CompTIA A+ - D2 Security
Which of the following protocols establish a secure connection and encrypt data for a VPN? (Select three.)
A virtual private network (VPN) uses an encryption protocol (such as IPsec, PPTP, or L2TP) to establish a secure communication channel between two hosts (or between one site and another site). Data that passes through the unsecured network is encrypted and protected. Remote Desktop Protocol (RDP) is used by Windows Terminal Services-based applications, including Remote Desktop. FTP is used for transferring files. It does not establish a secure connection. WPA and WEP are protocols used to secure wireless communications.
Which of the following is the definition of a cookie?
A cookie is a file saved on your hard drive that tracks website preferences and usage. Many legitimate websites use cookies to remember your preferences and make the websites easier to use. However, other sites can use cookies to track personal information. Spyware is a program that runs in the background and reports internet usage to online servers. A Trojan horse is a malicious program that disguises itself as a useful program. Programs do not run when you simply read an email attachment. However, many malicious script programs are disguised as simple text files and can cause damage if you run the script file.
Which of the following is true of a domain controller?
A domain controller is a Windows server that holds a copy of the Active Directory database. A domain controller is a member of only one domain. A domain can contain multiple domain controllers. Each domain controller holds a copy of the Active Directory database. Any domain controller can make changes to the Active Directory database.
Which of the following stores user accounts, groups, and their assigned rights and permissions?
A domain controller is a special server that stores user accounts, groups, and their rights and permissions. Domain accounts are stored in a central database called Active Directory. A Microsoft account enables feature such as syncing your settings across multiple computers. It is not designed to store the rights and permissions associated with a user account. Local Users and Groups is a feature in Windows that lets you create and manage users and groups locally on your computer.
Several users have forwarded you an email stating that your company's health insurance provider has just launched a new website for all employees. To access the site, you are told to click a link in the email and provide your personal information. Upon investigation, you discover that your company's health insurance provider did not send this email. Which of the following BEST describes the type of attack that just occurred?
A phishing attack has occurred. In a phishing attack, a spoofed email containing a link to a fake website is used to trick users into revealing sensitive information, such as a username, password, bank account number, or credit card number. Both the email and the website used in the attack appear to be legitimate on the surface. Tailgating occurs when an unauthorized person follows an authorized person into a secure building or area. Vishing is a social engineering attack that takes place over the phone. Whaling is a targeted phishing attack directed at a high-level person, such as a CEO. The attack would not be sent as a general email to all company employees.
Which of the following are examples of a strong password? (Select two.)
A strong password is one that: Is at least eight characters long (longer is better). Is not based on a word found in a dictionary. Contains both uppercase and lowercase characters. Contains numbers. Contains special characters. Does not contain words that could be associated with you personally. Could be considered a passphrase. The passwords il0ve2EatIceCr3am! and I love the Linux P3ngu!n Tux both meet the above criteria. The password NewYorkCity is long enough and includes upper and lowercase letters, but it does not contain numbers or special characters and could be easily dissected into a dictionary word. The password skippy is probably a pet name. The password Morganstern is probably someone's last name (perhaps a spouse's name or a maiden name).
Which of the following encryption algorithms is considered one of the strongest encryption protocols and is used in more than just wireless networks?
AES (Advanced Encryption Standard) is considered one of the strongest encryption protocols and is used in more than just wireless networks. TKIP (Temporal Key Integrity Protocol) is known to have several vulnerabilities and is no longer considered secure. You should not use TKIP on modern wireless networks. RADIUS and TACACS+ are authentication protocols. These protocols do not encrypt data packets over a wireless network.
Which Active Directory service simplifies how users log in to all the systems and applications that they need?
Active Directory uses the single sign-on (SSO) process to simplify how users sign in to all the systems and applications that they need. When a user logs in, their credentials are authenticated with the authentication server. When the user visits a trusted resource, the authentication server vouches for the user, and the resource allows them access. Windows Hello uses a PIN as a backup for biometric authentication. A domain is an administratively defined collection of network resources that share a common directory database and security policies. A workgroup is Microsoft's implementation of peer-to-peer networking.
Which Windows feature can you use to encrypt a hard drive volume?
