COMPTIA Complete Questions Core 2

Default password

A default password is not a part of patching. The home router management software will prompt users to change the default password to secure the administrator account.

Duress Alarm System?

A duress alarm could be implemented as a wireless pendant, concealed sensor or trigger, or call contact.

A security company was asked to help set up physical security at a massive company to identify concealed weapons coming into the building. What should the company implement?

A handheld magnetometer is a type of metal detector that is often deployed at airports and in public buildings to identify concealed weapons or other items.

A security analyst is looking at the overall security status of systems on the network. Which of the following represents the greatest risk?

A legacy or end of life (EOL) system is one where the software vendor no longer provides support or fixes for problems. These represent the greatest risk to the network.

Describe motion sensors?

A motion-based alarm is linked to a detector triggered by movement within an area. The sensors in these detectors are either microwave radio reflection or passive infrared (PIR), which detects moving heat sources.

Share-level

Share-level permissions only apply when a folder is accessed over a network connection. They offer no protection against a user who is logged on locally to the computer hosting the shared resource.

Circuit based alarm?

A circuit-based alarm sounds when the circuit is opened or closed. This could be caused by a door or window opening or by a fence being cut.

A server administrator sets up static network configurations for servers since they do not want the IP address to change. The administrator sets up the IP address on a 24-bit subnet. What should the administrator set the subnet mask to?

255.255.255.0 Administrators can also adjust the IP configuration via the settings app. In this dialog, they need to enter the mask as a prefix length in bits. A 255.255.255.0 mask is 24 bits.

An IT manager wants to secure a storage room with expensive server equipment. Which of the following will provide the best contactless security?

Badge reader A badge reader offers the most security. Some types of electronic locks work with a hardware token rather than a PIN. The token might be a basic magnetic swipe card. A more advanced type of lock works with a cryptographic contactless smart card or key fob.

A user's phone is randomly rebooting all the time. What should the user do first to diagnose the issue?

Battery diagnostics A device that randomly reboots might be overheating, having a low battery charge, or having a faulty battery or other hardware. If users can rule out hardware causes, such as throttling due to high temperature or low battery charge, a device that is slow to respond can be an indication of resources being inadequate. Use the notification drawer or control center to check that the rotation lock is not enabled if a screen is not auto-rotating. When an update does not download, connect the device to building power and Wi-Fi. An update may be blocked when there is insufficient battery charge or when the device is connected to a metered network.

A user calls into the helpdesk after receiving a recent update to their computer and now certain functions are no longer working properly. The helpdesk technician asks for their FQDN. What would be an example of the FQDN?

A.userhost.comptia.com userhost.comptia.com would be an example of a fully qualified domain name (FQDN). This includes both the name of the host as well as the domain it is on.

ACE

Access control entries (ACEs) assign a set of permissions to a principal under the NTFS file structure. A principal can either be a user account or a security group.

A server administrator helps the human resources department whitelist an external website for their new training platform. What will the administrator need to do to ensure the web page shows up as secure?

Add trusted certificates. When using enterprise certificates for internal sites and a third-party browser, the administrator must ensure that the internal CA root certificate is added to the browser.

A server administrator wants to connect to a users' computer. They are trying to get their patching numbers up and discover that users must pull the updates, so the administrator wants to push a script that forces the pull. The administrator wants to copy the file to users' automatically hidden shares. Which of the following could the administrator use? (Select all that apply.)

C$ ADMIN$ In addition to any local shares created by a user, Windows automatically creates hidden administrative shares. This includes the root folder of any local drives (C$). It also includes the system folder (ADMIN$). Administrative shares can only be accessed by members of the local Administrators group.

A security manager sets up a defense in depth mechanism and sets up monitoring to catch communications from the attacker to the malware. What is the manager monitoring for?

C2 Whether a backdoor is used as a standalone intrusion mechanism or to manage bots, the threat actor must establish a connection from the compromised host to a command and control (C2 or C&C) host or network.

A company sets up a mobile device management policy. The company has concerns about the controllability of the devices due to liability, so they are going to purchase the devices for employees to use for business. What is this policy considered?

