3.5: APIPA stands for Automatic Private IP Addressing and is a feature of Windows operating systems. When a client computer is configured to use automatic addressing (DHCP), APIPA assigns a class B IP address from 169.254.0.0 to 169.254.255.255 to the client if the DHCP server is unavailable. A static IP address is used when the DHCP server is disabled and clients are configured manually to join the network properly. A public IP address is the outward-facing (public-facing) IP address assigned to a client. A private IP address lets a router correctly direct traffic within its network and allows devices within a network to communicate with one another, but private IP addresses cannot be used to route traffic across the internet.
Jason has built a custom Android application that he wants to install on an Android tablet without having to install it through the Play Store. Which of the following would be required to allow him to install the app's APK on the device?
OBJ-3.5: An android application package (APK) is a third-party or custom program that is installed directly on an Android device to give users and business the flexibility to install apps directly on Android devices. Android supports sideloading through the APK package format. An APK file contains all of that program's code, including .dex files, resources, assets, certificates, and manifest files. Jailbreaking is conducted on an iOS device to remove manufacturer restrictions on the device and allow other software, operating systems, or networks to work with a device. A rooted device is an Android device that has been hacked to provide the user with administrative rights to install unapproved apps, update OS, delete unwanted apps, underclock or overclock the processor, replace firmware and customize anything else. A rooted device is not required just to install an APK outside of the Play Store, though, on an Android device. Devleoper mode is used on an Android device to show additional diagnostic information when using apps or making network connections.
Tim has created a new iOS application that he wants to install on an iPad without having to install it through the official App Store. To save some money, he has not purchased a developer certificate from Apple since he isn't planning to sell this app to others. Which of the following would allow Tim to install this unofficial app on his own iPad for testing?
OBJ-3.5: Jailbreaking is conducted on an iOS device to remove manufacturer restrictions on the device and allow other software, operating systems, or networks to work with a device. An android application package (APK) is a third-party or custom program that is installed directly on an Android device to give users and business the flexibility to install apps directly on Android devices. Android supports sideloading through the APK package format. An APK file contains all of that program's code, including .dex files, resources, assets, certificates, and manifest files. A rooted device is an Android device that has been hacked to provide the user with administrative rights to install unapproved apps, update OS, delete unwanted apps, underclock or overclock the processor, replace firmware and customize anything else. A rooted device is not required just to install an APK outside of the Play Store, though, on an Android device. Devleoper mode is used on an Android device to show additional diagnostic information when using apps or making network connections.
During the reconnaissance phase of a penetration test, you have determined that your client's employees all use Android smartphones that connect back to the corporate network over a secure VPN connection. Which of the following methods would MOST likely be the best method for exploiting these?
OBJ-3.5: When targeting mobile devices, you must first determine if the company uses iPhones or Android-based devices. If they are using Android-based devices, you can use social engineering to trick a user into installing a malicious APK. As a penetration tester, you can create a malicious APK using msfvenom in the Metasploit framework. The user can install it directly from your website instead of the Google Play store.
A web server has a planned firmware upgrade for Saturday evening. During the upgrade, the power to the building is lost, and the firmware upgrade fails. Which of the following plans should be implemented to revert to the most recent working version of the firmware on the webserver?
OBJ-4.2: A backout plan or rollback plan is an IT governance integration approach that specifies the processes required to restore a system to its original or earlier state in the event of failed or aborted implementation. Every change should be accompanied by a rollback plan so that the change can be reversed if it has harmful or unforeseen consequences. A backup plan is a documented business process that identifies how data will be available for recovery by quickly copying critical data from a backup system to the production environment. A contingency plan is a plan devised for an outcome other than the usual (expected) plan. It is often used for risk management for an exceptional risk that, though unlikely, would have catastrophic consequences. For example, Dion Training is located in a hurricane-prone area, so we have a contingency plan for how we will continue operations during a hurricane by shifting our operations to another data center. An alternative plan is another word for a contingency plan.
A system administrator is assigned an approved change request with a change window of 120 minutes. After 90 minutes, the change is stuck on step five of a five-step change. The server manager decides to initiate a rollback. Which describes what the system administrator should do next?
