WRONG ANSWERS C.3.2 CompTIA A+ 220-1102 (Core 2) Domain 2: Security

Which of the following encryption algorithms is considered one of the strongest encryption protocols and is used in more than just wireless networks? AES TACACS+ TKIP RADIUS

AES

Which of the following processes is used to prove a user's identity? Authorization Logical security Certificate Manager Authentication

Authentication

Listen to exam instructions Which of the following is a firewall type that scans network traffic based on TCP or UDP transmission? Packet filtering Application-level gateway Access control list Circuit-layer gateway

Circuit-layer gateway

What does Active Directory use to locate and name network objects? DNS IPv4 Domain controller Containers

DNS

Which of the following statements is true regarding hard tokens? Hard tokens are easy to replace if they are lost or stolen. Hard tokens are inexpensive to implement. Hard tokens provide protection even if they are lost or stolen. Hard tokens provide a higher level of security.

Hard tokens provide a higher level of security.

The AAA security standard includes authentication, authorization, and accounting (logging of user actions). Which of the following authentication protocols only provides authentication? AES RADIUS Kerberos TACACS+

Kerberos

Which of the following stores user accounts, groups, and their assigned rights and permissions? Active Directory Microsoft account Domain controller Local Users and Groups

Local Users and Groups

Listen to exam instructions Where is the access control list stored on a Windows system? answer Authentication app Hard token Master File Table Certificate Manager

Master File Table

Which of the following authentication combinations is an example of multi-factor authentication? answer Fingerprint and retinal scan PIN and authentication app Username and password Smart card and one-time code Explanation

PIN and authentication app

Administrative Templates are Registry-based settings that you can configure within a GPO to control a computer system and its overall user experience. Which of the following can you do with an Administrative Template? (Select two.) Determine who can add trusted publishers. Identify allowed or blocked software. Restrict access to Control Panel features. Control notifications. Allow users to run only the files you specify.

Restrict access to Control Panel features. Control notifications.

Which encryption method is used in WPA3 to generate a new key for every transmission? WPS PSK SAE 802.1x

SAE

Which type of malicious activity can be described as numerous unwanted and unsolicited email messages that are sent to a wide range of victims? Email hijacking Trojan Spamming Crimeware

Spamming

Which of the following authentication methods allows you to securely connect a printer to the wireless network with the least amount of effort? Open Network Captive Portal WPS PSK

WPS

You are the owner of a small startup company that consists of only five employees. Each employee has their own computer. Due to the type of services your company offers, you don't foresee the employee count increasing much in the next year or two. As a startup company, you want to keep costs low and facilitate easier file sharing and internet, printer, and local network resource access. Which of the following would be the BEST implementation for your business? A domain A tree A workgroup A forest

A workgroup

While reviewing video files from your organization's security cameras, you notice a suspicious person using piggybacking to gain access to your building. The individual in question did not have a security badge. Which of the following security measures would you MOST likely implement to keep this from happening in the future? Access control vestibule Lo-jack recovery service Door locks with card readers Cable locks

Access control vestibule

Which file attribute identifies the file as having been modified since the last backup? Read-only Encrypted Hidden Archive

Archive

You manage a group of 20 Windows workstations that are currently configured as a workgroup. You have been thinking about switching to an Active Directory configuration. Which advantages would you gain by switching to Active Directory? (Select two.) Decreased implementation cost Increased local control of workstation settings Centralized authentication Reduced need for specialized hardware Centralized configuration control

Centralized configuration control Centralized authentication

Which of the following can be used to back up a company's certificate database? Hard token Master File Table Certificate Manager MDM software

Certificate Manager

You manage a large number of workstations that belong to a Windows domain. You want to prevent someone from gaining access to login information by trying multiple passwords. Which default GPO contains a policy you can enable to guard all computers in the domain against this security breach? Group Domain Policy Group Security Policy Default Domain Policy Domain Security Policy

Default Domain Policy

The D:\ drive in your computer has been formatted with NTFS. The Rachel user account has been assigned the following permissions: Allow Full Control for the D:\Reports folder. Deny Full Control for the D:\Sales folder. Deny Full Control for the D:\Reports\2010reports.doc file. Allow Full Control for the D:\Sales\2010sales.doc file. Which of the following BEST describes the effective permissions Rachel will have for both files? Allow Full Control for D:\Reports\2010reports.doc and Deny Full Control for D:\Sales\2010sales.doc. Deny Full Control for D:\Reports\2010reports.doc and Allow Full Control for D:\Sales\2010sales.doc. Deny Full Control for both. Allow Full Control for both.

Deny Full Control for D:\Reports\2010reports.doc and Allow Full Control for D:\Sales\2010sales.doc.

Listen to exam instructions Your computer has a single NTFS partition that is used for the C: drive with the folders below. C:\Confidential C:\PublicReports You configure NTFS permissions on the C:\Confidential folder and deny the Read permission to the Users group. For the C:\PublicReports folder, you allow the Full Control permission for the Users group. You have not configured any permissions other than the defaults on any other folders or files. You take the following actions. You: Move Reports.doc from C:\Confidential to C:\PublicReports. Copy Costs.doc from C:\Confidential to C:\PublicReports. Which of the following BEST describes the permission the members of the Users group will have for the two files in the C:\PublicReports folder? Deny Read for both. Allow Full Control for Reports.doc and Deny Read for Costs.doc. Deny Read for Reports.doc and Allow Full Control for Costs.doc. Allow Full Control for both.

