A+ 11-13
Which of the following extensions identifies a program packaged for use by Windows Installer?
.msi
Which file attribute identifies the file as having been modified since the last backup?
Archive
Where system root is the C: drive, what is the path to the directories that hold user profiles in Windows 10?
C:\Users\username
Which of the following functions are performed by the TMP?
Create a hash based on installed system components
A technician was able to stop a security attack on a user's computer. When conducting a forensic investigation, which of the following actions should be performed FIRST?
Document what's on the screen
Which of the following are common forms of social engineering attack?
Hoax virus information e-mails.
You need to enable a screen saver password on the Windows workstations in your organization. Which Control Panel option should you use to do this?
Personalization
You have purchased new computers and will be disposing of your old computers. These computers were previously used for storing highly-sensitive customer order information, including credit card numbers. To properly protect the accidental discovery of the company's sensitive information, which of the following steps MUST be completed prior to getting rid of the computers?
Physically destroy the hard drives with hammer
You have a file which you would like other users to see, but not modify. Which file attribute should you use?
R
You are working at the command line and want to add the Read-only attribute to a file and remove the Hidden attribute. Which command would you use?
attrib +r -h
Which command will display a list of files and subdirectories in a directory?
dir
You are the administrator of a Linux server. Following best practices for system security and effective administration, you always login to the system with a standard non-root user account. You only elevate your privileges to root user level when you need to do an administrative task What do you enter at the command prompt that will, by default, switch you to the root user and require you to enter the root password?
su -
Which command would you use to copy all files and subdirectories in a directory, including empty subdirectories?
xcopy /e
You need to install a 32-bit application on a 32-bit version of Windows 10. In which default directory will the application be installed?
%systemdrive%\Program Files
You need to install a 32-bit application on a 64-bit version of Windows 7. Where is the default directory where the application will be installed?
%systemdrive%\Program Files (x86)
You need to see the temporary files on a machine running Windows 7.Which directory holds the user temporary files, and which environment variable stores the temporary directory path? (two)
%tmp% C:\Users\username\AppData\Local\Temp
Which of the following file extension types can be run from the command prompt? (Select three)
.exe .com .bat
Which of the following file extensions indicates a Windows system file? (Select two.)
.vxd .dll
Which option used with the copy command makes sure that all copied files are written correctly after they have been copied?
/v
You need to copy several hundred files from one directory to another. Most of the files exist in the target directory, but you want to overwrite the existing files with the ones you will copy. You want the file copy to proceed automatically without prompting you to overwrite existing files. Which command switch should you use?
/y
which of the following security practices are the BEST example of the Principle of Least Privilege?
All users on a Windows workstation are limited users except for one user who is responsible for maintaining the system.
You computer has a single NTFS partition used for the C: drive with the following folders: -C:\Confidential -C:\PublicReports You configure NTFS permissions on the C:\Confidential folder and deny the Read permission to the Users group. For the C:\PublicReports folder, you allow Full Control permission to the Users group. You have not configured any permissions other than the defaults on any other folders or files. You take the following actions: -Move Reports.doc from C:\Confidential to C:\PublicReports -Copy Costs.doc from C:\Confidential to C:\PublicReports What permissions do members of the Users group have to these two files in the C:\PublicReports folder?
Allow Full Control to both
You manage two folders in your computer as follows: * C:\Confidential * D:\PublicReports Both the C:\ and D:\ drives are formatted with the NTFS file system. In the C:\Confidential folder, you edit the properties for the following two files and assign the Deny Read permission to the Users group: * Reports.doc * Costs.doc The D:\ drive allows the Full Control permission to the Users group. There are no other permissions assigned except for the default permissions. You then take the following actions: * Move Reports.doc from C:\Confidentials to D:\PublicReports * Copy Costs.doc from C:\Confidential to D:\PublicReports Which of the following BEST describes the permissions the members of the Users group will have for the two files in the D:\PublicReports folder?