BitLocker was introduced in Windows Vista and is used to encrypt an entire volume (not just individual files and folders). BitLocker is designed to protect all data on a volume, even if the hard drive is moved to another computer. BitLocker to Go is used to encrypt USB drives (not a hard drive volume). Encrypting File System (EFS) is a component of the NTFS file system that allows file encryption. EFS is not a Windows feature that is used to encrypt a hard drive volume. NTFS is the file system that is used in modern Windows operating systems. It is not a Windows feature that is used to encrypt a hard drive volume.
Which of the following are features that a device location service on your smartphone can provide? (Select two.)
If the location service has been set up on your device, you can use a website or software application to identify the approximate location of the device on a map. The service can also tell the device to take a picture with both the front and back cameras and then send the pictures to you. A device location service is not designed to reset the mobile device to factory defaults, perform a remote wipe, or send a notification that one or more unauthorized attempts have been made to log in to the device.
You have just installed Windows 11 on your laptop, purchased an infrared camera, and set up Windows Hello facial recognition as your login option. As part of the setup process, you enter a PIN as a backup login method. After a few weeks of using facial recognition login, your infrared camera fails, and you are asked to enter your PIN. Because it has been several weeks, you have forgotten the exact number. You attempt to enter your PIN at least 24 times, but are never locked out. What is the MOST likely reason that you have not been locked out after several failed PIN login attempts?
If you are using a computer with a TPM chip, it is automatically configured for a set number of failed PIN attempts (about 10) before lockout (you do not need to set this up). If your laptop does not have a TPM chip, you can set up BitLocker for lockout after several failed PIN attempts. In this scenario, the most likely reason that you are not locked out is that your laptop does not have a TPM chip, and you have not set up BitLocker for lockout after several failed attempts.
You are working at the local hospital in the IT department. You have just received a promotion to junior network technician. Part of your new role involves troubleshooting network communication issues. Which of the following user groups should your account be added to?
In this scenario, your user account should be added to the Network Configuration Operator user group. Members of this group can manage a system's IP configuration, which would allow you to troubleshoot network communication issues. Your user account should not be added to the Administrator user group, as this would give you too much unnecessary access. Adding your user account to the Remote Desktop Users group would not be correct. Members of this group can remotely access a workstation's desktop, but you would still not have access to troubleshoot network connectivity issues. Members of the Cryptographic Operator group can perform cryptographic operations. This would not give you access to troubleshoot network configuration issues.
You have recently purchased a third-party application and installed it on your workstation. However, after doing some maintenance work on the users and groups on your Windows system, the application begins to display error messages each time you try to run it. What is the MOST likely cause of the issue?
Many Windows features or third-party applications create additional groups in order to access rights and permissions. If you delete the group, the application probably won't launch or work properly. Assigning the wrong permissions to your user account would not impact the functioning of a third-party application. Switching from a domain to a local login would not impact the launching of a application. The application would not have a user account (although it might have a system account).
Where is the access control list stored on a Windows system?
On a local Windows system, the ACL is stored on the Master File Table (MFT), which is a special partition created during the Windows installation process. Certificate Manager is a Windows application for managing digital certificates. The ACL is not stored there. A hard token is a hardware device that is used to authenticate users. It does not store the ACL. Authentication apps are installed on a user's smartphone or tablet and used for authentication purposes. They do not store the ACL.
A user needs to copy a file from an NTFS partition to a FAT32 partition. The file has NTFS permissions and the Read-only (R) and Encryption attributes. Which of the following will be true when the file is copied?
Only the Read-only (R) attribute is retained (not the Encryption, nor NTFS permissions). The FAT32 file system only supports the following attributes: R, H, S, and A. When you copy files from an NTFS partition to a FAT32 partition, attributes unavailable under FAT32 do not remain with the file. Moving NTFS files to a non-NTFS partition removes the permissions.
Which of the following is a common form of a social engineering attack?
Phishing emails are a common form of social engineering attack. This type of attack preys on email recipients by sending an email that looks legitimate, but has a malicious payload instead. The victims of these attacks are requested to click on a link that forwards them to a malicious website or downloads an attachment that contains malware. Using a sniffer to capture network traffic, stealing a keycard, and distributing false information about your organization's financial status can be malicious, but are not forms of social engineering attacks.
Which of the following is a form of attack that tricks victims into providing confidential information, such as identity information or logon credentials, through emails or websites that impersonate an online entity that the victim trusts, such as a financial institution or well-known e-commerce site?