COBO Corporate-owned, business only (COBO) means the device is the property of the company and may only be used for company business. With bring your own device (BYOD), the mobile device is owned by the employee. The mobile will have to meet whatever profile is required by the company. With corporate-owned, personally enabled (COPE), the device is chosen and supplied by the company and remains its property. In choose your own device (CYOD), it is similar to COPE but the employee is given a choice of device from a list

A security engineer wants to learn how to code in Python but is running a Windows box. Which of the following is the easiest interpreter to set up for Windows?

CPython CPython is the simplest environment to set up for Windows. When using CPython in Windows, there is a console interpreter (python.exe) and a windowed interpreter (pythonw.exe). Pypy is another interpreter that will work, but CPython is easier to set up. A Python project can either be run via an interpreter or compiled as a binary executable. The Windows Script Host (wscript.exe and cscript.exe) supports JavaScript, but not Python. JavaScript is also supported on macOS for automation (along with AppleScript). Cscript.exe does not support Python either. Python script files are identified by the .PY extension.

A user at a large organization notices that their computer is extremely sluggish. This happened shortly after the user clicked on a link in an email that seemed suspicious. Where should the user most likely report this to?

CSIRT Larger organizations will provide a dedicated Computer Security Incident Response Team (CSIRT) as a single point of contact so that a security incident can be reported through the proper channels. When a user installs software, they must accept the license governing its use, often called the end-user license agreement (EULA). It is unlikely that a computer forensic professional will be retained by an organization, so such investigations are normally handled by law enforcement agencies. While it is possible the security team may want tickets to route through the help desk, the CSIRT team will typically be the actual ones that it is ultimately reported to.

A server administrator wants to secure a whole row of servers. What would be the best way to secure access to the servers?

Cabinet locks Lockable rack cabinets control access to servers, switches, and routers installed in standard network racks. These can be supplied with key-operated or electronic locks.

what's a chassis locks?

Chassis locks and faceplates prevent the covers of server equipment from being opened. These can prevent access to external USB ports and prevent someone from accessing the internal fixed disks.

An administrator wants to test their backups to ensure that in the event of a real emergency there will not be any unforeseen problems. Which of the following is NOT a common validation?

Check RPO. The recovery point objective (RPO) metric is done as part of the backup strategy and not validation. The basic consideration is whether reconstructing the lost data manually is possible or cost-effective compared to the cost of implementing the backup. One technique is to try restoring some of the backed-up data into a test directory, making sure to not overwrite any data when doing so. Most backup software can use hashing to verify that each job is a valid copy of the source data. It is also important to verify media integrity regularly, such as by running chkdsk on hard drives used for backup.

A Windows user decides to start testing out Macs. They are working on a paper for school and need to cut and paste quite a bit. On the PC keyboard, they use Ctrl+C and Ctrl+V. What key should they use on the Mac?

Command Where PC and Linux keyboards use CTRL, ALT, ALTGR, and START modifier keys, Mac keyboards have an APPLE/POWER key and COMMAND, OPTION, and CONTROL keys. COMMAND is closest to the CTRL key in terms of functionality.

A user wants to secure their home router. Which of the following are strong security practices? (Select all that apply.)

Content filtering Firmware update Content filtering means that the firewall downloads curated reputation databases that associate IP address ranges, FQDNs, and URL web addresses with sites known to host various categories of content like malware, spam, or other threats. Users should keep the firmware and driver for the home router up to date with the latest patches. This is important because it allows the user to fix security holes and support the latest security standards, such as WPA3.

A security manager is looking at mobile security for company devices. They are investigating no-root firewalls and understanding how this works. Which of the following best describes no-root firewalls?

Control access through a VPN. ''No-root" firewalls work by creating a virtual private network (VPN) and then controlling app access to the virtual private network (VPN). The "no-root" firewalls do not control access locally because they would need root privileges to do so. It gets around this by setting up a VPN and controlling the firewall through the VPN.