Allow Full Control to both
Which of the following is an important aspect of evidence gathering?
Backing up all log files and audit trails.
Bob is a member of the Accounting group. The Accounting group has been granted the Read and Write NTFS permissions to the WeeklyReport.xls file. Bob is also a member of the Everyone group which has been given the Full Control permission to the WeeklyReport.xsl file. Which of the following statements MOST correctly describes Bob's ability to access the WeeklyReport.xls file?
Bob can open, read, and write changes to the file
Which of the following statements are true regarding administrative shares? (Select two.)
By default, Windows automatically creates an administrative share for every volume. To connect an administrative share, you must use the UNC path.
Where system root is the C: drive, where are fonts stored on a Windows 7 system?
C:\Widows\Fonts\
Which file system path is the default location for system files in Windows 10?
C:\Windows
You have been asked to draft a document related to evidence gathering that contains details about personnel in possession and control of evidence from the time of discovery up through the time of presentation in court. What type of document is this?
Chain of custody
Which of the following would indicate when a system case cover is removed?
Chasis intrusion detection
You want to configure your computer so that a password is required before the OS will load. What should you do?
Configure a user password in the BIOS/UEFI
To tightly control the anti-malware settings on your computer, you elect to update the signature file manually. Even though you vigilantly update the signature file, the machine becomes infected with a new type of malware. Which of the following actions would BEST prevent this scenario from occurring again?
Configure the software to automatically download the definition file updates as soon as the become available.
The D:\ drive in your computer has been formatted with NTFS. The Mary user account has been assigned the following permissions: Allow Full Control to the D:\ Reports folder Deny Full Control to the D:\Sales folder Deny Full Control to the D:\Reports\2010reports .doc file Allow Full control to the D:\Sales\2010sales.doc.file Which of the following BEST describes the effective permissions Mary will have for both files?
Deny Full Control to D:\Reports\2010reportsdoc, Allow Full Control to D:\Sales\2010sales.doc
Your computer has a single NTFS partition used for the C: drive with the following folders: . C:\Confidential . C:\PublicReports In the C:\Confidential folder, you edit the properties for the following two files and assign the Deny Read permission to the Users group: .Reports.doc .Costs.doc The C:\PublicReports folder allows the Full Control permissions to the Users group. There are no other Permissions assigned except for the default permissions. You then take the following actions: Move Reports.doc from C:\Confidential to C:\PublicRecords. Copy Costs.doc from C:\Confidential to C:\PublicReports. Which of the following BEST describes the permission the members of the User group will have for the two files in the C:\PublicReports folder?
Deny Read to Reports.doc; Allow Full Control to Costs.doc
You just bought a new notebook. This system uses UEFI firmware and comes with Windows 10 preinstalled. However, you want to use Linux on this system. You download your favorite distribution and install it on the system, removing all Windows partitions on the hard disk in the process. When the installation is complete, you find that the operating system won't load when the system is rebooted. Which of the following would allow your computer to boot to linux?
Disable SecureBoot in the UEFI configuration
One of the Windows workstations you manage has four user accounts defined on it. Two of the users are limited users while the third (your account) is an administrative user. The fourth account is the Guest user account, which has been enabled to allow management employees convenient workstation access. Each limited and administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Autorun has been disabled on the system. Which of the following is MOST likely to increase the security of this system?
Disable the Guest account
Your client has hired you to evaluate their wired network security posture. As you tour their facility, you note the following: * Server systems are kept in a locked server room * User accounts on desktop systems have strong passwords assigned * A locked door is used to control access to the work area. Users must use ID badges to enter the area * Users connect their personal mobile devices to their computers using USB cables * Users work in three 8-hour shifts per day. Each computer is shared by three users. Each user has a limited account on the computer they use Based on this information, what should you recommend your client do to increase security?