Phishing tricks victims into providing confidential information, such as identity information or logon credentials, through emails or websites that impersonate an online entity that the victim trusts, such as a financial institution or well known e-commerce site. Phishing is a specific form of social engineering. Social engineering is the general term that covers a variety of computer-based and human-based security attacks. An evil twin attack is used to knock users off of a legitimate, secure wireless network and redirect them to a malicious wireless network with the same SSID. Impersonation is an attack method where the attacker impersonates a legitimate worker that should be granted access to the building.
A help desk technician determines that a user's issue is caused by a corrupt file on their computer. Which of the following would be the FASTEST way to transfer a good file to the computer? Answer
The C$ administrative share (\\computername\C$) is available to technicians with administrator privileges. This share is the fastest way to transfer a file. It takes extras steps to have users create local shares, and the user may not have permissions for the folder where the file should be copied. There are several steps to creating an email and attaching a file. In addition, depending on the file type, the file could be blocked by email filtering. The C$ administrative share is available to the technician. Setting up a remote assist session would add extra steps.
A new computer has been added to the sales department and needs to be joined to the CorpNet domain. Which of the following System Properties settings must you use to make the change?
The Computer Name tab lets you view, change, or join a computer to a domain. The System Protection tab lets you configure and create system restore points. The Advanced tab lets you configure settings such as Performance, User Profiles, and Startup and Recovery. The Remove tab lets you configure Remote Assistance and Remote Desktop settings.
You manage a large number of workstations that belong to a Windows domain. You want to prevent someone from gaining access to login information by trying multiple passwords. Which default GPO contains a policy you can enable to guard all computers in the domain against this security breach?
The Default Domain Policy GPO contains a policy you can enable for all computers in a domain that prevents multiple password login attempts. Group Domain Policy, Group Security Policy, and Domain Security Policy are not default GPOs in Active Directory.
The Hide Programs setting is configured for a specific user as follows: Policy Setting Local Group Policy Enabled Default Domain Policy GPO Not configured GPO linked to the user's organizational unit Disabled After logging in, the user is able to see the Programs and Features option. Why did this happen?
The GPO linked to the user's organizational unit is applied last, so the setting that disables the policy to hide the Programs and Features page takes precedence. In this question's scenario, Local Group Policy enables the policy to hide the Programs and Features page. When the Default Domain Policy GPO is applied, this policy is set to Not configured, so it doesn't change anything. When the GPO linked to the user's organizational unit is applied, the setting for this policy is disabled, which reverses the setting in the Local Group Policy and makes the Programs and Features page visible to the user. The Local Group Policy is applied first. GPOs linked to the user's domain are applied second and take precedence over settings in the Local Group Policy. GPOs linked to the user's organizational unit are applied last and take precedence over any preceding policy settings.
The AAA security standard includes authentication, authorization, and accounting (logging of user actions). Which of the following authentication protocols only provides authentication?
The Kerberos protocol only provides authentication, not authorization and accounting. RADIUS and TACACS+ both provide authentication, authorization, and accounting. AES (Advanced Encryption Standard) is an encryption algorithm, not an authentication protocol.
Which of the following Windows 11 options lets you associate your local user account with an online Microsoft account?
The Sign in with a Microsoft account instead option lets you associate your local user account with your online Microsoft account. The Manage my accounts option lets you manage your user accounts, but does not provide an option to associate your local user account with your online Microsoft account. You can use the Family & other users option to allocate a specific number of hours for screen time, enforce content filters, and receive activity reporting for specific family members. Users and Groups is a snap-in that is used in the Computer Management tool to manage user accounts.
Which of the following are advantages of using an online Microsoft account? (Select two.) Answer
The following are advantages of using an online Microsoft account: Your account profile information is synchronized to other computers. You have automatic access to the Microsoft Store. Files associated with the user profile are not synchronized when you log in to other computers. The rest of the listed answers are all features that apply to local user accounts.
Which type of DoS attack exhausts the target's resources by overloading a specific program or service?
The goal of an Application layer DoS is to exhaust the target's resources by overloading a specific program or service. A distributed DoS attack uses multiple computers to generate the necessary traffic. A protocol DoS targets different protocols, such as TCP flags, to overload a network device, such as a firewall. An amplification DoS attack consumes the bandwidth between the target server and the internet, effectively cutting off the target.
You have a laptop running Windows 11. User Account Control (UAC) has been disabled. How would you re-enable UAC on the laptop? (Select two. Each choice is a complete solution.)
To configure UAC in Windows 11: In Control Panel, go to User Accounts. Select User Accounts and then select Change User Account Control settings. Or: In Control Panel, go to System and Security. Select Security and Maintenance > Security. Then select Change settings under User Account Control. You can also use the Change User Account Control settings link in System and Security. Edit the Local Security Policy to configure UAC and control settings that are not available through Control Panel.
You want to configure User Account Control so that when a UAC prompt is shown, the desktop is not dimmed, allowing you to continue working without responding to the prompt immediately. What should you do? AnswerIncorrect answer:
To see a prompt without dimming the desktop, you need to disable Secure Desktop. Secure Desktop dims the desktop and forces you to respond to the UAC prompt before you can do anything else. You can configure the Local Security Policy to disable Secure Desktop. The only UAC setting available under User Accounts is to enable or disable UAC (disabling UAC prevents all prompts). Choose Notify me only when programs try to make changes to my computer (do not dim my desktop) to notify you when programs make changes (but not when you make changes) without dimming the desktop.
Which database encryption method can you use to encrypt data at rest? Answer
Transparent data encryption (TDE) encrypts the entire database and all backups. TDE encrypts data at rest, which is data that is not currently being used. Column-level encryption allows the administrator to encrypt each column separately. This method does not encrypt data at rest. With application-level encryption, the program that was used to create or modify the data is responsible for encrypting the data as well. This method does not encrypt data at rest. A Trusted Platform Module (TPM) chip is built onto a motherboard and generates and stores encryption keys to protect boot files. The TPM chip does not encrypt data at rest.
Your computer has a single NTFS partition that is used for the C: drive with the folders below. C:\Confidential C:\PublicReports In the C:\Confidential folder, you edit the properties for the two files below and assign the Deny Read permission to the Users group. Reports.doc Costs.doc The C:\PublicReports folder allows the Full Control permission for the Users group. There are no other permissions assigned except the default permissions. You then take the following actions. You: Move Reports.doc from C:\Confidential to C:\PublicReports. Copy Costs.doc from C:\Confidential to C:\PublicReports. Which of the following BEST describes the permission the members of the Users group will have for the two files in the C:\PublicReports folder?
Users will have Deny Read for the Reports.doc file. Moving the file to the new folder on the same drive preserves the NTFS permissions assigned to the file. Users will have Allow Full Control for the Costs.doc file. Copying the file to the new folder removes any existing NTFS permissions so that only inherited permissions apply.
Using the Windows OS, Joe transfers a file in his Documents folder to a folder that has been configured to give Ann full control of all files. Instead of copying the files, Joe uses a move operation. Ann can read the file, but can't save any changes to it. Which of the following is MOST likely the reason that Ann cannot update the file?
When a file is copied in Windows, it's given the permissions in the destination folder, regardless of the original file permissions. When a file is moved, Windows attempts to keep the same permissions that the file had in the original folder. Most likely, the Modify and Write permissions for Ann were set to Deny when the file was in Joe's Documents folder. If Ann were a member of the Administrators group, most likely, she would have been able to update the file. The file permissions are independent of whether or not Joe is a member of the Administrators group. If the Modify and Write permissions for Joe on the destination folder were set to Deny, Joe would not have been able to transfer the file.
You want to configure User Account Control so that you see the permission prompt only when programs try to make changes to your computer (not when you make changes). You do not want the desktop to be dimmed when the prompt is shown. What should you do?
When you select the Notify me only when programs try to make changes to my computer (do not dim my desktop) option, the following happens: Notifications occur when programs make changes. Notifications do not occur when you make changes. The desktop is not dimmed, which means Secure Desktop is disabled.
Which of the following authentication methods allows you to securely connect a printer to the wireless network with the least amount of effort?
Wi-Fi Protected Setup (WPS) allows you to connect a device to the wireless network simply by pushing the button on the wireless access point. The connecting device then connects by using a WPS button or an 8-digit pin. WPS can only be used on a wireless network that is using a PSK and an appropriate encryption protocol. An open network is not secure and should not be used except in certain situations. A pre-shared key is the passphrase that is used to connect to the wireless network. This is a secure method, but would not require less effort than using WPS. Implementing a captive portal forces a user to view and interact with the portal before accessing a network. This method is not the most secure, nor does it require the least amount of effort to connect a device to the wireless network.
Which of the following must be set up before you can register a facial or fingerprint scan for your account?
Windows Hello requires you to set up a PIN before you can register a facial or fingerprint scan for your account.
Which of the following is an encryption algorithm that includes a base key, the MAC address of the wireless access point, and a unique packet serial number for each transmitted packet?
With TKIP (Temporal Key Integrity Protocol), each packet is given a unique encryption key. TKIP accomplishes this by mixing: A base key The MAC address of the wireless access point A unique packet serial number AES (Advanced Encryption Standard) is typically combined with Counter Mode with Cipher Block Chaining Message Authentication (CCMP) to enhance wireless network security. AES does not use a base key, a MAC address, or a unique packet serial number associated with each packet transmitted. RADIUS and Kerberos are authentication protocols that allow only authorized users to access a wireless network. These protocols are not encryption algorithms.
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to a locked door in the reception area. They use an iPad application to log any security events that may occur. They also use their iPad to complete work tasks as assigned by the organization's CEO. Network jacks are provided in the reception area so that employees and vendors can access the company network for work-related purposes. Users within the secured work area have been trained to lock their workstations if they will be leaving them for any period of time. Which of the following recommendations are you MOST likely to make to this organization to increase their security? (Select two.) Answer
You should recommend the following: Disable the network jacks in the reception area. Having these jacks in an unsecured area allows anyone who comes into the building to connect to the company's network. Train the receptionist to keep their iPad in a locked drawer when not in use. Tablet devices are small and easily stolen if left unattended. The receptionist's desk should remain where it is currently located because it allows them to visually verify each employee as they access the secured area. Biometric locks are generally considered more secure than smart cards because cards can be easily stolen. Training users to lock their workstations is more secure than using screen saver passwords, although this may be a good idea as a safeguard in case a user forgets.
What does Active Directory use to locate and name network objects?
Active Directory uses DNS (Domain Name Services) to locate and name objects. IPv4 is an internet protocol version that is used to route most internet traffic. IPv4 is not a naming convention. A domain controller is a Windows server that holds a copy of the Active Directory database. A domain controller is not used to name Active Directory network objects. Containers in Active Directory help organize the network objects in the directory database. Containers are not used to name Active Directory network objects.
Administrative Templates are Registry-based settings that you can configure within a GPO to control a computer system and its overall user experience. Which of the following can you do with an Administrative Template? (Select two.)
Administrative Templates are Registry-based settings that you can configure within a GPO to control a computer system and its overall user experience. They include the ability to do things like control notifications and restrict access to Control Panel features. Software restriction policies allow you to identify allowed or blocked software, let users run only the files you specify, and determine who can add trusted publishers.
Mobile device applications fall into two categories. Some are reviewed, approved, and signed with a certificate by the app service, while others are not. Which category do apps fall into if they have been reviewed, approved, and signed with a certificate?
Apps that have been reviewed, approved, and signed with a certificate by the app service are referred to as trusted apps. Apps that have not been reviewed, approved, or signed with a certificate by the app service are referred to as untrusted apps. Untrusted apps might be safe, but it is risky to install them, and most devices won't allow them to be installed by default.
Which of the following is true of the Windows BitLocker program?
BitLocker is designed to protect files against offline access only. BitLocker is not designed to protect file against online access. This is the purview of EFS. BitLocker is not designed to encrypt individual files. BitLocker encrypts the entire hard drive. BitLocker is not designed for use on the Home edition of Windows 10 or later. BitLocker is only available on the Ultimate and Enterprise editions.
Jane, an employee in the human resources department, has created several important PDF documents on her computer that all office managers in her building must read. She would like to make locating these files simple and maintain them as little as possible. It is important that no other users are permitted to view these documents. As the IT technician for your company, Jane has asked you to make this possible. Which of the following would MOST likely fulfill Jane's request?
By creating a network share for Jane's folder that contains her documents, you can grant the managers the ability to see and read these documents. All other employees will not have access if the rights are granted appropriately. If a manager forgets the path, they will still be able to easily find the folder by looking for shared folders on her computer. Administrative shares are created by the operating system, so you cannot set specific share permissions and file security. A hidden share is a form of network share that cannot be viewed by others when they are searching for the shared location. These shares are created by adding a dollar sign ($) to the end of the share when it is created. Although this could work for Jane's files, it would require that Jane give the path to each manager. Since Jane wanted to make this process as simple as possible, using a network share would be easier. A VPN, or virtual private network, allows you to create a secure tunnel between your company network and a remote location over an existing connection, usually the internet. This is not required to share folders with fellow employees on the same local network. A remote desktop connection gives someone the ability to log on to another computer from their computer. This would not be a suitable solution, as it would be difficult to limit rights.
Which of the following statements are true regarding administrative shares? (Select two.)
By default, Windows automatically creates an administrative share for every volume. Because administrative shares are not visible when browsing the network, you must use the UNC path to connect to an administrative share. Only members of the Administrators group can access default administrative shares. Adding a $ sign (not a !) to the end of a share name creates an administrative share.
Which of the following hard drive destruction methods only works with mechanical hard drives?
Drilling only works with mechanical hard drives since this method involves drilling holes through the platters. Disk shredding and incineration work with both mechanical and solid-state drives. A low-level format is not a hard drive destruction method.
What normally happens to your mobile device after ten failed login attempts? (Select two.)
Most mobile devices are configured by default to allow only a set number of failed login attempts, which is usually ten. If more than ten failed logins are attempted, the mobile device will automatically wipe the contents and reset to the factory defaults. Locking mobile device applications, an email indicating a security breach, and encrypting the device data are not the normal actions taken (if at all) by the device as security measures.
Which of the following authentication combinations is an example of multi-factor authentication?
Multi-factor authentication means that at least two categories of authentication methods are utilized. Of these options, having the user input a PIN (something you know) and use an authentication app (something you have) is the only example of multi-factor authentication. Fingerprints and retinal scans both fall under something you are. Usernames and passwords both fall under something you know. Smart cards and one-time codes both fall under something you have.
You manage the two folders listed below on your computer. C:\Confidential D:\PublicReports The C:\ drive is formatted with NTFS, and the D:\ drive is formatted with FAT32. On the C:\Confidential folder, you edit the properties for the following two files and assign the Deny Read permission to the Users group: Reports.doc Costs.doc You then take the following actions. You: Move Reports.doc from C:\Confidential to D:\PublicReports. Copy Costs.doc from C:\Confidential to D:\PublicReports. Which of the following BEST describes what happens to the permissions for both files as they are created in the D:\PublicReports folder?
Permissions will be removed from both files. Moving or copying files to a non-NTFS partition removes all permissions (FAT32 does not support NTFS permissions). Moving files to the same NTFS partition preserves the permissions. Copying files to another partition (NTFS or otherwise) removes existing permissions. Copied files on an NTFS partition inherit the permissions assigned to the drive or folder, and copied files on a non-NTFS partition do not inherit permissions because no permissions exist.
Which of the following wireless security methods uses a common shared key that is configured on the wireless access point and all wireless clients?
Shared key authentication is used with WEP, WPA, and WPA2. Shared key authentication with WPA and WPA2 is often called WPA Personal or WPA2 Personal. WPA Enterprise and WPA2 Enterprise use 802.1x for authentication. 802.1x authentication uses usernames and passwords, certificates, or devices such as smart cards to authenticate wireless clients.
You are attempting to sign in to a computer that requires a picture password. How would you sign in?
The picture password option allows you to swipe and tap a photograph to unlock your device. You can choose a picture and then select a three-step gesture that you use to sign in.
What does Windows 11 do when you log in with an administrator account with elevated privileges?
When a standard user logs on, a standard user token is created. But when an administrator logs on, two access tokens are created. Windows creates a standard user token, and then Windows also creates an administrator token. Providing login credentials does not immediately give you administrative credentials. Windows 11 creates a user and an administrative token based on the credentials. These tokens allow Windows to grant you elevated privileges. You receive no notification that you have administrative privileges when you log in with an administrator account.
Which of the following should you perform when disposing of a computer?
You should always perform low-level formatting of the hard drive when you dispose of a computer. The motherboard does not need to be shredded when disposing of a computer. The hard drive does not need to be locked in storage when disposing of a computer. You do not need to document the Chain of Custody when disposing of a computer.