A security analyst sets up a new mobile device management policy and is looking into remote wiping, device wiping, and enterprise wiping. Which of the following will the enterprise wipe erase? (Select all that apply.)

Corporate container Business accounts If the device is enrolled with mobile device management (MDM), an enterprise wipe can be performed against the corporate container only. An enterprise wipe also removes any corporate accounts and files. If a device is lost with no chance of recovery, it may be necessary to perform some level of remote wipe to protect data and account credentials. An enterprise wipe leaves personal apps and settings alone. A device wipe performs a factory default reset and clears all data, apps, and settings. An enterprise wipe also leaves personal settings and files untouched.

A server administrator notices that a few servers in their screened subnet (demilitarized zone) went from around 5% central processing unit (CPU) utilization to 95%. They also notice the machines lack many patches. If malware infects the servers, what is the likely cause?

Cryptomining software A cryptominer hijacks the resources of the host to perform cryptocurrency mining. This is also referred to as cryptojacking.

A mobile device manager is looking at data encryption and the "Data Protection" setting. Which of the following does this protect?

Email data Email data and any apps using the "Data Protection" option are subject to a second round of encryption using a key derived from and protected by the user's credential.

A support technician receives a call from a user who cannot seem to go anywhere on the network, except for the share drive \\192.168.8.20\ShareDrive. Which of the following should the technician check first?

DNS If a service such as domain name service (DNS) is not working, users will be able to connect to servers by IP address but not by name.

A security manager proactively looks for solutions concerning illegitimate apps running on corporate iOS devices and stealing credentials to leverage against the infrastructure. What is the security manager concerned about?

Developer tools Under iOS, using the developer tools can be a means of installing apps from outside the App Store without having to jailbreak the device. The App Store is the official platform for browsing and installing applications. This app can be controlled through device management but tends to offer a safer alternative than sideloading. If an app fails to update, check that it is compatible with the current operating system (OS) version. Also, verify that there is sufficient storage space and an internet connection. A device that randomly reboots might be overheating, having a low battery charge, or having a faulty battery or other hardware.

A security analyst baselines web activity and notices several caveats with browsers. For example, they notice that when a user types in a query, a query is actually made after every typed key. The analyst is trying to group browser activity together. Which browser is based on the same code as Chrome?

Edge Edge, Microsoft's replacement browser, now uses the same underlying Chromium codebase as Google Chrome.

A manager is responsible for client laptops, and is concerned about exposing data on the disks to a different OS and the permissions becoming overridden. What will help prevent this possible attack?

Encrypting File System The Encrypting File System (EFS) feature of the New Technology File System (NTFS) supports file and folder encryption. EFS is not available in the Home edition of Windows.

A hotel manager notices that a wireless access point with the same service set identifier (SSID) is broadcasting with higher power. What attack could this indicate?

Evil twin An evil twin attack is similar to phishing but instead of an email, the attacker uses a rogue wireless access point to try to harvest credentials.

A company contracted out a development project to another country and had to grant certain permissions to the team, but during the extent of the project, the team was accessing files they should not have. The administrator investigates why they were able to access certain files. Which of the following applies last and sets the precedence for access?

Explicit permissions Directly assigned permissions (explicit permissions) always override inherited permissions, including "deny" inherited permissions.

A developer wants to create functionality for a web browser by making API calls on the back end. What should the developer build?

Extension Extensions add or change a browser feature via its application programming interface (API). The extension must be granted specific permissions to make configuration changes. With sufficient permissions, they can run scripts to interact with the pages the developer is looking at.

A security administrator wants to set up anomalistic monitoring around behavioral-based user activity. Which of the following could the administrator implement for monitoring? (Select all that apply.)

Failed attempts Login times Concurrent logins Monitoring login times are typically used to see if an account is logging in at an unusual time of the day or night or during the weekend. Concurrent logins are another behavioral-based monitoring mechanism. Most users should only need to sign in to one computer at a time, so this sort of policy can help to prevent or detect misuse of an account. Failed attempts can be a sign of malicious activity.