Disable the USB ports on user's workstations
Which of the following are examples of social engineering? (Select TWO)
Dumpster diving Shoulder surfing
Which of the following are true of libraries?(two)
Each library can contain multiple folders from different file system locations. A single folder can be added to multiple libraries
The D:\ drive in your computer has been formatted with NTFS. The Sales group on your computer has been given Allow Full Control to the D:\Sales folder. The Mary user account is a member of the Sales group. Which of the following will BEST prevent Mary from accessing the D:\Sales\2010sales.doc file without affecting her ability to access any other files in that folder and without affecting the abilities of any other users?
Edit the properties for the file; assign Mary the deny Full Control permission.
Which tool in Windows 10 would you use to browse all networks and shared folders to which a user has access? (Select three.)
File Explorer Network This PC
If a folder exists on an NTFS partition, which permissions is needed by a user who needs to set security permissions on the folder?
Full control
You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once a week. For security reasons, your company has decided to not store a redundant copy of the backup media at an offsite location. Where would be the next best place to keep you backup media?
In a locked fireproof safe
You have created a custom library using D:\Stats as the path to the library. You want the files in the D:\Reports folder to be available in the library you created. The files should also still be accessible using the D:\Reports folder. Which of the following steps would BEST meet you requirements?
Include the D:\Reports folder in the library
You're using the vi editor to manage a text file on a Linux system. You want to type new text into the file; when you type you want the existing text that comes after the cursor to be pushed down? What mode do you need to be in to do this?
Insert Mode
You provide desktop support at the branch office of a bank. One of the Windows workstations you manage is used by a bank employee to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Which of the following would MOST likely to increase the security of this system? (Select TWO).
Install a privacy filter on the monitor Secure the computer system to the desk with a cable lock
While researching a fix to a system file issue, you find that using the ATTRIB command should resolve the issue you are experiencing. The instructions you found said to run the following command: attrib +s +r -a myfile.dll Which of the following BEST describes the function of this command?
It adds the System file attribute, adds the Read-only attribute, and removes the Archive attribute to the file myfile.dll.
Susan in accounting has left the company and been replaced by Manuel. You create a user account for Manuel on Susan's computer. Manuel calls you and says that he can't open a specific file on the computer. Which of the following will MOST likely correct the problem?
Make Manuel the owner of the file
While reviewing video files from your organization's security cameras, you notice a suspicious person using piggy-backing to gain access to your building. The individual in question did not have a security badge. Which of the following would you MOST likely implement to keep this from happening in the future?
Mantraps
A malicious person calls an employee from a cell phone. She tells the employee that she is the vice president over the Accounting department in the employee's company. She relates that she has forgotten her password demands that the employee give her his password so that she can access the reports she needs for an upcoming presentation. She threatens to fire the employee if he does not comply. Which of the following BEST describes the type of attack that just occurred?
Masquerading
You have a folder on your Windows computer that you would like to share with members of your development team. Users should be able to view and edit any file in the shared folder. You share the folder and give Everyone Full Control permission to the shared folder. Users connect to the shared folder and report that they can open the files, but they cannot modify any of the files. Which of the following would be the BEST action to take next?
Modify the NTFS permissions on the folder.
Mary and Pablo share a workstation doing customer support. Mary works in the morning, and Pablo works in the evening. One day Mary is helping a customer with a support issue. Because her shift is over, she creates a Word document with details about the customer she is helping. She saves it to the C:\Customer folder on the computer. When Pablo comes in, he is unable to open the file. Which of the following will MOST likely allow Pablo to open the file?
Modify the permissions on the document
You manage two folders in your computer as follows: * C:\Confidential * D:\PublicReports The C:\ drive is formatted with NTFS, and the D:\ drive is formatted with FAT32. In the C:\ Confidential folder, you edit the properties for the following two files and assign the Deny Read permission to the User group: * Reports.doc * Costs.doc You thn take the following actions * Move Reports.doc from C:\Confidentials to D:\PublicReports * Copy Costs.doc from C:\Confidential to D:\PublicReports Which of the following BEST describes what happens to the permissions for both files as they are created in the D:\PublicReports folder?