OBJ-4.2: By performing a rollback, the administrator will change everything back to the last known good configuration before the change is started. Every change should be accompanied by a rollback (or backout) plan so that the change can be reversed if it has harmful or unforeseen consequences. Changes should also be scheduled sensitively if they are likely to cause system downtime or other negative impacts on the workflow of the business units that depend on the IT system being modified. Most organizations have a scheduled maintenance window period for authorized downtime.
You have submitted an RFC to install a security patch on all of your company's Windows 2019 servers during the weekly maintenance window. Which of the following change request documents would describe why the change will be installed during this maintenance window?
OBJ-4.2: The purpose of the change defines why the change or installation will occur. The change request documentation should define the 5 W's (who, what, when, where, why, and how) to define the why behind the change. For example, the purpose might be "to remediate several category one vulnerabilities so that our security is improved." The change's scope defines the area, number, size, or scale of a particular change. The change request documentation should define the exact scope of the change. In this example, only some of the Windows 2019 servers will receive the patch. If 50% of them are listed by their asset tracking number will receive the patch, this would clearly define this change's scope. The plan of the change defines how the change or installation will occur. The change request documentation should define the 5 W's (who, what, when, where, why, and how), with the plan documentation covering how the change is implemented. For example, the plan might say that the installation will be performed manually or through an automated patching process. It may also dictate that all servers will receive the update simultaneously or that five servers will receive it first, then another ten, then the remaining twenty. The risk analysis portion of the change request documentation provides the risk levels of carrying out the change, or not performing the requested change at this time. Risk is the likelihood and impact (or consequence) of a given action. It is important to understand the risk involved with a change before deciding to proceed with implementing the change.
Which RAID solution will provide the BEST speed and redundancy for a backup and disaster recovery server?
OBJ-4.3: RAID 10 provides the system with both speed and efficiency. With RAID 10, the system has a mirror of striped disks for full redundancy and double fault tolerance. RAID 10 configuration (also known as RAID 1+0) requires a minimum of four disks and mirrors data across a striped disk pair. This is not only the best option presented in this question but also the most expensive option. A RAID 0 provides disk striping (speed/performance) but not mirroring with a minimum of two disks. A RAID 1 provides mirroring (redundancy) but not disk striping with a minimum of two disks. A RAID 5 provides block-level striping with distributed parity to provide redundancy using a minimum of three disks.
Which of the following types of backups generates the recovered files from a complete copy of a file created at some point in time and one or more partial backups created at later times to merge them into the recovered data?
OBJ-4.3: Synthetic backup is the process of generating a file from a complete copy of a file created at some past time and one or more incremental copies created at later times. The expression synthetic in this context refers to the fact that the assembled file is not a direct copy of any single current or previously created file. Instead, a synthetic file is merged or synthesized by a specialized application program from the original file and one or more modifications to it. A full backup creates a copy of all the selected data regardless of when it was previously backed up. It takes the most time to complete a backup but is the fastest when conducting a restoral of all the data on a hard drive. A differential backup only creates a copy of the selected data that has been modified since the last full backup. It is a good compromise in speed between a full backup (which takes the longest to backup and the least to restore) and an incremental backup (which takes the least to backup and the longest to restore). An incremental backup only creates a copy of new files and files modified since the last full, incremental, or differential backup. Therefore, it takes the least amount of time to complete a backup. Unfortunately, it also takes the most time to restore since you have to first restore the full backup, then any differential and incremental backups until all your data is restored.
Which of the following backup rotation schemes requires at least one monthly full backup to be stored safely off-site?
OBJ-4.3: The 3-2-1 backup rule states that an organization should create (3) one primary backup and two copies of the data, (2) save the backups to two different types of media, and (1) keep at least one backup copy off-site. The grandfather-father-son (GFS) backup rotation scheme is widely used to combine full and incremental backups to reduce backup time and enhance storage security. Most often, the GFS is paired with the 3-2-1 rule to create a backup system with the best of both techniques. For example, the grandfather can be a full backup that is stored off-site once per month, the father is a full backup that is conducted weekly, and the son is an incremental or differential backup conducted each day. For example, each Monday a full backup can be conducted which becomes the father. Then, each day of the week a son is created by performing an incremental or differential backup. Once per month, a full backup is conducted to become the grandfather and could be moved off-site. The Tower of Hanoi is a backup rotation scheme that rotates backup media sets throughout the backup process to minimize wear and failure of tape backup media. For example, when using this method with four backup tapes labeled A, B, C, and D, a total of 16 days of backups can be maintained with just 4 tapes. Tape A is used every odd-numbered day for 16 days. Tape B is used on days 2, 6, 10, and 14. Tape C is used on days 4 and 12. Tape D is used on days 8 and 16. This allows Tape A to be overwritten every other day, while Tape B is overwritten every four days and Tapes C and D are overwritten every 8 days.