A security analyst receives a notification of possible malware based on common indicators. They run several different antivirus software against the disk, and the scans indicate no malware. What is the analyst's computer likely infected with?

Fileless malware Fileless malware refers to malicious code that uses the host's scripting environment, such as Windows PowerShell or PDF JavaScript, to create new malicious processes in memory.

A human resources specialist has started working from home. The specialist is somewhat security conscious and wants to keep their home network secure. What else besides the router operating system patches should the specialist keep patched?

Firmware Users should keep the firmware and driver for the home router up to date with the latest patches. This is important because it allows the user to fix security holes and support the latest security standards, such as WPA3.

A user is frustrated that an app continuously crashes after receiving a recent update. What is the first step the user should try?

Force stop and relaunch. f an app fails to launch, fails to close, or crashes, first use force stop to quit the app and try launching again. If restarting the service does not work, users can try clearing the app cache either from within the app or (in Android) using the Clear Cache option under App info.

What's a Kinsington lock?

Kensington locks are used with a cable tie to secure a laptop or other device to a desk or pillar and prevent theft.

A user is experiencing issues on their iPhone. The user should troubleshoot what first?

Hold the power button. On iOS, hold the Side/Top button for a few seconds to bring up the Power Off option. When troubleshooting, leave the device powered off for a minute, and then restart by holding the Side/Top button again. On Android, hold the physical Power button for a few seconds to bring up the Power Off prompt. Rebooting is a good troubleshooting step for both computers and phones. To factory reset an iOS device, use the option on the General page in Settings. On stock Android, initiate a reset from the System > Advanced section of Settings.

A penetration tester gains access to a regular user's box. The tester wants to escalate privileges, so they call into the help desk, as the regular user, and sets up a script that will capture the help desk user's Kerberos token to be able to replay. What is this social engineering technique called?

Impersonation Impersonation means that the penetration tester develops a pretext scenario to give themselves an opportunity to interact with an employee.

Implicit deny

Implicit deny means that unless there is a rule specifying that access should be granted, any request for access is denied.

Link-layer Topology Discovery

In Windows settings, the Link-layer Topology Discovery protocol provides network mapping and discovery functions for networks without dedicated name servers.

A security manager reviews user roles and grants the minimum privileges necessary. What did the manager implement?

Least privilege Least privilege means that a user should be granted the minimum possible rights necessary to perform the job. This can be complex to apply in practice, however.

A security manager is setting up a password policy for users. Which of the following is the best security practice when it comes to passwords?

Length Length is preferable to the use of highly cryptic mixing of character types. It will take an attacker significantly longer to crack a passphrase rather than a much shorter but complex password.

A user started using near-field communication (NFC) for payments; however, the user is unable to pay using NFC. Which of the following is NOT part of troubleshooting?

List in recipient's authorized list. To use Bluetooth, the sender must be listed in the recipient's contacts list. This is NOT a step in NFC troubleshooting.

A security manager sets up monitoring mechanisms to detect a rooted or jailbroken device. What type of security mechanism should the manager implement?

MDM Mobile-device management (MDM) suites have routines to detect a rooted or jailbroken device or custom firmware with no valid developer code signature and prevent access to an enterprise app, network, or workspace. The main tool to use to try to remediate an infected system will be antivirus (AV) software, though if the software has not detected the virus in the first place, then it is best to use a different suite. There are also firewall apps for mobile devices. These can be used to monitor app activity and prevent connections to ports or IP addresses. "No-root" firewalls work by creating a virtual private network (VPN) and then controlling app access to the VPN.

A security conscientious administrator wants to make computer authentication more secure. Which of the following would be the optimal method?

MFA An authentication technology is considered strong if it is multifactor. Multifactor authentication (MFA) means that the user must submit at least two different kinds of credentials.

A security analyst working on a monitoring team wants to implement new monitoring mechanisms around Secure Shell (SSH) authentication. Which of the following should the analyst focus on?

