Study core 2
what wildcard character can be used to indicate a string of characters
* (Asterisk)
when used with the dir command what switches can be used to list files in order of name
/o:n or /on
when used with the dir command what switches can be used to list files using a wide format with no details
/w
what wildcard character would allow you to substitute for a single unspecifed character in a command
? question mark
A user's phone is randomly rebooting all the time. What should the user do first to diagnose the issue? A Conduct battery diagnostics B Determine if Inadequate resources exist C Conduct changes to autorotate settings D Ensure the device is connected to Wi-Fi.
A Conduct battery diagnostics A device that randomly reboots might be overheating, having a low battery charge, or having a faulty battery or other hardware. If users can rule out hardware causes, such as throttling due to high temperature or low battery charge, a device that is slow to respond can be an indication of resources being inadequate. Use the notification drawer or control center to check that the rotation lock is not enabled if a screen is not auto-rotating. When an update does not download, connect the device to building power and Wi-Fi. An update may be blocked when there is insufficient battery charge or when the device is connected to a metered network.
A security architect sets up a policy for the secure destruction of optical media. Which of the following is NOT an effective method? A Degaussing B Shredding C Incinerating D Smashing
A Degaussing Degaussing is when a hard disk is exposed to a powerful electromagnet that disrupts the magnetic pattern that stores the data on the disk surface. Note that degaussing does not work with SSDs or optical media. With shredding, the disk is ground into little pieces. A mechanical shredder works in much the same way as a paper shredder. With incinerating, the disk is exposed to high heat to melt its components. This should be performed in a furnace designed for media sanitization. Municipal incinerators may leave remnants. Smashing will work with optical media.
A security administrator wants to set up anomalistic monitoring around behavioral-based user activity. Which of the following could the administrator implement for monitoring? (Select all that apply.) A Failed attempts B Login times C Concurrent logins D Screen lock
A Failed attempts B Login times C Concurrent logins Monitoring login times are typically used to see if an account is logging in at an unusual time of the day or night or during the weekend. Concurrent logins are another behavioral-based monitoring mechanism. Most users should only need to sign in to one computer at a time, so this sort of policy can help to prevent or detect misuse of an account. Failed attempts can be a sign of malicious activity. The timeout/screen lock locks the desktop if the system detects no user-input device activity. This is a sensible, additional layer of protection.
A company's threat intelligence team determines that one of a threat actor's techniques is to perform a denial of service against the Remote Desktop Protocol (RDP) functionality in servers. What can the company enable to help prevent this? A NLA B RDPRA C Remote credential guard D VNC
A NLA Network Level Authentication (NLA) protects the Remote Desktop Protocol (RDP) server against denial of service attacks. Without NLA, the system configures a desktop before the user logs on. If remote desktop is used to connect to a server that has been compromised by malware, the credentials of the user account used to make the connection become highly vulnerable. RDP restricted admin (RDPRA) mode is one means of mitigating this risk. Remote credential guard is also a means of mitigating the risk with compromised credentials of compromised user accounts. In macOS, users can use the screen sharing feature for remote desktop functionality. Screen sharing is based on the Virtual Network Computing (VNC) protocol.
An administrator sets up a network share for the marketing team to collaborate. The requirement is to protect the files from a user who has local access to the computer that hosts the shared resource. What type of permission should the administrator set up? A NTFS B Share-level C FAT32 D ACE
A NTFS New Technology File System (NTFS) permissions are applied for both network and local access and can be applied to folders and to individual files. Share-level permissions only apply when a folder is accessed over a network connection. They offer no protection against a user who is logged on locally to the computer hosting the shared resource. The FAT32 file system does not support permissions. Many cameras or other similar devices use storage with FAT32, but it does not support permissions. Access control entries (ACEs) assign a set of permissions to a principal under the NTFS file structure. A principal can either be a user account or a security group.
A user experiences a slow desktop load, so they want to try to rebuild their local user profile. Which of the following is an invalid file when considering user profiles? A NTUSER.MSI B NTUSER.DAT C NTUSER.DAT.LOG B NTUSER.INI
A NTUSER.MSI NTUSER.MSI is not a valid Windows file and if a user sees it then it is most likely malware. Rebuilding a local user profile means creating a new account and then copying files from the old, corrupt profile to the new one, but excluding three files. NTUSER.DAT is the first file. NTUSER.DAT.LOG is another file that should be excluded when rebuilding a local user profile. Delays affecting the system prior to sign-in are caused by loading drivers and services. NTUSER.INI is the last file that should be excluded when rebuilding a local user profile.
A support operator helps a user who is complaining about latency and sluggish performance in a computer. Which of the following will be the least helpful in troubleshooting? A Perform a system file check (SFC). B Use Task Manager. C Reboot. D Run fewer programs.
A Perform a system file check (SFC). In modern systems, checking file integrity will not improve sluggish performance. In most instances, it will have no effect. Use Task Manager to determine if any resources are at 90-100% utilization, and then note which process is most active. If ending the process does not restore system performance, try rebooting the computer. The problem could be transitory and might not reoccur. If Windows displays an error message such as low memory, try running fewer programs, and see if the issue can be isolated to one process.
A developer is reading their email and comes across a new memorandum from the security department about a clean desk policy. Why does security need to publish this? A Personal identifiable information (PII) protection B Secure critical hardware C Prevent lunchtime attack D Protect UEFI
A Personal identifiable information (PII) protection Paper copies of personal and confidential data must not be left where they could be read or stolen. A clean desk policy ensures that all such information is not left in plain sight. A clean desk policy does not help with securing critical assets. Portable computers can be secured though to a desk using a cable lock. When in public, users must keep laptop cases insight. A lunchtime attack is where a threat actor is able to access a computer that has been left unlocked. A system user password is one that is required before any operating system can boot. The system password can be configured by the basic input/output system (BIOS) or unified extensible firmware interface (UEFI) setup program.
A manager for a server team is creating a backup strategy for full backups but with lower data transfer requirements. Which technique should the manager use? A Synthetic B Full only C Full with incremental D Full with differential
A Synthetic A synthetic backup is an option for creating full backups with lower data transfer requirements. A synthetic full backup is not generated directly from the original data but instead assembled from other backup jobs. "Full only" means that the backup job produces a file that contains all the data from the source. "Full with incremental" means that the chain starts with a full backup and then runs incremental jobs that select only new files and files modified since the previous job. "Full with differential" means that the chain starts with a full backup and then runs differential jobs that select new files and files modified since the original full job.