You are helping to set up a backup plan for your organization. The current plan states that all of the organization's Linux servers must have a daily backup conducted. These backups are then saved to a local NAS device. You have been asked to recommend a method to ensure the backups will work when needed for restoration. Which of the following should you recommend?
OBJ-4.3: The only way to fully ensure that a backup will work when needed is to restore the files from the backups. To do that, it is best to restore them to a test server since this will not affect your production environment.
You are going to replace a power supply in a desktop computer. Which of the following actions should you take FIRST?
OBJ-4.4: Before working on a computer or server, you should always remove your jewelry. Jewelry such as bracelets and necklaces can often dangle and come into contact with sensitive components or electrical connections that can cause damage to the components or injure you. Therefore, all jewelry should be removed before working on an electrical system or computer to reduce the risk of shock. A grounding probe is not required to discharge the power supply since the technician should never be opening up the case of a power supply. The old power supply should be safely disposed of after it is removed, but it should not be removed until you have removed your jewelry. Proper cable management is important when installing a power supply, but again this should only occur after removing your jewelry.
Your company is concerned about the possibility of power fluctuations that may occur and cause a small increase in the input power to their server room. What condition is this known as?
OBJ-4.5: An extended over-voltage event is known as a power surge. A power surge is basically an increase in your electrical current. A power surge often has levels of 10-30% above the normal line voltage and lasts from 15 milliseconds up to several minutes. An under-voltage event is a reduction in or restriction on the availability of electrical power in a particular area. The irregular power supply during an under-voltage event can ruin your computer and other electronic devices. Electronics are created to operate at specific voltages, so any fluctuations in power (both up and down) can damage them. To protect against an under-voltage event, you can use either a battery backup or a line conditioner. A significant over-voltage event that occurs for a very short time is known as a power spike. A power spike is a very short pulse of energy on a power line. Power spikes can contain very high voltages up to and beyond 6000 volts but usually last only a few milliseconds instead of longer but lower voltage power surges. A power loss or power failure is a total loss of power in a particular area. To protect against a power loss or power failure, a battery backup should be used.
Jason has an old 2017 Dell Laptop that he uses to connect to his office network while traveling. The computer is slow and is running Windows 7. The laptop's screen was recently cracked and needs replacement. Jason brings the laptop to the computer store you work at and asks for your assistance. Which of the following do you recommend?
OBJ-4.7: In this scenario, you should recommend that he purchase a new laptop. Since the laptop is 5-7 years old, it is unlikely to be worth the cost of repair since he could buy a new laptop for $200 to $500. This new laptop would be faster, more secure, and last longer than repairing this old laptop. As a technician, you should weigh the benefits and drawbacks of a particular repair and provide a good recommendation to your customer.
What type of structure is "IF THEN ELSE" in scripting?
OBJ-4.8: A branch is used to control the flow within a computer program or script, usually based on some logic condition. Often, these are implemented with IF THEN ELSE statements. A variable is a placeholder in a script containing a number, character, or string of characters. Variables in scripts do not have to be declared (unlike in programming languages) but can be assigned a value. Then, the variable name is referenced throughout the script instead of the value itself. A loop deviates from the initial program path to some sort of logic condition. In a loop, the computer repeats the task until a condition is met. Often implemented with For or While statements. For example, a short script like (For i=1 to 100, print I, next) would print the numbers from 1 to 100 to the screen. A constant is a specific identifier that contains a value that cannot be changed within the program. For example, the value to convert a number from F to C is always 5/9 because the formula is C = (F -32) * 5/9.
A programmer is writing a script to display all the numbers from 1 to 100 to the screen. Which of the following should they use in their script?