Monitor for compromised keys. Monitoring for and removing compromised client public keys is a critical security task. Many recent attacks on web servers have exploited poor SSH key management. SSH works over port 22. Quick Assist works over the encrypted HTTPS port TCP/443. The helper must be signed in with a Microsoft account to offer assistance. To connect to a server via Remote Desktop normally, open the Remote Desktop Connection shortcut or run mstsc.exe. This works over port 3389 though. In macOS, users can use the screen sharing feature for remote desktop functionality. Screen sharing is based on the Virtual Network Computing (VNC) protocol.

A user connects their laptop to the company's wireless access point, but the internet is very slow. A connection to the Wi-Fi with their corporate mobile device is even slower. What should the user try?

Move closer to the AP. On a mobile, be aware that the radio is less powerful than the one on a computer and that a low battery charge will weaken the signal strength. Try moving the device closer to the access point.

A company's threat intelligence team determines that one of a threat actor's techniques is to perform a denial of service against the Remote Desktop Protocol (RDP) functionality in servers. What can the company enable to help prevent this?

NLA Network Level Authentication (NLA) protects the Remote Desktop Protocol (RDP) server against denial of service attacks. Without NLA, the system configures a desktop before the user logs on. If remote desktop is used to connect to a server that has been compromised by malware, the credentials of the user account used to make the connection become highly vulnerable. RDP restricted admin (RDPRA) mode is one means of mitigating this risk. Remote credential guard is also a means of mitigating the risk with compromised credentials of compromised user accounts. In macOS, users can use the screen sharing feature for remote desktop functionality. Screen sharing is based on the Virtual Network Computing (VNC) protocol.

An administrator sets up a network share for the marketing team to collaborate. There is a need to protect the files from a user who is logged on locally to the computer hosting the shared resource. What type of permission should the administrator set up?

NTFS New Technology File System (NTFS) permissions are applied for both network and local access and can be applied to folders and to individual files.

A user calls in to support complaining that they can not seem to reach anything on the network. The user was able to receive an IP address of 169.254.15.83 though. What is most likely the problem?

No DHCP server found. When no Dynamic Host Configuration Protocol (DHCP) server can be contacted, the adapter will either use an address from the automatic IP addressing (APIPA) 169.254.x.y range or will use an address specified as an alternate configuration in IPv4 properties.

A Windows administrator wants to divide a domain up into different administrative realms to delegate responsibility for administering company departments. What should the administrator use to do this?

OU An organizational unit (OU) is a way of dividing a domain up into different administrative realms. Administrators might create OUs to delegate responsibility for administering company departments or locations.

A user visits a news site that they go to frequently and the news seems to be the same as it was the previous day. The user also hears complaints about people not having internet which is odd since they are on their normal news site. What is most likely going on?

Page is cached. By default, the browser will maintain a history of pages visited, cache files to speed up browsing, and save text typed into form fields. The page is most likely cached from the previous visit.

A developer is reading their email and comes across a new memorandum from the security department about a clean desk policy. Why does security need to publish this?

Personal identifiable information (PII) protection Paper copies of personal and confidential data must not be left where they could be read or stolen. A clean desk policy ensures that all such information is not left in plain sight.

A server administrator discovers that a server service account for a File Transfer Protocol (FTP) server was compromised. Which of the following exploits or vulnerabilities did the malicious actor use?

Plaintext A plaintext password can be captured by obtaining a password file or by sniffing unencrypted traffic on the network.

A network administrator analyzes the physical placement of routers or network appliances to ensure a secure location. What is the administrator helping to prevent?

Power off A non-malicious threat actor could damage or power off an appliance by accident. A malicious threat actor could use physical access to tamper with an appliance or attach unauthorized devices to network or USB ports or use the factory reset mechanism and log on with the default password.

A security engineer investigates legacy applications and employees that are still using them. Which of the following user groups represent a security concern?

Power users The power users group is present to support legacy applications. This approach created vulnerabilities that allowed accounts to escalate to the administrator's group.

A PC user is looking at the Wireless Network Connection settings on their Windows computer. Which of the following is the most important setting to verify in order to ensure the PC is capable of connecting to an existing network?

Protocol support Wi-Fi properties for the adapter are configured via Device Manager. The most important setting on a wireless card is support for the 802.11 standards supported by the access point.

A helpdesk operator is reviewing a notification that a user clicked links in a very suspicious email. What is the second step the operator should take?

Quarantine. After verifying the symptoms of malware, the host should be placed in quarantine, where it is not able to communicate on the main network.

A network administrator wants to enable authentication for wireless access points against an Active Directory database. Which of the following will the administrator need to use?

RADIUS Rather than storing and validating user credentials directly, wireless access points can forward authentication data between the Remote Authentication Dial-in User Service (RADIUS) server and the supplicant without being able to read it.

A jewelry chain has just discovered how to make a new form of jewels that has never been created before. They want to set up some sort of alarm if the jewels are taken out of their designated area. What type of alarm should the jewelry chain set up specific to the jewels?

RFID Radio frequency ID (RFID) tags and readers can be used to track the movement of tagged objects within an area. This can form the basis of an alarm system to detect whether someone is trying to remove equipment.

A user is experiencing what seems to be latency, which is affecting their ability to work. They decide to validate their theory with a ping test. What will indicate latency?

RTT If the ping is successful, it responds with the message Reply from IP Address and the time it takes for the host's response to arrive. The millisecond (ms) measures of round-trip time (RTT) can be used to diagnose latency problems.

A server administrator wants to keep up with security patches and points their machines to pull updates. What should the administrator point towards?

Repositories Copies of distribution packages (including any updates) will be posted to a software repository. Often the vendor will maintain different repositories. It can then be used to install, uninstall, or update the software.

A student is interning for a security team at a major company and wants to practice on their home network. They want to make sure devices are easily identified when traffic is examined. Which of the following will help them accomplish this?

Reservation One option is to create a reservation (DHCP) for the device on the Dynamic Host Configuration Protocol (DHCP) server. This means that the DHCP server always assigns the same IP address to the host.

A security manager at a top-secret facility assesses the feasibility of integrating biometric authentication but has heard that it is often not accurate. Which of the following is the most accurate form of biometrics?

Retina scanner Retinal scanning is one of the most accurate forms of biometrics. Retinal patterns are very secure, but the equipment required is expensive and the process is relatively intrusive and complex.

A vulnerability manager is ramping up the vulnerability management program at their company. Which of the following is the most important consideration for prioritizing patching?

Risk Risk is the likelihood and impact (or consequence) of a threat actor exercising a vulnerability. This is the most important aspect of the prioritization of patches.

A server administrator's profile is set up to copy the whole profile from a share at logon and copy the updated profile back at logoff. This allows the administrator to hop on to any of the company's computers. What technique was set up?

Roaming profile Roaming profiles copies the whole profile from a share at logon and copies the updated profile back at logoff.

A penetration tester looks to harvest credentials from users who log in locally. Where should the penetration tester look for users who authenticated locally?

SAM In a Windows local sign-in, the Local Security Authority (LSA) compares the submitted credential to the one stored in the Security Accounts Manager (SAM) database, which is part of the registry. This is also referred to as interactive logon.

A transportation company outfits its mobile units with devices that will enable them to analyze routes, patterns, and create efficiencies. The devices will connect to their cloud servers through a 4G WWAN. What will the company need to ensure the devices have?

SIM For GSM and 4G or 5G services, the adapter must also be fitted with a subscriber identity module (SIM) card issued by the network provider. The bandwidth depends on the technologies supported by the adapter and by the local cell tower (3G, 4G, or 5G, for instance).

A user is setting up their company phone and wants the login to be secure. Which of the following authentications is the least secure?

Screen swipe Simply swiping across the screen will unlock the device. While this might be suitable for a tablet deployed for shared or public use, access to a personal device must be protected by an authentication mechanism.

A server administrator for a corporation with an enterprise network was tasked with setting up a website hosted on-premise. How should the administrator set it up?

Screened subnet A screened subnet can also be referred to by the deprecated terminology demilitarized zone (DMZ). The idea of a screened subnet is that some hosts are placed in a separate network segment with a different IP subnet address range than the rest of the LAN.

UPnP means what?

Services that require complex firewall configuration can use the Universal Plug-and-Play (UPnP) framework to send instructions to the firewall with the correct configuration parameters.

A Linux administrator is looking at the bash history and sees the command chmod u+x file.sh. What was trying to be done with this command?

Set permissions. Permissions were being set on the script. Remember that in Linux, the script file must have the execute permission set to run. A Linux shell script uses the .SH extension by convention. Each statement comprising the actions that the script will perform is then typically added on separate lines. Every shell script starts with a shebang line that designates which interpreter to use, such as Bash or Ksh. Users can develop a script in any basic text editor, but using an editor with script support is the most productive way.

A user worries about downloading malicious software onto their corporate device. They worry most about which of the following?

Spoofed app A malicious app will typically spoof a legitimate app by using a very similar name and use fake reviews and automated downloads to boost its apparent popularity.

A coffee company sets up computer kiosks for customers. The company wants a hip trendy setting so they decide to use Mac computers. However, the person setting it up has no idea how to use Macs. What can they use to help them during setup?

Spotlight Search Spotlight Search can be used to find almost anything on macOS. To start a new search, click the magnifying glass in the menu bar or press COMMAND+SPACE to bring up the search box.

A network administrator is setting up administrative access to network devices. What common solution is used for this?

TACACS+ TACACS+ is an AAA protocol like RADIUS, but it is typically used for device administration rather than user access to the network.

A network professional sets up the ability to authenticate over Extensible Authentication Protocol over Wireless (EAPoW). Which of the following will the professional need to configure?

TACACS+ The network administrator will need to set up a TACACS+ server for an Authentication, Authorization, and Accounting (AAA) server. When the user has been authenticated, the AAA server transmits a master key (MK) to the wireless PC or laptop.

FAT32

The FAT32 file system does not support permissions. Many cameras or other similar devices use storage with FAT32, but it does not support permissions.

A user is looking at their file system on the Mac and sees a .app file. What is this indicative of?

The app has been installed. When the app has been installed, it is placed in a directory with a .app extension in the Applications folder.

A Linux administrator needs to run automation scripts and looks for a shell on their server. Which of the following should they NOT look for?

The terminal and shell are connected by a teletype (TTY) device that handles text input and output in separate streams.

A client systems administrator for Mac computers wants to ensure users' data is backed up locally. What should the administrator enable?

Time Machine The Time Machine prefpane enables data to be backed up to an external drive or partition formatted using either the Apple File System (APFS) or macOS's older extended file system.

A security manager in charge of the vulnerability program for the enterprise is looking at mobile security. They are reading about a "walled garden" approach. What does this entail?

Trusted source Mobile OS vendors use this "walled garden" model of software distribution as well. Apps are distributed from an approved store, such as Apple's App Store or the Windows Store.

A security manager puts together a security awareness campaign for mobile devices. Which of the following is least likely to be a symptom of malware?

Unexpected Reboots A device that randomly reboots might be overheating, having a low battery charge, or having a faulty battery or other hardware.

A security manager wants to set up a program where they can proactively mitigate malware infection as much as possible. Which of the following is least helpful in this endeavor?

Update trusted root certificates Updating trusted root certificates is helpful in the overall defense-in-depth security strategy, but is least helpful in this scenario in preventing malware. It does play its part though.

A network administrator wants to deploy firmware updates to their managed devices. Which of the following tools should the administrator set up for use?

WOL Remote network boot capability is often referred to as wake on LAN (WOL), plus the ability to enter system firmware setup and deploy firmware updates and OS installs. Endpoint detection and response (EDR) security scanning is associated more with security monitoring than the ability to push firmware. Remote monitoring and management (RMM) tools are principally designed for use by managed service providers (MSPs). An MSP is an outsourcing company that specializes in handling all IT support for its clients. Mobile-device management (MDM) suites are designed for deployment by a single organization and focus primarily on access control and authorization.

A network administrator sets up a network access control solution throughout the enterprise which allows them to see ports with multiple devices connected into a switch port. The administrator uses this to help identify wireless access points throughout the enterprise, especially older ones which may have been forgotten. Which of the following legacy wireless encryption mechanisms is the administrator going to change? (Select all that apply.)

WPA WEP The first version of Wi-Fi Protected Access (WPA) was designed to fix critical vulnerabilities in the earlier wired equivalent privacy (WEP) standard. Wired Equivalent Privacy (WEP) is an old legacy standard. Neither WEP nor the original WPA version is considered secure enough for continued use.

A network manager for a growing coffee company sets up wireless access points at cafe locations for users. The manager wants to set up access to allow anyone in the vicinity to join without a password but also make it as secure as possible. Which standard introduced this ability?

WPA3 In WPA2, Wi-Fi Enhanced Open traffic is unencrypted. WPA3 encrypts this traffic. This means that any station can still join the network, but traffic is protected against sniffing.

NLA

When a user connects to a new network, the Windows Network Location Awareness (NLA) service prompts the user to set the network type.

A security analyst analyzes how most attackers perform exploits against iOS operating systems. Which of the following is most applicable?

While tethered For most exploits, this can only be done when the device is attached to a computer while it boots (tethered jailbreak). iOS is more restrictive than Android, so the term "jailbreaking" became popular for exploits that enabled the user to obtain root privileges, sideload apps, change or add carriers, and customize the interface. Root access is associated with Android devices. Some vendors provide authorized mechanisms for users to access the root account on their device. Clearing the app cache is part of troubleshooting steps for apps crashing. It can be done either from within the app or (in Android) using the Clear Cache option under App info.

A server administrator wants to connect to a user's computer and push a file through Server Message Block (SMB). How should the administrator connect to the computer?

\\userhost\C$ To connect to a computer via SMB, the administrator should use \\userhost\C$.

A Firefox user wants to open up their browser settings to configure their intranet as the home page. How can the Firefox user access the settings?

about:preferences Users can open the internal URL for Firefox by going to about:preferences. Each browser maintains its own settings that are accessed via its Meatball (...) or Hamburger (☰) menu button as well.

A penetration tester is asked to perform an assessment on the new Mac laptops a company brought into the environment. After loading a shell on a user's computer, the tester needs to find the passwords. Where should the tester look?

keychain The keychain helps you to manage passwords for these accounts, other websites, and Wi-Fi networks. This feature is also available as iCloud Keychain.

An intern is going to work for the Linux administration team. They need to use a file editor but are not familiar with Linux. Which of the following is the easiest to use coming from a non-Linux background?

nano The Nano text editor is a basic example often preferred by those coming from a Windows environment. To open or create a file, use nano filepath or nano -l filepath to show line numbers.

Two IT friends are best friends and want to map each other's root shares. Which of the following commands will accomplish this?

net use M: \\BestFriend\C$ To map the root share on the computer BestFriend to the M: drive, they would use net use M: \\BestFriend\C$.

A vulnerability manager cleans up the patching program in their enterprise. After getting it back to a good state, the manager focuses efforts on hardening. They begin with a test box and want to look at open connections from services. What command should the manager use?

netstat The netstat command can be used to investigate open ports and connections on the local host. This can be used to see what ports are open on a server and whether other clients are connecting to them.

A network administrator responds to users calling in about a slow network. Which command should the administrator use to diagnose the chokepoint?

pathping The pathping command performs a trace and then pings each hop router a given number of times for a given period to determine the round-trip time (RTT) and measure link latency more accurately.

A security administrator wants to harden Linux machines and remove any unnecessary running processes. What command can the administrator use to inventory running processes?

ps The ps command invokes the process table, which is a record that summarizes the current running processes on a system.

A Linux server administrator wants to elevate their privileges. Which of the following commands will elevate their account? (Select all that apply.)

su sudo The su (switch user) command switches to the account specified by username: su username. It is possible to switch to the superuser account by omitting the username argument.