A penetration tester wants to perform drive mapping on an engagement on a Windows-based OS but suspects that the security is monitoring PowerShell commands. What could the tester use to map a network drive while remaining unnoticed? A net use B New-PSDrive C mount D echo "New-PSDrive"
A net use In a Windows batch file, the net use command performs drive mapping. Network drive mapping is a Windows-only concept. Mapping a drive can be done with PowerShell using the New-PSDrive cmdlet. This demonstrates the need for error handling. If users try to map a drive using a letter that has been assigned already, the script will return an error. In Linux, a file system is made available by mounting it within the root file system, using the mount and umount commands. Using the echo command simply outputs something specified to the terminal.
A user notices that their device has a leaking component and needs to take careful measures to minimize any risk and discard the approved component at the proper waste facility. Which of the following disposal is this? A) Toner B)Battery C)Fuse D)Device
A) Battery Batteries must be disposed of through an approved waste facility. Swollen or leaking batteries from devices must be handled carefully and stored within appropriate containers. Gloves and safety goggles may minimize the risk of burns from the corrosive material. Recycling used toner cartridges is offered at most vendors. The products in toner powder are not classified as hazardous to health. Device disposal can be donated, and if it can not be reused, it must be disposed of through the approved waste facility. An electrical device has a fuse appropriate to its maximum current. If the current increases past the fuse capacity, the fuse will blow. However, if the fuse fitted is rated too low, the fuse will blow too easily.
The IT Department has learned that a new employee starts on Monday and will need a computer just before the weekend. There is a used PC in the storeroom. A " no operating system found " message appears when the computer is rebooted after a technician installs Windows 10 on the computer with the hard drive partition style set to support Unified Extensible Firmware Interface (UEFI). Determine which of the following scenarios would generate that message. A) Damaged hard drive B) Faulty motherboard C) Application crash D) Courrupted MBR
A) Damaged hard drive The hard drive stores the files for the operating system, so a damaged hard drive will generate the "no operating system found" message. Applications do not load until after login, and the operating system would have to be found to load and display a login screen. It is unlikely that a faulty motherboard would lead to a "no operating system found" error. It is more likely to cause the system not to boot, not recognize peripherals, or suffer the blue screen of death (BSOD). Unified Extensible Firmware Interface (UEFI) generally does not interact with the Master Boot Record (MBR). The MBR is part of the legacy BIOS boot process.
What are their options when a company wants to create and deliver a custom app for their employees without using a public store? (Select all that apply.) A-Managed Google Play B-Bootleg App Store C-Apple Business Manager D-Developer Mode
A-Managed Google Play C-Apple Business Manager Apple operates enterprise developer and distribution programs to allow private app distribution via Apple Business Manager. Google's Play Store has a private channel option for enterprise app distribution called Managed Google Play. Developer mode is a mobile-device feature designed for testing apps during development. It has no connection to how an app is delivered, whether publicly or privately. A bootleg app store is where users can find bootleg apps that closely mimic legitimate apps; this is a way of pirating apps without paying for them. It is not a private distribution channel.
A user wants to secure their home Wi-Fi router. Which of the following are strong security practices? (Select all that apply.) A- Content filtering B- Disable 2.4 GHz frequency band C- Firmware update D- AAA
A- Content filtering C- Firmware update Content filtering means that the firewall downloads curated reputation databases that associate IP address ranges, FQDNs, and URL web addresses with sites known to host various categories of content like malware, spam, or other threats. Users should keep the firmware and driver for the home router up to date with the latest patches. This is important because it allows the user to fix security holes and support the latest security standards, such as WPA3. Disabling the 2.4 GHz frequency will not increase security. 2.4 GHz is one of the frequencies used and has a better range with slower speeds. An Authentication, Authorization, and Accounting (AAA) server is not typically set up on home networks.
A human resources specialist has started working from home. The specialist is somewhat security conscious and wants to keep their home network secure. What else besides the router operating system patches should the specialist keep patched? A- Firmware B- UPnP C- Default password D- AAA
A- Firmware Users should keep the firmware and driver for the home router up to date with the latest patches. This is important because it allows the user to fix security holes and support the latest security standards, such as WPA3. Services that require complex firewall configuration can use the Universal Plug-and-Play (UPnP) framework to send instructions to the firewall with the correct configuration parameters. A default password is not a part of patching. The home router management software will prompt users to change the default password to secure the administrator account. An Authentication, Authorization, and Accounting (AAA) server is not typically set up on home networks.
A network manager for a growing coffee company sets up wireless access points at cafe locations for users. The manager wants to set up access to allow anyone in the vicinity to join without a password but also make it as secure as possible. Which standard introduced this ability? A- WPA3 B- WPA2 C- WPA D- WEP
A- WPA3 In WPA2, Wi-Fi Enhanced Open traffic is unencrypted. WPA3 encrypts this traffic. This means that any station can still join the network, but traffic is protected against sniffing. WPA2 uses the Advanced Encryption Standard (AES) cipher deployed within the Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP). The first version of Wi-Fi Protected Access (WPA) was designed to fix critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard. Wired Equivalent Privacy (WEP) is an old legacy standard. Neither WEP nor the original WPA version is considered secure enough for continued use.
What is a type of employee device that must meet the profile that the company requires, and the employee will have to agree on the installation of corporate apps and to some level of oversight and auditing? A-BYOD B-CYOD C-COPE D-COBO
A-BYOD Bring your own device (BYOD) is a mobile device owned by the employee. The mobile is usually the most popular with employees but poses the most difficulties for security and network managers. A corporate-owned business only (COBO) device is the company's property and may only be used for company business. Corporate-owned, personally enabled (COPE) is when the company chooses and supplies the device and remains the company's property. The employee may use it to access personal email, social media accounts, and personal web browsing. Choose your own device (CYOD) is like COPE, but the employee can choose the device they want from a list.
A user has owned the same personal computer for a while and thinks it might be time for an upgrade. Which of the following are upgrade considerations? (Select all that apply.) A-Hardware compatibility B-PXE support C-Application support D-Backup files
A-Hardware compatibility C-Application support D-Backup files Hardware compatibility is a consideration. The user must make sure that the central processing unit (CPU), chipset, and RAM components are sufficient to run the OS. Application and driver support and backward compatibility are other considerations. Most version upgrades try to maintain support for applications and device drivers developed for older versions. Backup files and user preferences are a consideration. If the user is installing a new operating system or doing a clean install, the user should back up any necessary data and settings. Most computers now come with a Preboot eXecution Environment (PXE)-compliant firmware and network adapter to support this boot option and is not necessarily a consideration.