Deny Read for Reports.doc and Allow Full Control for Costs.doc.

Your computer has a single NTFS partition that is used for the C: drive with the folders below. C:\Confidential C:\PublicReports In the C:\Confidential folder, you edit the properties for the two files below and assign the Deny Read permission to the Users group. Reports.doc Costs.doc The C:\PublicReports folder allows the Full Control permission for the Users group. There are no other permissions assigned except the default permissions. You then take the following actions. You: Move Reports.doc from C:\Confidential to C:\PublicReports. Copy Costs.doc from C:\Confidential to C:\PublicReports. Which of the following BEST describes the permission the members of the Users group will have for the two files in the C:\PublicReports folder? Allow Full Control for Reports.doc and Deny Read for Costs.doc. Deny Read for Reports.doc and Allow Full Control for Costs.doc. Allow Full Control for both. Deny Read for both.

Deny Read for Reports.doc and Allow Full Control for Costs.doc.

You are trying to connect from outside the company network to a server inside the company network using RDP (Remote Desktop Connection). However, the connection is failing. Which network device does your network administrator MOST likely need to configure to allow this connection? Firewall Switch Hub Access point

Firewall

A user has complained about not being able to remove a program that is no longer needed on a computer. The Programs option is not available in Control Panel. You suspect that a policy is enabled that hides this option from the user. But after opening the Local Group Policy Editor, you see that the policy to hide Programs is not configured. You know that other users in this domain can access the Programs option. Where should you look next to determine whether the policy is enabled? GPOs linked to the domain that contains this user's object. The Default Domain Policy GPO. GPOs linked to organizational units that contain this user's object. The Local Group Policy.

GPOs linked to organizational units that contain this user's object.

Which of the following is the best defense against an insider network threat? Immediately revoke the employee's credentials when they leave. Install security cameras at all entrances. Implement lockout policies. Have the employee turn in their security card.

Immediately revoke the employee's credentials when they leave.

Listen to exam instructions You have a laptop running Windows 11. User Account Control (UAC) has been disabled. How would you re-enable UAC on the laptop? (Select two. Each choice is a complete solution.) In Control Panel, select User Accounts > User Accounts. In Control Panel, select User Accounts > Credential Manager. In Control Panel, select System and Security > System. Then click Advanced system settings. In Control Panel, select System and Security > Security and Maintenance. In Control Panel, select System and Security > System. Then click System protection.

In Control Panel, select System and Security > Security and Maintenance. In Control Panel, select User Accounts > User Accounts.

There are two main types of firewalls that you should be familiar with. Which of the following describes a feature of a network-based firewall? Works with a single network interface. Inspects traffic as it flows between networks. Inspects traffic received by a specific host. Is executed directly on the servers that need to be protected.

Inspects traffic as it flows between networks.

Susan has left the company and has been replaced by Manuel. You create a user account for Manuel on Susan's computer. Manuel calls you and says that he can't open a specific file on the computer. Which of the following will MOST likely correct the problem? Make Manuel's user account a member of the Power Users group. Make Manuel the file owner. Delete Susan's user account from the system. Edit the Local Security Policy and modify user rights.

Make Manuel the file owner.

You are working at the local hospital in the IT department. You have just received a promotion to junior network technician. Part of your new role involves troubleshooting network communication issues. Which of the following user groups should your account be added to? Network Configuration Operator Administrator Cryptographic Operator Remote Desktop Users

Network Configuration Operator

Computer configuration policies (also called machine policies) are enforced for the entire computer and are applied when the computer boots. Which of the following are computer configuration policies? (Select two). HKEY_CURRENT_USER Registry settings. Network communication security settings. Software installed for specific users. Scripts that run at logon or logoff. Browser favorites and security settings. Software that has been installed on the local system.

Network communication security settings. Software that has been installed on the local system.

Jane, an employee in the human resources department, has created several important PDF documents on her computer that all office managers in her building must read. She would like to make locating these files simple and maintain them as little as possible. It is important that no other users are permitted to view these documents. As the IT technician for your company, Jane has asked you to make this possible. Which of the following would MOST likely fulfill Jane's request? VPN connection Administrative share Hidden share Network share Remote Desktop connection

Network share

Listen to exam instructions You have just implemented several lockout policies. Which of the following password attacks will these policies MOST effectively protect against? Offline attack SQL injection Online attack Password spraying

Online attack

Listen to exam instructions Which of the following must be set up before you can register a facial or fingerprint scan for your account? Password PIN Security key Picture password

PIN

You manage the two folders listed below on your computer. C:\Confidential D:\PublicReports The C:\ drive is formatted with NTFS, and the D:\ drive is formatted with FAT32. On the C:\Confidential folder, you edit the properties for the following two files and assign the Deny Read permission to the Users group: Reports.doc Costs.doc You then take the following actions. You: Move Reports.doc from C:\Confidential to D:\PublicReports. Copy Costs.doc from C:\Confidential to D:\PublicReports. Which of the following BEST describes what happens to the permissions for both files as they are created in the D:\PublicReports folder? Permissions are removed from both files. Permissions are kept for Reports.doc but removed from Costs.doc. Permissions are kept on both files. Permissions are removed from Reports.doc but kept for Costs.doc.