OBJ-4.8: A loop deviates from the initial program path to some sort of logic condition. In a loop, the computer repeats the task until a condition is met. Often implemented with For or While statements. For example, a short script like (For i=1 to 100, print I, next) would print the numbers from 1 to 100 to the screen. A constant is a specific identifier that contains a value that cannot be changed within the program. For example, the value to convert a number from F to C is always 5/9 because the formula is C = (F -32) * 5/9. A comment is written into the code to help a human understand the initial programmer's logic. In Python, for example, you can use the # symbol to comment on a line of code. Anything on the line after the # is ignored by the computer when the script is being executed. A branch is used to control the flow within a computer program or script, usually based on some logic condition. Often, these are implemented with IF THEN ELSE statements.
What type of structure is a "Do While" in scripting?
OBJ-4.8: A loop deviates from the initial program path to some sort of logic condition. In a loop, the computer repeats the task until a condition is met. Often implemented with For, For Next, While, or Do While statements. For example, a short script like (For i=1 to 100, print I, next) would print the numbers from 1 to 100 to the screen. A branch is used to control the flow within a computer program or script, usually based on some logic condition. Often, these are implemented with IF THEN ELSE statements. A variable is a placeholder in a script containing a number, character, or string of characters. Variables in scripts do not have to be declared (unlike in programming languages) but can be assigned a value. Then, the variable name is referenced throughout the script instead of the value itself. A constant is a specific identifier that contains a value that cannot be changed within the program. For example, the value to convert a number from F to C is always 5/9 because the formula is C = (F -32) * 5/9.
What type of structure is "For Next" in scripting?
OBJ-4.8: A loop deviates from the initial program path to some sort of logic condition. In a loop, the computer repeats the task until a condition is met. Often implemented with For, For Next, While, or Do While statements. For example, a short script like (For i=1 to 100, print I, next) would print the numbers from 1 to 100 to the screen. A constant is a specific identifier that contains a value that cannot be changed within the program. For example, the value to convert a number from F to C is always 5/9 because the formula is C = (F -32) * 5/9. A branch is used to control the flow within a computer program or script, usually based on some logic condition. Often, these are implemented with IF THEN ELSE statements. A variable is a placeholder in a script containing a number, character, or string of characters. Variables in scripts do not have to be declared (unlike in programming languages) but can be assigned a value. Then, the variable name is referenced throughout the script instead of the value itself.
A coworker is creating a file containing a script. You look over their shoulder and see "#!/bin/bash" as the first line in the file. Based on this, what type of file extension should this script use?
OBJ-4.8: A shell script is a file that contains a list of commands to be read and executed by the shell in Linux and macOS. A .sh file is used for a shell script and its first line always begins with #!/bin/bash that designates the interpreter. This line instructs the operating system to execute the script. Shell scripts allow you to perform various functions. These functions include automation of commands and tasks of system administration and troubleshooting, creating simple applications, and manipulating text or files. Python is a general-purpose programming language that can develop many different kinds of applications. It is designed to be easy to read, and the programs use fewer lines of code compared to other programming languages. The code runs in an interpreter. Python is preinstalled on many Linux distributions and can be installed on Windows. Python scripts are saved using the .py extension. VBScript is a scripting language based on Microsoft's Visual Basic programming language. Network administrators often use VBScript to perform repetitive administrative tasks. With VBScript, you can run your scripts from either the command-line or the Windows graphical interface. Scripts that you write must be run within a host environment. Windows 10 provides Internet Explorer, IIS, and Windows Script Host (WSH) for this purpose. Batch scripts run on the Windows operating system and, in their simplest form, contain a list of several commands that are executed in a sequence. A .bat file is used for a batch script. You can run the file by calling its name from the command line or double-clicking the file in File Explorer. Generally, batch file scripts run from end to end and are limited in branching and user input
Which of the following is used to communicate data and preferences to child processes within a script or batch file?
OBJ-4.8: Shell scripts and batch files use environment variables to communicate data and preferences to child processes. They can also be used to store temporary values for reference later in a shell script. A variable is a placeholder in a script containing a number, character, or string of characters. Variables in scripts do not have to be declared (unlike in programming languages) but can be assigned a value. Then, the variable name is referenced throughout the script instead of the value itself. A comment is written into the code to help a human understand the initial programmer's logic. In Python, for example, you can use the # symbol to comment on a line of code. Anything on the line after the # is ignored by the computer when the script is being executed. A constant is a specific identifier that contains a value that cannot be changed within the program. For example, the value to convert a number from F to C is always 5/9 because the formula is C = (F -32) * 5/9.