A technician is using a tool with a secure erase function that performs a zero-filling on HDDs and marks all blocks as empty on SSDs. The SSD firmware's automatic garbage collectors then perform the actual erase of each block over time. What is this tool? A-Low-level formatting B-Erasing/wiping C-Shredding D-Standard formatting
A-Low-level formatting A low-level formatting tool resets a disk to its factory condition. Most of these tools will incorporate some sanitize function. The standard formatting tool deletes partitions and writes a new file system that will only remove references to files and mark all sectors as useable. Erasing/wiping software ensures that old data is removed using zeroes or random patterns, leaving the disk in a "clean" state, ready to be passed to the new owner. This overwriting method is suitable for all but the most confidential data. Shredding is when the disk is ground into little pieces. A mechanical shredder works in much the same way as a paper shredder.
A user's phone begins to act strangely, with apps responding slowly and pop-up ads appearing frequently. When the user calls the help desk and explains the issues, the technician says it sounds like malware. What other symptoms would be common to a malware infection on a mobile phone? (Select all that apply.) A-Redirection B-APk sideloading C-Fake security warnings D-increased response times
A-Redirection C-Fake security warnings Fake security warnings are a common symptom of malware infection. Scareware uses these to persuade users to install an app or give a Trojan app additional permissions. Redirection attacks are a common symptom, where malware corrupts the Domain Name System (DNS) and search provider to force users to spoofed sites. This might disrupt access to legitimate sites, generate certificate warnings, and cause slow network performance. APK (Android Package) sideloading refers to downloading apps for Android phones from a source other than Google's Play store. To the contrary of increasing response times, malware might cause excessive power drain and high resource utilization and cause sluggish response times.
A helpdesk professional assists a user with issues booting up their Mac computer. The user reports that there is no drive to boot from. Where will the computer boot from? A-Web B-Force quit C-terminal D-Filevault
A-Web When users reboot an Apple Mac, if the startup drive is not available for any reason and it is connected to the internet, the computer will try to boot from a web-based drive. The Terminal can be used to access the command-line environment, which uses either the Z shell (zsh) or Bash. Older macOS versions use Bash, while zsh is the default from Catalina up. If a macOS app stops responding, it should be possible to close it down and restart without restarting the computer, using Run Force Quit from the Apple menu or press COMMAND+OPTION+ESC. FileVault is a disk encryption product. Encryption protects the data stored on a disk against the possibility that a threat actor could remove it.
A security manager proactively looks for solutions to prevent illegitimate apps from running on corporate iOS devices and stealing credentials. What is the security manager concerned about? A App Store B Developer tools C OS compatibility D Overheating
B Developer tools Under iOS, using the developer tools can be a means of installing apps from outside the App Store without having to jailbreak the device. The App Store is the official platform for browsing and installing applications. This app can be controlled through device management but tends to offer a safer alternative than sideloading. If an app fails to update, check that it is compatible with the current operating system (OS) version. Also, verify that there is sufficient storage space and an internet connection. A device that randomly reboots might be overheating, having a low battery charge, or having a faulty battery or other hardware.
A developer wants to create functionality for a web browser by making API calls on the back end. What should the developer build? A Plug-ins B Extension C Apps D Themes
B Extension Extensions add or change a browser feature via its application programming interface (API). The extension must be granted specific permissions to make configuration changes. With sufficient permissions, they can run scripts to interact with the pages the developer is looking at. Plug-ins play or show some sort of content embedded in a web page, such as Flash, Silverlight, or other video/multimedia format. Apps support document editing in the context of the browser. They are essentially a means of opening a document within a cloud app version of a word processor or spreadsheet. Themes change the appearance of the browser using custom images and color schemes.
A user accidentally deleted the presentation they were working on for an important upcoming meeting. Where should the user go for help? A Backup and Restore Center B File History C MSRA D NLA
B File History In Windows, user data backup options are implemented via the File History feature, which is accessed through Settings > Update & Security > Backup. The Backup and Restore Center control panel tool provides an alternative backup manager. It can also be used to make image backups of the entire operating system, rather than just data file backups. Microsoft Remote Assistance (MSRA) assigns a port dynamically from the ephemeral range (49152 to 65535). This makes it difficult to configure a firewall securely to allow the connection. Network Level Authentication (NLA) protects the Remote Desktop Protocol (RDP) server against denial of service attacks. Without NLA, the system configures a desktop before the user logs on.
A database administrator is scheduled for a meeting with the security team to discuss compliance with the PCI DSS standards. What type of information does it safeguard? A Lab results B PINs C SSNs D Cell numbers
B PINs The Payment Card Industry Data Security Standard (PCI DSS) governs the processing of credit card transactions. It sets out protections that must be provided for data like names, addresses, account numbers, card numbers and expiry dates, and PINs. Healthcare data refers to medical and insurance records plus associated hospital and laboratory test results. Personal government-issued information (PII) is issued to individuals by federal or state governments. Examples include a social security number (SSN), passport, driving license, and birth/marriage certificates. Personally identifiable information (PII) is data that can be used to identify, contact, or locate an individual or, in the case of identity theft, to impersonate an individual. A cell phone number is a good example of PII.
A transportation company outfits its mobile units with devices that will enable them to analyze routes, patterns, and create efficiencies. The devices will connect to their cloud servers through a 4G WWAN. What will the company need to ensure the devices connect to the cloud resources? A VPN B SIM C NLA D Link-layer Topology Discovery
B SIM For GSM and 4G or 5G services, the adapter must also be fitted with a subscriber identity module (SIM) card issued by the network provider. The bandwidth depends on the technologies supported by the adapter and by the local cell tower (3G, 4G, or 5G, for instance). A virtual private network (VPN) connects the components and resources of two (private) networks over another (public) network. When a user connects to a new network, the Windows Network Location Awareness (NLA) service prompts the user to set the network type. In Windows settings, the Link-layer Topology Discovery protocol provides network mapping and discovery functions for networks without dedicated name servers.