Permissions are removed from both files.

You have been hired to assess a client's security. During your testing, you discover that users have access to other departments' files. Which of the following should you recommend that the company implement? Principle of least privilege Bring Your Own Device Mobile device management Certificate Manager

Principle of least privilege

You have been hired to investigate a recent cybersecurity attack. You have discovered that the attacker was able to send commands to the server using the login fields and steal user credentials from the database. Which of the following attacks was your client MOST likely the victim of? SQL injection On-path Cross-site scripting Brute force

SQL injection

Which Active Directory service simplifies how users log in to all the systems and applications that they need? SSO PIN Domain Workgroup

SSO

You have been assigned to the Performance Log Users group for several Windows 10 workstations. Which of the following are you allowed to do on those workstations? (Select two.) Manage the system's network configuration. Schedule logging of performance counters. Perform cryptographic operations. Enable trace providers. Access the workstations remotely using Remote Desktop Client.

Schedule logging of performance counters. Enable trace providers.

Which of the following is a common form of a social engineering attack? Distributing false information about your organization's financial status. Stealing the key card of an employee and using it to enter a secure building. Sending phishing emails. Using a sniffer to capture network traffic.

Sending phishing emails.

Listen to exam instructions Which of the following are examples of social engineering? (Select two.) Brute force password cracking War dialing Port scanning Shoulder surfing Dumpster diving

Shoulder surfing Dumpster diving

You are attempting to sign in to a computer that requires a picture password. How would you sign in? Swipe to the appropriate picture. Select the appropriate picture and enter an associated PIN. Swipe and tap with a three-step gesture. Tap the appropriate picture.

Swipe and tap with a three-step gesture.

A new computer has been added to the sales department and needs to be joined to the CorpNet domain. Which of the following System Properties settings must you use to make the change? System Properties > Remote System Properties > Advanced System Properties > System Protection System Properties > Computer Name

System Properties > Computer Name

Which of the following is an encryption algorithm that includes a base key, the MAC address of the wireless access point, and a unique packet serial number for each transmitted packet? AES Kerberos RADIUS TKIP

TKIP

Listen to exam instructions You are a security consultant. An organization has hired you to review their security measures. The employees in the organization often receive calls from hackers trying to gain sensitive information using high-pressure tactics. Which of the following actions would you MOST likely recommend to mitigate these social engineering attacks? Establish a written security policy. Implement a border firewall to filter inbound network traffic. Teach users how to recognize and respond to these attacks. Train managers to monitor user activity.

Teach users how to recognize and respond to these attacks.

Which of the following BEST describes authorization? The process of verifying a user's identity. The policy of allowing employees to use their own devices for work purposes. The process of giving users access to only the resources they need. The resources that a user can access.

The resources that a user can access.

Which of the following statements are true regarding administrative shares? (Select two.) Adding a ! sign to the end of a share name creates an administrative share. Default administrative shares grant access to the Administrators or Power Users group. If you are a member of the Administrators group, the administrative shares are visible to you when you browse the network. To connect to an administrative share, you must use the UNC path. By default, Windows automatically creates an administrative share for every volume.

To connect to an administrative share, you must use the UNC path. By default, Windows automatically creates an administrative share for every volume.

A help desk technician determines that a user's issue is caused by a corrupt file on their computer. Which of the following would be the FASTEST way to transfer a good file to the computer? Attach the file to an email and have the user copy the file to the correct folder. Establish remote assistance and transfer the file within the session. Have the user share the folder as a local share and copy the file to the share. Use the C$ administrative share to copy the file.

Use the C$ administrative share to copy the file.

Listen to exam instructions Which of the following wireless security methods uses a common shared key that is configured on the wireless access point and all wireless clients? WPA Personal and WPA2 Personal WEP, WPA Personal, and WPA2 Personal WEP WPA Enterprise and WPA2 Enterprise WEP, WPA Personal, WPA Enterprise, WPA2 Personal, and WPA2 Enterprise

WEP, WPA Personal, and WPA2 Personal

Which of the following are advantages of using an online Microsoft account? (Select two.) Files associated with the user profile are synchronized to other computers. Your account profile information is synchronized to other computers. You can force a user to change their password. You have automatic access to the Microsoft Store. You can manage user accounts from Computer Management.

Your account profile information is synchronized to other computers. You have automatic access to the Microsoft Store.

A large number of compromised computers are infected with malware that allows an attacker (herder) to control the computers to spread email spam and launch denial-of-service attacks. Which of the following does this security threat describe? Spoofing On-path attack Zombie/botnet Phishing

Zombie/botnet