Permissions are removed from both files
A user within your organization received an email relating how an account containing a large sum of money has been frozen by the government of a small African nation. The user was offered a 25% share of this account if she would help the sender transfer it to a bank in the United States. The user responded to the sender and was instructed to send her bank account number so that it could be used to facilitate the transfer. She complied, and then the sender used the information to drain her bank account. What type of attack occurred?
Phishing
Several users have forwarded you an e-mail stating that your company's health insurance provider has just launched a new web site for all employees. To access the site they are told in the e-mail to click a link and provide their personal information. Upon investigation, you discover that your company's health insurance provider did not send this e-mail. Which of the following BEST describes the type of attack just occurred?
Phishing
Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through emails or Websites that impersonate an online entity that the victim trusts such as a financial institution or well-known e-commerce site?
Phishing
You have a folder that you would like members of your development team to access. You want to restrict network and local access to only specific users. All other users must not be able to view or modify the files in the folder. Which of the following would be the BEST actions to take next? (Select TWO).
Place the files on an NTFS partition Configure both share and NTFS permissions
You've just opened a text file in the vi editor and you're in Command Mode by default. There is more than one way to get from Command Mode to Replace Mode. Which of the following key-press sequences will get you into Replace Mode? (Select three)
Press the 's' Key, then press Insert Press Insert, then press Insert again Press the 'i' key , then press Insert
Match each security policy on the left with the appropriate description on the right. Each security policy may be used once, more than once, or not at all.
Provides a high-level overview of the organization's security program. Organizational Security Policy Defines an employee's rights to use company property. Acceptable Use Policy Identifies the requirements for credential used to authenticate to company-owned systems. Passwords Policy Identifies a set of rules or standards that define personal behaviors Code of Ethics Sets expectations for user privacy when using company resources. Acceptable Use Policy Specifies that user accounts should be locked after a certain number of failed login attempts. Password Policy
You have purchased a used computer from a computer liquidator. When you boot the computer, you find that there has been a password set on the BIOS. You need to clear the password so that you can edit the CMOS settings. What should you do?
Remove the motherboard battery for a few seconds
You provide desktop support at the branch office of a bank. One of the Windows workstations you manage is used by a bank employee to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. A cable lock has been installed to prevent it from being stolen. Which of the following steps could be completed to BEST increase the security of this system? (SELECT TWO)
Remove the optical drive Disable all USB ports in the BIOS/UEFI firmware configuration
The chain of custody is used for what purposes?
Retaining evidence integrity by identifying people coming into contact with evidence
One of the Windows workstations you manage has three user accounts defined on it. Two of the users are limited users while the third (you account) is an administrative user. Each limited and administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Which of the following would MOST likely increase the security of this system? (Select TWO).
Set a screensaver password Disable autorun on the system
You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to BEST prevent extracting data from the discs?
Shredding
A security technician is conducting a forensic analysis. Which of the following actions is MOST likely to destroy critical evidence?
Shutting down the system
Which of the following best describes the use of libraries in Windows?
Special folders that group files and folders, possibly stored in both local or network locations, into a single logical folder
A security incident is currently occurring on the company network. You discover that the attack involves a computer system that is attached to the network. You're unsure what kind of damage is being done to the network systems or data. Which of the following actions should take FIRST?
Stop the attack and contain the damage by disconnecting the system from the network
An intruder waits near an organization's secured entrance until an employee approaches the entrance and unlocks it with a security badge. The intruder falls in line behind the employee, who assumes the intruder is another employee and holds the door open for her. What kind of attack just occurred?
Tailgating
You are a security consultant and an organization has hired you to review their security measures. They are chiefly concerned that they could become victim of a social engineering attack. Which of the following would you MOST likely recommend they do to mitigate the risk?
Teach users how to recognize and respond to social engineering attacks.
You just bought a new computer. This system uses UEFI firmware and comes with Windows 10 preinstalled. You recently accessed the manufacturer's support website and saw that a UEFI firmware update has been released. You download the update. However, when you try to install the update, an error message is displayed indicating the digital signature on the update file is invalid. Which of the following MOST likely caused this to happen?
The update file has been tampered with
You are a security consultant and an organization has hired to evaluate an organization's physical security practices. All employees must pass through a licked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application by the organization's CEO. Network jacks are provided in the reception area such that employees and vendors can access the company network for work-related purposes. Users within the secured work area have been trained to lock their workstations if they will be leaving them for any period of time. Which of the following recommendations are you MOST likely to make to this organization to increase their security? (SELECT TWO)
Train the receptionist to keep her iPad in a locker drawer when not in use. Disable the network jacks in the reception area.
You have just installed anti-malware software on all computers on your company's network. Which of the following additional actions would be BEST to take to help protect systems from malicious software? (Select TWO)
Train users to scan removable storage devices before copying files. Configure the software to automatically update its definition files
Which security measure can be used to generate and store cryptographic keys?
Trusted Platform Module (TPM)
As the IT technician for your company, you have discovered that the anti-malware software being used is not detecting and remove a virus. Which of the following would MOST likely correct this issue?
Updating your malware definitions
You have 5 salespersons who work out of your office and who frequently leave their laptops laying on their desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the best protection to implement to address your concerns?
Use cable locks to chain the laptops to the desks.
You have purchased new computers and will be disposing of your old computers. Instead of recycling the computers, you decide to resell them by placing an ad on the Internet. These computers were previously used for storing sensitive information. To properly protect the accidental discovery of the company's sensitive information, which of the following steps MUST be completed prior to getting rid of the computers?
Use data wiping software to clear the hard drives
What is the best countermeasure against social engineering?
User awareness training
You are responsible for disposing of several old workstations formerly used by accountants in your organization's Finance department. Before being shipped to a computer recycler, you decide to make sure any old data on the hard drives is erased. To do this, you use the Windows XP Installation CDs that came with these systems to delete all partitions from the hard drives. Which of the following BEST describes state of these systems?
You should use disk wiping software to fully erase the drives.
You want to use the Universal Naming Convection (UNC) format to access a shared folder called Pictures on a computer name Home1. Which of the following is an example of the UNC format?
\\Home1\Pictures
You need to see what kind of CPU is being used on a Linux system. The /proc directory contains a text file called cpuinfo that will give you the information you're looking for. Which of the following commands will display the entire contents of the cpuinfo text file on the screen?
cat /proc/cpuinfo
Which command would you use to change the current directory to the immediate parent directory?
cd ..
You find that someone has set up an unauthorized account, with the username badmin, on the Linux server. You have disabled the account but you need to find out when and how this user has been gaining access to the system. The first step you decide to take is to inspect the contents of the /var/log/auth.log file to find information related to badmin logging into the system. Which command can you use to search through the auth.log for lines that contain the username you're looking for?
grep "badmin" /var/log/auth.log
Which are examples of a strong password? (Select two.)
il0ve2EatIceCr3am TuxP3nquinsRn0v3I
You need to view the contents of /var/log/auth.log file to get information abut the users that have been logging on to the system. The auth.log file is a plain text file so you decide to use the cat command to review the file. However, the display fills up with text for several pages and you can't see the entire file. What commands can you use to view the content of the auth.log file page by page? (Select two.)
less /var/log/auth.log more /var/log/auth.log
Which commands can you use to create a new directory? (Select two.)
mkdir md
A user has a problem accessing several shared folders on the network. After determining the issue is not from his computer's IP configuration, you suspect the shared folders re not currently connected. Which of the following commands will MOST likely confirm your suspicions?
net use
How can you see a list of valid command parameters for the net command?
net use /?
Which command lets you delete subdirectories in addition to files in the current directory?
rd /s
Which command is used to copy entire folder structures between volumes or across a network while maintaining all NTFS file permissions and attributes?
robocopy