A network administrator wants to remotely deploy firmware updates to their managed devices. This type of update usually occurs overnight while devices are turned off. Which of the following tools should the administrator set up in order to facilitate these updates. A EDR B WOL C RMM D MDM
B WOL Remote network boot capability is often referred to as wake on LAN (WOL) and allows devices to be remotely powered on over a network. This would allow the administrator to ensure all devices can be powered on to then start the update process. Endpoint detection and response (EDR) security scanning is associated more with security monitoring than the ability to push firmware. Remote monitoring and management (RMM) tools are principally designed for use by managed service providers (MSPs). An MSP is an outsourcing company that specializes in handling all IT support for its clients. Mobile-device management (MDM) suites are designed for deployment by a single organization and focus primarily on access control and authorization.
pathping
Combines ping and traceroute • First phase runs a traceroute - Build a map • Second phase - Measure round trip time and packet loss at each hop
A user wants to share their printer with other teams, but not all teams use the same operating system. What can the user do to configure functionality with the other teams? A-File server B-Additional drivers C-Proxy settings D-Mapped Drive
B-Additional drivers the additional drivers' button to make drivers available for different client operating systems. For example, if the print server is Windows 10 64-bit, it can make 32-bit Windows 7 drivers available. Configuring the proxy settings will not help with printer functionality. The settings for proxy information can be found in internet options. A mapped drive is a share that has been assigned to a drive letter on a client device. To map a share as a drive, right-click it and select Map Network Drive. A file server would not help with printer functionality, although a printer server could assist with this endeavor.
Which of the following can prevent, detect, and remove software threats that consist of ransomware, Trojans, spyware, and rootkits? A-OS reinstallation B-Anti-malware C-Recovery mode D-Security-awareness training
B-Anti-malware Anti-malware is computer software used to avoid, identify, and eliminate malware. Anti-malware is like antivirus software but for more up-to-date malware. Recovery mode is the step-by-step processing of manual removal to disable persistence mechanisms and reconfigure the system to its secure baseline. OS reinstallation is when the antivirus software cannot recover data from infected files, and a user must complete a system restore. Security-awareness training is usually delivered to employees at all levels, including end-users, technical staff, and executives. The training includes anti-phishing, software firewalls, passwords, malware threats, and more.
A server administrator hears weekly about companies breached by malware. What is the most significant impact the server administrator is likely worried about? A-Support B-Applications C-Training D-Licensing
B-Applications When selecting applications for installation on desktops, proper security considerations need to be made regarding potential impacts to the device (computer) and the network. With support, the software might be available with paid-for support to obtain updates, monitor and fix security issues, and provide technical assistance. With training, complex apps can have a substantial and expensive user-training requirement which can be an ongoing cost as new versions can introduce interface or feature changes. With licensing, commercial software must be used within the constraints of its license but is likely to restrict the number of devices on which the software can be installed.
A user downloaded a script, but the file was in a text file format. The user needs to change the extension to a PowerShell script to run it, but they do not see the extension. Where can the user configure this setting? A-File Explorer General tab B-File Explorer View tab C-Internet Options D-Ease of Access
B-File Explorer View tab On the File Explorer View tab, among many other options, users can configure hidden extensions, hidden files, and hide operating system files. On the File Explorer General tab, users can set options for the layout of Explorer windows and switch between the single-click and double-click styles of opening shortcuts. Ease of Access settings configures input and output options to best suit each user. There are three main settings groups. The Internet Options Control Panel applet exposes the configuration settings for Microsoft's Internet Explorer (IE) browser. The Security tab restricts what types of potentially risky active content are allowed to run.
A telltale sign of a malware infection is when changes occur to system files. Which of the following is likely the result of malware-induced changes to system files? (Select all that apply.) A-Known-good files with expired certificates B-Files that are missing or renamed C-Files with date stamps and file sizes that are different from known-good versions D-Additional files with names similar to authentic system files, such as scvhost.docx or ta5kmgr.xlsx
B-Files that are missing or renamed C-Files with date stamps and file sizes that are different from known-good versions System files are an attractive target for malware because renaming or deleting them can wreak havoc on the operating system. Hackers will alter the size of system files to hide malware or change the date stamp to cover their tracks. While malware will add additional files with names almost the same as authentic system files, the extensions .docx and.xlsx represent Word and Excel files, respectively. These are data files, not system files. System files have extensions such as .dll and .sys. System files do not have certificates. Certificates are a security tool used by websites to prove the server is trusted.
What type of data breach can be associated with a specific person or use an anonymized or de-identified data set for analysis and research? A-Personal government-issued information B-Healthcare data C-Open-source license D-PII
B-Healthcare data Healthcare data refers to medical and insurance records plus associated hospital and laboratory test results. Personal government-issued information is issued to individuals by federal or state governments. Personal information may be social security numbers, passports, driving licenses, and birth/marriage certificates. Personally identifiable information (PII) is data that can be used to identify, contact, locate an individual or, in the case of identity theft, impersonate that individual. The open-source license makes it free to use, modify, and share and makes the program code used to design it available.
An employee uses an option to ask for help from a technician with an invitation file protected by a passcode. What is this option? A-VPN B-MSRA C-RMM D-RDP
B-MSRA Microsoft Remote Assistance (MSRA) allows a user to ask for help from a technician or co-worker by an invitation file protected by a passcode. The helper opens the invitation file to connect to the remote system. Remote Monitoring and Management (RMM) tools are principally designed for use by managed service providers (MSPs). Remote Desktop Protocol (RDP) implements terminal server and client functionality. RDP authentication and session data are always encrypted. A virtual private network (VPN) establishes a tunneled link that joins a local computer to a remote network. Establish a VPN link and then use a remote desktop to connect to a host on the private network.
A network administrator analyzes the physical placement of routers or network appliances to ensure a secure location. What is the administrator helping to prevent? A-Default password B-Power off C-Firmware update D-Evil twin
B-Power off A non-malicious threat actor could damage or power off an appliance by accident. A malicious threat actor could use physical access to tamper with an appliance or attach unauthorized devices to network or USB ports or use the factory reset mechanism and log on with the default password. The home router management software will prompt users to change the default password to secure the administrator account. Users should keep the firmware and driver for the home router up to date with the latest patches. An evil twin attack is similar to phishing but instead of an email, the attacker uses a rogue wireless access point to try to harvest credentials.
Before an IT team can submit an application for change, it must include a document that includes an analysis of risks associated with performing the change and risks that might be incurred through not performing the requested change. What type of document is this? A-Affected systems B-Purpose of the change C-Scope of the change D-Date and time change
B-Purpose of the change The purpose of the change is the business case for making the change and the accumulated benefits. Scope of the change may include cost, timescales, and amount of devices involved. The scope should also include the factors by which the success or failure of the change can be judged. Date and time change should be scheduled appropriately to minimize risks of system downtime or other negative impacts on the workflow of the business units that depend on the IT system being modified. Affected systems must be considered in the implementation of change. Companies should first attempt to test the change for the most significant or major changes.
The electronic health records software application crashes during a busy day at a doctor's office. The IT consultant for the practice knows that the application backs up data in real-time and has the latest update. Which of the following options is the only one that could potentially fix the crashing issue? A-Update the application driver. B-Uninstall and reinstall the application. C-Uninstall and reinstall the application driver. D-Try to recover data from temporary files.
B-Uninstall and reinstall the application. Since the most recent update to the application has been applied, uninstalling then reinstalling the software is the best option of the available choices. While preserving data is always a priority, there is no need to do so in this scenario since the application backs up in real-time. Additionally, it will not fix the problem. Applications/software do not have drivers. Drivers are software that tells the operating system how to interact with their particular device/hardware. Drivers are updated to fix bugs and security holes or optimize the hardware. Applications/software do not have drivers. Drivers are software that tells the operating system how to interact with their particular device/hardware. Uninstalling and reinstalling drivers is usually done when a device is malfunctioning.
A developer needs a laptop that will run MySQL locally for their development project. The minimum memory required is 16GB of RAM. Which architecture should the developer use? A-x86 B-x64 C-Either x86 or x64 will work D- ARM
B-x64 Each version and edition of Windows 10 was originally available as 32-bit (x86) or 64-bit (x64) software. The 64-bit version is needed because the 32-bit only supports 4 GB of system memory. All 32-bit (x86) Windows editions are limited to 4 GB system memory. 64-bit editions all support much more RAM but have different limits for licensing purposes. Both architectures will not work because the x86 architecture will not work. The principal alternative to the standard x86/x64 CPU architecture is one devised by Advanced RISC Machines (ARM). ARM designs are used in the current generation of Apple hardware, in most Android smartphones and tablets.
A Windows administrator is combing through server logs and sees that a wscript.exe executed a script. What type of script is executed by default? A .BAT B .PS1 C .VBS D .SH
C .VBS VBScript files are identified by the .VBS extension. VBScript is executed by the wscript.exe interpreter by default. A shell script written for the basic Windows CMD interpreter is often described as a batch file. Batch files use the .BAT extension. Microsoft provides the Windows PowerShell Integrated Scripting Environment (ISE) for rapid development. PowerShell script files are identified by the .PS1 extension. A Linux shell script is a file that contains a list of commands to be read and executed by the shell. Every shell script starts with a line that designates the interpreter.
A security manager is setting up a password policy for users. Which of the following is the best security practice when it comes to passwords? A Password expiration B Length C Character mix D Memorable
C Character mix Length is preferable to the use of highly cryptic mixing of character types. It will take an attacker significantly longer to crack a passphrase rather than a much shorter but complex password. The latest National Institute of Standards and Technology (NIST) guidance also deprecates password expiration except when a breach is discovered. Requiring a mix of character types forces users into selecting easily masked substitutions (zero for the letter O, for instance) or makes passwords impossible to remember and causes users to write them down. Users should choose a memorable phrase, but should not use any personal information in the password.
A security manager is looking at mobile security for company devices. They are investigating no-root firewalls and understanding how this works. Which of the following best describes no-root firewalls? A Control access locally. B Block phishing sites. C Control access through a VPN. D Block adware.
C Control access through a VPN. "No-root" firewalls work by creating a virtual private network (VPN) and then controlling app access to the virtual private network (VPN). The "no-root" firewalls do not control access locally because they would need root privileges to do so. It gets around this by setting up a VPN and controlling the firewall through the VPN. Antivirus/anti-malware apps designed for mobile devices tend to work more like content filters to block access to known phishing sites. Antivirus/anti-malware apps designed for mobile devices tend to work more like content filters to block adware/spyware activity.
A user is frustrated that an app crashed after receiving a recent update. What is the first step the user should try? A Clear app cache. B Reboot. C Force stop and relaunch. D Check for pending updates.
C Force stop and relaunch. If an app fails to launch, fails to close, or crashes, first use force stop to quit the app and try launching again. If restarting the service does not work, users can try clearing the app cache either from within the app or (in Android) using the Clear Cache option under App info. If the app is still unresponsive after restarting the service and clearing the cache, reboot the device. After the device has been rebooted and the problem persists, use the app store to check whether an update is pending and install it if so.
A server administrator is setting up a backup program for the servers to ensure recovery. Which of the following are the two main principles of backing up? (Select all that apply.) A Confidentiality B Integrity C Frequency D Retention
C Frequency D Retention Frequency is one of the two primary principles and is the period between backup jobs. The frequency configuration reflects how much lost work can be tolerated. Retention is the other main principle and is the period that any given backup job is kept for. Short-term retention is important for version control and for recovering from malware infection. Encryption encodes data using a key to give it the property of confidentiality. Confidentiality is not one of the two main principles of backing up. Integrity means that the data is stored and transferred as intended and that any modification is authorized. This is a core concept of security.
A user connects their laptop to the company's wireless access point, but the internet is very slow. A connection to the Wi-Fi with their corporate mobile device is even slower. What should the user try? A Check for airplane mode. B Check individual radio functions. C Move closer to the AP. D Reboot the device.
C Move closer to the AP. On a mobile, be aware that the radio is less powerful than the one on a computer and that a low battery charge will weaken the signal strength. Try moving the device closer to the access point. Use the notification drawer or Control Center to check that the device is not in airplane mode. The user should also check that an individual radio function has not been disabled. If airplane mode is not on, the device range has been checked, and individual radio buttons are enabled, then try rebooting the device.
A user is reviewing a script and comes across the code in one of the lines #until ping -c1 "$1" &>/dev/null. What is the line doing? A Set a variable. B Set a loop. C Nothing is executing. D Prevent from writing to the terminal.
C Nothing is executing. A comment line is indicated by a special delimiter. In Bash and several other languages, the comment delimiter is the hash or pound sign ( # ). In Bash, the values $1, $2, and so on are used to refer to arguments by position (the order in which they are entered when executing the script). A loop allows a statement block to be repeated based on some type of condition. The &>/dev/null part stops the usual ping output from being written to the terminal by redirecting it to a null device.
A user calls in about an invalid boot disk error. What is the most common cause of this issue? A Floppy disk left in the drive on a restart B OS loader not found C USB set as the primary boot method D Driver corruption
C USB set as the primary boot method Check for any removable disks, and change the boot device priority/boot order if necessary. If the system firmware returns an error message such as invalid boot disk, then the system has completely failed to boot. The most common cause of this error used to be leaving a floppy disk in the drive on a restart. Most computers do not use a floppy disk anymore. A no OS found type message can appear when a disk drive is identified as the boot device but does not report the location of the OS loader. If Windows appears to boot but does not display the sign-in screen, the likely causes are malware infection or corruption of drivers or other system files.
A security manager puts together a security awareness campaign for mobile devices. Which of the following is least likely to be a symptom of malware? A High number of ads B Sluggish response time C Unexpected Reboots D Redirect to spoofed sites
C Unexpected Reboots A device that randomly reboots might be overheating, having a low battery charge, or having a faulty battery or other hardware. If ads display in the browser, open pop-ups that are hard to close, or exhibit a high degree of personalization that the user has not authorized, this might indicate some type of tracking or spyware activity. Malware is likely to try to collect data in the background or perform processing such as crypto mining. Malware is likely to corrupt the domain name system (DNS) and/or search provider to perform redirection attacks and force users to spoof sites.
A security manager wants to set up a program where they can proactively mitigate malware infection as much as possible. Which of the following is least helpful in this endeavor? A User training B Scheduled scans C Update trusted root certificates D On-access scanning
C Update trusted root certificates Updating trusted root certificates is helpful in the overall defense-in-depth security strategy, but is least helpful in this scenario in preventing malware. It does play its part though. An essential malware prevention follow-up action is effective user training. Untrained users represent a serious vulnerability because they are susceptible to social engineering and phishing attacks. All security software supports scheduled scans. These scans can impact performance, however, so it is best to run them when the computer is otherwise unused. Almost all security software is now configured to scan on-access. On-access means that the antivirus (A-V) software intercepts an operating system (OS) call to open a file and scans the file before allowing or preventing it from being opened.
Two IT friends are best friends and want to map each other's root shares. Which of the following commands will accomplish this? A net view M: \\BestFriend\C$ B net view M: \\BestFriend\ADMIN$ C net use M: \\BestFriend\C$ D net use M: \\BestFriend\ADMIN$
C net use M: \\BestFriend\C$ To map the root share on the computer BestFriend to the M: drive, they would use net use M: \\BestFriend\C$. The command net view M: \\BestFriend\C$ is wrong because of "net view." The proper command should be net use. There are several net and net use command utilities available to view and configure shared resources on a Windows network. The command net view M: \\BestFriend\ADMIN$ is wrong because of both "net view" and ADMIN$. The root share would be C$. The command net use M: \\BestFriend\ADMIN$ is wrong because of the ADMIN$ share. The root share is C$.
A technician detected and reported an incident, resulting in the appropriate unit being notified and tasked with acting as first responders, taking charge of the situation, and formulating the appropriate response. What is this unit called? A) Chain of custody B) Open source C) CSIRT D) IRP
C) CSIRT The computer security incident response team (CSIRT) is used in some larger organizations to provide a range of decision-making and technical skills required to deal with different types of incidents. An open-source license makes it free to use, modify, and share and makes the program code used to design it available. An incident response plan (IRP) sets the procedures and guidelines that an IT team must adopt to deal with security incidents. A chain of custody form records who collected the evidence, who has handled it subsequently, where they stored it, and must show access to the evidence at every point.
The System Restore tool in Windows is used to roll back configuration changes to an earlier date or restore point. One option for creating restore points is to use Task Scheduler. What other actions will create a restore point? (Select all that apply.) A Rebooting B Deleting a file C Installing a program D Updating an application
C) installing a program D) Updating An application Whenever an application or program is installed, a restore point is created. A restore point is also created whenever an application or program is updated. Deleting a file will not create a restore point. Likewise, when using System Restore to roll back to an earlier date, the user's documents, pictures, and other data are not deleted. However, software and drivers installed after the restore point will be uninstalled. A restore point is not created when a computer is rebooted, but Windows will create a restore point if one has not occurred in seven days.
A company's IT support specialist is ready to start recommissioning a system as part of the malware removal process. What is the last step before removing the computer from quarantine? A-Verify DNS configuration. B-Create a fresh restore point. C-Antivirus scan D-Re-enable System Restore.
C-Antivirus scan Before removing a computer system from quarantine, the final step is to run another antivirus scan to make sure the system is clean. Creating a new restore point (or system image) is one component of recommissioning and is done after re-enabling the System Restore but before running a final antivirus scan. Re-enabling the System Restore is the beginning of the recommissioning process, along with re-enabling any disabled automatic backups. Verifying Domain Name System (DNS) configuration to prevent reinfection is part of recommissioning, but it comes before the final antivirus scan.
A company uses a method that restricts its employees from messing with their computer settings. What is this method called? A-Expiration requirements B-Secure PII and passwords C-BIOS Password D-Disable guest accounts
C-BIOS Password Basic input/output (BIOS) password is a piece of authentication information that may sometimes require logging into a computer's basic input/output system (BIOS) before the machine can boot up. Expiration requirement means that the user must change the password after a set period. Secure personal identifiable information (PII) and passwords are when paper copies of personal and confidential data must not leave where they could be read or stolen. This type of information should not be entered into unprotected plain text files, word processing documents, or spreadsheets. Disabling guest accounts allow unauthorized access to the computer and may provide some network access. It is only enabled to facilitate password-less file sharing in a Windows workgroup.
A Windows administrator wants to become more familiar with Linux but still wants to use Windows primarily. The administrator installs the bash subsystem for Windows and is reading about how Windows has made strides to become more compatible with Linux. Which of the following was part of the changes to the underlying New Technology File System (NTFS) structure? A-Journaling B-Snapshots C-Case-sensitive naming D- Indexing
C-Case-sensitive naming To support UNIX/Linux compatibility, Microsoft engineered the New Technology File System (NTFS) to support case-sensitive naming, hard links, and other key features UNIX/Linux applications require. When data is written to an NTFS volume, it is re-read, verified, and logged via journaling. In the event of a problem, the sector concerned is marked as bad and the data relocated. Snapshots allow the Volume Shadow Copy Service to make read-only copies of files at given points in time, even if the file gets locked by another process. The Indexing Service creates a catalog of file and folder locations and properties, speeding up searches.
Which of the following avoids opening remote desktop ports on the network's firewall? A-RMM B-VNC C-VPN D-SSH
C-VPN A virtual private network (VPN) establishes a tunneled link that joins a local computer to a remote network. Establish a VPN link and then use a remote desktop to connect to a host on the private network. Secure shell (SSH) is also a remote access protocol, but it connects to a command interpreter rather than a desktop window manager. Virtual network computing (VNC) is a freeware product with similar functionality to RDP. It works over TCP port 5900. Not all versions of VNC support connection security. Remote Monitoring and Management (RMM) tools are principally designed for managed service providers (MSPs).
A server administrator wants to connect to a user's computer. They are trying to get their patching numbers up and discover that users must pull the updates, so the administrator wants to push a script that forces the pull. The administrator wants to copy the file to users' automatically hidden shares. Which of the following could the administrator use? (Select all that apply.) A C:\Windows$ B C$ C C:\Users$ D ADMIN$
D ADMIN$ B C$ In addition to any local shares created by a user, Windows automatically creates hidden administrative shares. This includes the root folder of any local drives (C$). It also includes the system folder (ADMIN$). Administrative shares can only be accessed by members of the local Administrators group. C:\Windows$ is not automatically created. If the administrator wanted to connect, they could first connect to C$ and then navigate to the Windows folder. C:\Users$ is also not automatically created, but could also be accessed by first accessing the hidden C$ share.
A security engineer wants to learn how to code in Python but is running a Windows box. Which of the following is the easiest interpreter to set up for Windows? A Pypy B Wscript C Cscript D CPython
D CPython CPython is the simplest environment to set up for Windows. When using CPython in Windows, there is a console interpreter (python.exe) and a windowed interpreter (pythonw.exe). Pypy is another interpreter that will work, but CPython is easier to set up. A Python project can either be run via an interpreter or compiled as a binary executable. The Windows Script Host (wscript.exe and cscript.exe) supports JavaScript, but not Python. JavaScript is also supported on macOS for automation (along with AppleScript). Cscript.exe does not support Python either. Python script files are identified by the .PY extension.
A mobile device manager is looking at data encryption and the "Data Protection" setting. Which of the following does this protect? A Contacts B SMS message C Pictures D Email data
D Email data Email data and any apps using the "Data Protection" option are subject to a second round of encryption using a key derived from and protected by the user's credential. Not all user data is encrypted using the "Data Protection" option. Contacts are not encrypted. In iOS, Data Protection encryption is enabled automatically when the user configures a passcode lock on the device. SMS messages are not encrypted under Data Protection settings either. As of Android 10, there is no full disk encryption as it is considered too detrimental to performance. Pictures are also not encrypted under data protection settings.
A user started using near-field communication (NFC) for payments; however, the user is unable to pay using NFC. Which of the following is NOT part of troubleshooting? A Unlock. B Ensure airplane mode is off. C Hold closer and longer to the reader. D List in recipient's authorized list.
D List in recipient's authorized list. To use Bluetooth, the sender must be listed in the recipient's contacts list. This is NOT a step in NFC troubleshooting. A near-field communication (NFC) issue typically manifests when trying to make payments via a contactless card reader. The device must be unlocked to authorize the payment and enable NFC. Verify that the NFC sensor is supported and enabled for the wallet app and that airplane mode is not active. One of the troubleshooting steps with NFC issues is to try holding the device closer to the reader and for longer.
A user visits a news site that they go to frequently, and the news articles are not updated but are the same as the day before. The user also hears complaints about people not having internet, which is odd since they are on their normal news site. What is most likely going on? A User is in private mode. B There are pop-up blockers. C User is on a different switch. D Page is cached.
D Page is cached. By default, the browser will maintain a history of pages visited, cache files to speed up browsing, and save text typed into form fields. The page is most likely cached from the previous visit. Private/incognito browsing mode disables the caching features of the browser so that no cookies, browsing history, form fields, passwords, or temp files will be stored when the session is closed. Pop-up blockers prevent a website from creating dialogs or additional windows. The pop-up technique was often used to show fake antivirus and security warnings or other malicious and nuisance advertising. While the user may be on a different switch than those complaining about not having internet, it is more likely that the user's page is cached.
A PC user is looking at the wireless card adapter properties on their Windows computer. Which of the following is the most important setting to verify in order to ensure the PC is capable of connecting to an existing network? A Power transmission B SSID C Automatic connection D Protocol support
D Protocol support Wi-Fi properties for the adapter are configured via Device Manager. The most important setting on a wireless card is support for the 802.11 standards supported by the access point. Users can adjust parameters such as roaming aggressiveness and transmit power to address connection issues. If the access point is set to broadcast the network name or service set ID (SSID), then the network will appear in the list of available networks. Otherwise, it will have to be manually entered. To connect, select the network, and then enter the required credentials. If users choose the Connect automatically option, Windows will use the network without prompting whenever it is in range.
A user calls tech support about a hardware malfunction. The tech support representative is not able to resolve the issue. What option does the representative choose next? A VNF B API calls C MANO D Replacement
D Replacement To replace, give the customer clear instructions for how the product will be delivered or how it can be re-ordered, and whether the broken product must be returned. Virtual Network Function (VNF) specifies and deploys instances of each virtual appliance. VNFs are designed to run as virtual machines (VMs) on standard CPU platforms. Application programming interfaces (API) are not part of the standard. The simplest way of interfacing with a cloud service is to use the provider's website or APIs over the internet. Management and orchestration (MANO) position VNFs within workflows to perform the forwarding and filtering tasks they are designed for.
After downloading a new application from the internet, a user drags the .app directory from their Downloads folder to their Applications folder on their Mac. What action did the user most likely perform? A The package contents were copied. B The app setup needs to perform additional actions. C The application is being sideloaded. D The app has been installed.
D The app has been installed. When the app has been installed, it is placed in a directory with a .app extension in the Applications folder. DMG (disk image) format is used for simple installs where the package contents just need to be copied to the Applications folder. PKG format is used where app setup needs to perform additional actions, such as running a service or writing files to multiple folders. Devices that allow installation of apps from untrusted sources, such as by sideloading APK packages or via developer mode, could also have weakened permissions.
A security manager in charge of the vulnerability program for the enterprise is looking at mobile security. They are reading about a "walled garden" approach. What does this entail? A Autorun B Antivirus C Concurrent logins D Trusted source
D Trusted source Mobile OS vendors use this "walled garden" model of software distribution as well. Apps are distributed from an approved store, such as Apple's App Store or the Windows Store. One of the problems with legacy versions of Windows is that when an optical disc is inserted or a USB drive is attached, Windows would automatically run commands defined in an autorun.inf file. Antivirus is software that can detect malware and prevent it from executing. The primary means of detection is to use a database of known virus patterns called definitions, signatures, or patterns. Concurrent logins are another behavioral-based monitoring mechanism. Most users should only need to sign in to one computer at a time.
A client administrator for a video game development company wants to upgrade machines to support five primary partitions. The developers work with a lot of large files and might even need partitions larger than 2 TB. Which of the following should the administrator use? A) APFS B) MBR C) NTFS D) GPT
D) GPT One of the features of GPT is support for more than four primary partitions. Windows allows up to 128 partitions with GPT. GPT also supports larger partitions (2 TB+) and a backup copy of the partition entries. An OS must be installed to a partition formatted using a compatible file system. For Windows, this means using the New Technology File System (NTFS). The master boot record (MBR) partition style stores a partition table in the first 512-byte sector on the disk. Where Windows uses NTFS and Linux typically uses ext3 or ext4, Apple Mac workstations and laptops use the proprietary Apple File System (APFS).
A software developer is looking at installing a new 64-bit program that will help to streamline coding and optimize workflow. What types of systems can the developer install it on? A-32-bit B-64-bit and 32-bit C-64-bit, 32-bit, and ARM D-64-bit only
D-64-bit only A 64-bit application requires a 64-bit CPU and OS platform. Like operating systems, software applications can be developed as 32-bit or 64-bit software. 64-bit applications cannot be installed on a 32-bit platform. Some apps may have both 32-bit and 64-bit versions. 32-bit software applications can usually be installed on 64-bit platforms, however. 32-bit applications can run on 64-bit software, although if there is a 64-bit version available, it is probably better to run the 64-bit version if possible. 64-bit applications for personal computers cannot run on Advanced RISC Machines (ARM) architecture. ARM is an architecture for smartphones and tablets.
A vulnerability and risk manager reviews older systems that can only receive critical patches. What are these systems classified as? A-Supported B-Beta C-End of life D-Extended support
D-Extended support During the extended support phase, the product is no longer commercially available, but the vendor issues critical patches. An end-of-life (EOL) system is one that its developer or vendor no longer supports. EOL systems no longer receive security updates and therefore represent a critical vulnerability. A public beta phase might be used to gather user feedback. Microsoft operates a Windows Insider Program where users can sign up to use early release Windows versions and feature updates. When the product is being actively marketed during the supported phase, the vendor releases regular patches to fix critical security and operational issues and feature upgrades to expand OS functionality.
10.0% complete Question A network administrator wants to enable authentication for wireless access points against an Active Directory database. Which of the following will the administrator need to use? A-LDAP B-TACACS+ C-OU D-RADIUS
D-RADIUS Remote Authentication Dial-in User Service (RADIUS) is a widely used authentication protocol that can be used for wireless access point authentication. RADIUS servers can authenticate users against Active Directory. While LDAP is commonly used for directory services like Active Directory, it is not a protocol typically used for wireless authentication. TACACS+ is another authentication protocol that provides AAA functionality (Authentication, Authorization, and Accounting). However, it is not typically used for wireless access point authentication. An organizational unit (OU) is a way of dividing a domain up into different administrative realms. While it can be used to manage user accounts and security groups, it is not an authentication protocol.
An IT professional is preparing a presentation to the organization's Windows users on the differences between Windows 10 Pro, Enterprise, Education, and Home editions. Which statement is accurate? A-Windows Home, Pro, and Enterprise can join a domain network, whereas Education does not. B-Group policy editor is available when using the Windows Home edition and is used to create and apply OS and software application settings. C-BitLocker is not available when using the Windows Home edition and enables the user to decrypt all the information on a disk drive. D-RDP is not a workable feature when using Windows Home edition and enables the user to connect to the machine and operate it over the network.
D-RDP is not a workable feature when using Windows Home edition and enables the user to connect to the machine and operate it over the network. Remote Desktop Protocol (RDP) allows a user to connect to the machine and operate it over a network. While the Home edition has the RDP client software, it does not support an RDP server, thus unavailable to users. BitLocker enables the user to encrypt all the information on a disk drive and is not supported in Windows Home edition. Group Policy Editor (gpedit.msc) is used to create and apply OS and software application settings and is not available in the Windows Home edition. The principal distinguishing feature of the Pro, Enterprise, and Education editions, against that of Home edition, is the ability to join a domain network.
Two friends want to share photos with each other from their iPhones. The first friend selects their photos and uses AirDrop to share with the second friend. However, the first friend gets a message that there is no one nearby to share with. Why would that message appear? A-The second friend has Wi-Fi disabled. B-The first friend has Bluetooth disabled. C-The first friend has Nearby Share disabled. D-The second friend has Bluetooth disabled.
D-The second friend has Bluetooth disabled. AirDrop is an iOs feature that allows file transfer between iOs devices and macOS devices over a Bluetooth connection. If the second friend had Bluetooth disabled, the first friend's iPhone would not discover it when trying to share the photos. AirDrop uses Bluetooth to transfer files, not Wi-Fi. Disabled Wi-Fi would not affect a Bluetooth connection. Nearby Share is the Android version of AirDrop. It is used for simple file sharing via Bluetooth. If the first friend had Bluetooth disabled, they would be alerted to turn Bluetooth on before sharing files.
What uses a 4-way handshake to allow a station to associate with an access point, authenticate its credential, and exchange a key to use for data encryption? A-MFA B-TKIP C-WPA3 D-WPA2
D-WPA2 Wi-Fi protected access 2 (WPA2) was designed to fix critical vulnerabilities in the earlier WEP standard. WPA2 used the AES cipher deployed within the counter mode, blocking the changing message CCMP. Temporal key integrity protocol (TKIP) tries to mitigate the various attacks against WEP developed by producing a new 128-bit encryption key for every packet sent on the network. Multifactor authentication (MFA) allows the machine to establish a trust relationship and create a secure tunnel to transmit the user credentials or perform smart card authentication without a user password. Wi-Fi protected Access (WPA3) uses passphrase-based group authentication of stations in private mode; it changes the method this secret is used to agree with session keys.
A server administrator notices that a few servers in their screened subnet (demilitarized zone) went from around 5% central processing unit (CPU) utilization to 95%. They also notice the machines lack many patches. If malware infects the servers, what is the likely cause of the high CPU utilization? a Crypto-ransomware b Cryptomining software c Rogue antivirus d RAT
b Cryptomining software A cryptominer hijacks the resources of the host to perform cryptocurrency mining. This is also referred to as cryptojacking. Ransomware is a type of malware that tries to extort money from the victim. Crypto-ransomware attempts to encrypt files on any fixed, removable, and network drive. Rogue antivirus is a particularly popular way to disguise a Trojan. In the early versions of this attack, a website would display a pop-up disguised as a normal Windows dialog box with a fake security alert. Modern malware is usually designed to implement some type of backdoor, also referred to as a remote access Trojan (RAT).