Which of the following file types are commonly used by network administrators to perform repetitive tasks using a Microsoft proprietary programming language?
OBJ-4.8: VBScript is a scripting language based on Microsoft's Visual Basic programming language. Network administrators often use VBScript to perform repetitive administrative tasks. With VBScript, you can run your scripts from either the command-line or the Windows graphical interface. Scripts that you write must be run within a host environment. Windows 10 provides Internet Explorer, IIS, and Windows Script Host (WSH) for this purpose. A shell script is a file that contains a list of commands to be read and executed by the shell in Linux and macOS. A .sh file is used for a shell script and its first line always begins with #!/bin/bash that designates the interpreter. This line instructs the operating system to execute the script. Shell scripts allow you to perform various functions. These functions include automation of commands and tasks of system administration and troubleshooting, creating simple applications, and manipulating text or files. Python is a general-purpose programming language that can develop many different kinds of applications. It is designed to be easy to read, and the programs use fewer lines of code compared to other programming languages. The code runs in an interpreter. Python is preinstalled on many Linux distributions and can be installed on Windows. Python scripts are saved using the .py extension. JavaScript is a scripting language that is designed to create interactive web-based content and web apps. The scripts are executed automatically by placing the script in the HTML code for a web page so that when the HTML code for the page loads, the script is run. JavaScript is stored in a .js file or as part of an HTML file.
Your mother says there is something wrong with her computer, but unfortunately, she doesn't know how to fix it. She asks if you can remotely connect to her computer and see if you can fix it. Which of the following technologies would BEST allow you to remotely access her computer and interact with her Windows 10 laptop?
OBJ-4.9: Remote Desktop Protocol (RDP) is a Microsoft protocol designed to facilitate application data transfer security and encryption between client user devices and a virtual network server. It enables a remote user to add a graphical interface to the desktop of another computer. Whether across the house or the country, you can now help solve your mother's computer problems anytime with RDP. Telnet should not be used in a network due to its weak security posture. Telnet transmits all of the data in plain text (without encryption), including usernames, passwords, commands, and data files. For this reason, it should never be used in production networks and has been replaced by SSH in most corporate networks. SSH (Secure Shell) is used to remotely connect to a network's switches and routers to configure them securely. SSH is typically used for logging into a remote machine and executing commands, but it also supports tunneling, forwarding TCP ports, and X11 connections; it can transfer files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols. SSH uses the client-server model. A remote-access VPN connection allows an individual user to connect to a private network from a remote location using a laptop or desktop computer connected to the internet. A remote-access VPN allows individual users to establish secure connections with a remote computer network. Once established, the remote user can access the corporate network and its capabilities as if they were accessing the network from their own office spaces.
Which of the following remote access protocols should you use to connect to a Linux server securely over the internet?
OBJ-4.9: SSH (Secure Shell) is used to remotely connect to a network's switches and routers to configure them securely. SSH is typically used for logging into a remote machine and executing commands, but it also supports tunneling, forwarding TCP ports, and X11 connections; it can transfer files using the associated SSH file transfer (SFTP) or secure copy (SCP) protocols. SSH uses the client-server model. Telnet should not be used in a network due to its weak security posture. Telnet transmits all of the data in plain text (without encryption), including usernames, passwords, commands, and data files. For this reason, it should never be used in production networks and has been replaced by SSH in most corporate networks. Remote Desktop Protocol (RDP) is a Microsoft protocol designed to facilitate application data transfer security and encryption between client user devices and a virtual network server. It enables a remote user to add a graphical interface to the desktop of another computer. FTP is used for file transfer only, not remote access.
A network administrator needs to allow employees to upload files to a remote server securely. What port must be allowed through the firewall?
OBJ-4.9: To securely upload a file, the employees could use SFTP (Secure FTP) or SCP (Secure Copy). Both SFTP and SCP operate over port 22, therefore port 22 must be opened by the firewall so that the employees can reach the file servers. Port 21 is used by the File Transfer Protocol, but it is not a secure method of sending files. There is a more secure version of FTP known as FTPS, but that uses port 990. Port 25 is reserved for the simple mail transfer protocol (SMTP), which is an internet standard communication protocol for electronic mail transmission. Port 161 is reserved for simple network management protocol (SNMP), which is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks.