12.10, 12.11, 12.12, 12.13, 12.14, 12.15, 13.1, 13.2, & 13.3,
You have configured your Windows systems to automatically back up user data every night at midnight. You also take a system image backup once per month. What else should you do to ensure that you are protected from data loss?
-Regularly test restoration procedures. -Store a copy of all backups off-site. The only way to ensure that you are protected from data loss is to regularly test your restoration procedures. This activity will reveal whether or not your backup process is functioning properly and whether or not your restoration procedures will actually work. You should also store a redundant copy of your backups at an offsite location. The chance that a disaster at your main sight will also affect backups stored offsite is very small. Restoration privileges should be restricted to trusted staff to prevent confidentiality violations. However, this is a security issue and is not related to the issue of data restoration in this scenario. Write-protecting backup media will provide little protection for the stored data because it can be easily removed.
You are the IT administrator for a small corporate network. You're working on a computer for an employee. She says that when she turns the computer on it comes up with a funny screen that she doesn't recognize. In this lab, your task is to evaluate and repair the computer. The computer is automatically running the Windows Recovery Environment, which indicates that a boot failure has occurred. Your best option is to try an automatic repair.
1.Click the power button on the computer to turn it on. 2.Select Advanced options. 3.Select Troubleshoot. 4.Select Advanced options. 5.Select Startup Repair. 6.Allow the computer to boot into Windows. >>On a real computer, the Startup Repair option may take an hour or more.
A public library has purchased a new laptop computer to replace their older desktop computers and is concerned that they are vulnerable to theft. Which of the following laptop features should be used to physically secure the laptop?
A cable lock A cable lock can be used to physically secure a laptop to deter theft. Biometric authentication does not physically secure a laptop. A multi-factor password policy does not physically secure a laptop. An external encryption device does not physically secure a laptop.
Which tool would you use to configure the paging file location and size on a Windows system?
Advanced System Settings in Control Panel You manage virtual memory on a Windows system using Advanced System Settings in Control Panel. You can control the size and the location of the paging file. Use Hardware and Sound in Control Panel to manage hardware devices, such as printers. Use Administrative Tools to load MMC consoles such as Services or Computer Management. Cconfigure regional and language preferences using Clock, Language, and Region in Control Panel.
You need to configure File History to automatically delete any stored snapshots that are older than one month. Click the Control Panel option you would use to do this.
Advanced settings To clean up old versions, select the Advanced Settings option. Then select the appropriate cleanup interval from the Keep Saved Versions drop-down list. The Exclude Folders option is used to prevent certain folders from being protected by File History. The Select Drive option is used to specify which hard disk is used to store File History data. The Restore Personal Files option is used to retrieve previous versions of files protected by File History.
Which of the following is an important aspect of evidence gathering?
Backing up all log files and audit trails When gathering evidence, it is important to make backup copies of all log files and audit trails. These files will help reconstruct the events leading up to the security violation. They often include important clues as to the identity of the attacker or intruder. Users should not be granted access to compromised systems while evidence gathering is taking place. Damaged data should not be restored, and transaction logs should not be purged while evidence gathering is taking place.
You want to configure your Windows 10 workstation so that it can get Windows updates directly from other Windows 10 systems on the network that have already downloaded them from Microsoft. Click the Settings app option you would use to do this.
Choose how updates are delivered If you select the Choose How Updates are Delivered option in the Settings app, you can configure your system to get Windows update directly from Microsoft or from other workstations on the local network that have already download the updates your system needs. You can also configure your system to deliver updates to other Windows 10 systems.
Your client has hired you to evaluate their wired network security posture. As you tour their facility, you note the following: -Server systems are kept in a locked server room. -User accounts on desktop systems have strong passwords assigned. -A locked door is used to control access to the work area. -Users must use ID badges to enter the area. -Users connect their personal mobile devices to their computers using USB cables. -Users work in three 8-hour shifts per day. Each computer is shared by three users. Each user has a limited account on the computer they use. Based on this information, which of the following would you MOST likely recommend your client do to increase security?
Disable the USB ports on user's workstations. Users connecting their personal mobile devices to their computers using USB cables represents a significant security risk. Malware could be spread throughout the network. They could also copy sensitive information from the network to the device. Disabling all USB ports on all workstations will prevent this from happening. You should configure the BIOS/UEFI firmware with a password to prevent users from re-enabling the ports. Moving the server to an empty cubicle and assigning simple passwords will decrease the overall security of the network. It isn't necessary for each employee to have their own dedicated computer system.
What is the recommended size of the paging file under normal circumstances on a Windows 10 system with 8 GB of RAM installed?
Equal to the amount of physical RAM. Unless you are running applications that require large amounts of swap file space, the optimal setting for virtual memory swap file size is about the same size as the amount of physical RAM in the computer. Systems that have a very small amount of physical RAM installed may require a page file that is twice the size of the installed RAM. Systems with a moderate amount of physical RAM installed may require a page file that is about 1.5 times the size of the installed RAM. Systems with very large amounts of physical RAM installed typically don't require a large page file. If the paging file is too small, the system will spend excess time swapping memory data into and out of the swap file. This condition is known as thrashing, where system performance (particularly usability) becomes very poor, but hard drive activity is almost constant.
Which of the following terms describes a Windows operating system patch that corrects a specific problem and is released on a short-term, periodic basis?
Hotfix A hotfix is an operating system patch that corrects a specific known problem. Service packs include a collection of hotfixes and other system updates. Service packs are not released as often, but contain all hotfixes released to that time.
You have implemented a regular backup schedule for a Windows system, backing up data files every night and creating a system image backup once a week. For security reasons, your company has decided to not store a redundant copy of the backup media at an offsite location. Where would be the next best place to keep your backup media?
In a locked fireproof safe. If you can't store backup tapes at an offsite location, you should make sure that the backup tapes are locked up (for security), and that measures are taken to protect the tapes from a disaster (such as a fire). Strategies such as locking the tapes in a different room, keeping them on a shelf, or storing them in a drawer do not address both concerns.
Which of the following actions directly improves system security on a Windows workstation?
Install the latest updates. Installing the latest updates directly improves system security. Configuring restore points or password reset disks protect the system from failures and help you recover, but does not increase security.
While reviewing video files from your organization's security cameras, you notice a suspicious person using piggy-backing to gain access to your building. The individual in question did not have a security badge. Which of the following would you MOST likely implement to keep this from happening in the future?
Mantraps You could implement mantraps at each entrance to the facility. A mantrap is a specialized entrance with two doors that creates a security buffer zone between two areas. Once a person enters into the space between the doors, both doors are locked. To enter the facility, authentication must be provided. If authentication is not provided, the intruder is kept in the mantrap until authorities arrive. Cable locks are used to secure computer hardware. Lo-jack recovery services are used to locate stolen or misplaced computer hardware. Door locks with card readers were already circumvented in this scenario using the piggy-backing technique.
To protect a Windows 10 system, you've configured System Restore to automatically protect your system using restore points. Will this adequately protect the user data on the system?
No, you need to enable File History. You also need to create a backup of your user data. You can do this using File History Windows 10 and Backup and Restore on Windows 7. Storage Spaces is used to aggregate available storage space from multiple storage devices in the the system. A RAID 0 array does not provide data redundancy.
You have been having trouble with your laptop crashing. You would like your computer to create a memory dump file when it crashes. Where should you place the paging file?
On the system volume You must place the paging file on the system volume if you want Windows to be able to create a memory dump file when it crashes.
You have a set of DVD-RW discs that have been used to archive files for your latest development project. You need to dispose of the discs. Which of the following methods should you use to BEST prevent extracting data from the discs?
Shredding To completely prevent reading data from discs, destroy them using a DVD shredder or crushing. Degaussing only works for magnetic media such as floppy and hard disk drives. Simply deleting data offers little protection. Overwriting the data multiple times is not efficient in this scenario as the discs can simply be destroyed.
A security technician is conducting a forensic analysis. Which of the following actions is MOST likely to destroy critical evidence?
Shutting down the system Shutting down or rebooting a compromised system will erase the memory contents. An attacker may load and run a memory-resident program and immediately erase it from the disk. Shutting down or rebooting the system will destroy all evidence of the malicious program.
You have just installed the latest Windows updates on your Windows 10 computer. After the computer has rebooted, you get the following error message: Error: Windows failed to start. A recent hardware or software change might have caused the issue after you installed Windows updates. Since your computer won't start, you have booted your computer into the Advanced Options section of the Windows 10 recovery environment (see image). While troubleshooting this issue, which of the advanced options would be the BEST to try first? https://cdn.testout.com/_version_60144/pcpro2018v6-en-us/en-us/resources/text/t_recv_rcon_pp6/advancedoptions_hidden.jpg
Startup Repair The Startup Repair option scans your PC for problems like missing or damaged system files. It can't fix hardware issues or Windows installation problems, but it is the best first place to start if you are experiencing trouble booting into Window. System Restore lets you restore your computer back to a previous restore point. Although this may work, it will undo any change you have made since the last restore point was created. Therefore, it is best to try the Start-up Repair option first. System Image Recovery erases all of the data on your drive and replaces it with an image of Windows, which you must create prior. This would fix your issue, but you would lose any changes made to your computer after the image was created. For individuals who are well versed in command-line troubleshooting tools, the Command Prompt option may be of use. However, using this method, you must know the command to use. No menu options are provided. Selecting the Startup Settings option will restart your computer and bring up Startup Settings, a menu full of various special ways to boot to Windows, including Safe Mode. Attempting to boot to Safe Mode is a valid method, but will most likely fail in this scenario, as the installation of the Windows update has probably corrupted or inadvertently deleted a critical file required for booting.
Why should backup media be stored offsite?
To prevent the same disaster from affecting both the system and its associated backup media. Backup media should be stored offsite to prevent the same disaster from affecting both the system itself as well as its associated backup media. For example, if your primary facility is destroyed by flood or fire, then your data remains protected at an offsite location. Offsite storage does not significantly reduce the possibility of media theft because it can be stolen while in transit and while at the remote storage location. Offsite storage is not mandated by government regulation. Offsite storage does not improve the efficiency of the restoration process because additional time will be spent maintaining the backup media at the remote location.
You have 5 salespersons who work out of your office and who frequently leave their laptops laying on their desk in their cubicles. You are concerned that someone might walk by and take one of these laptops. Which of the following is the BEST protection to implement to address your concerns?
Use cable locks to chain the laptops to the desks. The main concern in this case is with laptops being stolen. The best protection against physical theft is to secure the laptops in place using a cable lock. Requiring strong passwords or using encryption might prevent unauthorized users from accessing data on the laptops, but does not prevent physical theft.
You are troubleshooting a Windows 10 system that won't boot. The system appears to initialize just fine and post completes correctly. However, Windows doesn't load, and an error message is displayed on the screen, indicating the operating system couldn't be found. You determine that the Master Boot Record (MBR) is corrupt. To fix the issue, you do the following: -Boot the system from the Windows 10 installation DVD. -Access the Recovery Environment. -Open a Command window. Enter the command you can run at the command prompt to address this issue.
bootrec /fixmbr The bootrec /fixmbr command writes a Windows-compatible MBR to the system partition. It does not overwrite the existing partition table. Use this command when you must resolve MBR corruption issues or when you have to remove non-standard code from the MBR.
You want to scan the integrity of all protected system files on your Windows 10 system, but not repair them. Which command should you use?
sfc /verifyonly Use sfc /verifyonly to scan the integrity of all protected system files, but not repair them. sfc /scannow scans the system and replaces altered files. sfc /scanfile scans the integrity of a specific file and repairs it if it has problems. sfc /verifyfile scans the integrity of a specific file, but does not repair it.
You have booted your Windows workstation into Safe Mode and enabled Boot Logging. To which log file is the boot logging information now being written?
-Ntbtlog.txt When you choose Enable Boot Logging, entries are written to the Ntbtlog.txt file. This file is created in the %WinDir% folder.
You turn on your desktop computer. You can hear the fans start up, but the monitor remains blank. You wait a while, but it doesn't appear that anything else is happening. The hard drive activity light doesn't show activity, and you never hear the sound that plays when Windows loads. Which of the following are the most likely cause of the problem?
-Video card -Memory -Processor When a computer first boots, it checks the processor, memory, and video card. If any of these three components are faulty, the boot process will stop. Depending on the problem, you might see nothing displayed on the screen. If the hard disk is bad, the system will boot past the BIOS, but be unable to locate the operating system files. You will see a message displayed on the screen indicating this and other problems (such as a bad keyboard). The startup sequence typically does not diagnose the mouse.
Which aspects of virtual memory can you configure on a Windows workstation?
-Maximum size of the paging file -Location of the paging file While the default behavior of Windows is to allow the operating system to manage virtual memory settings, the system administrator can control both the maximum size of the virtual memory paging file and the disk volume upon which the paging file is stored.
Anna, a home office user, employs a technician to check the security on a computer that was hacked. The technician discovers that the user's password is the name of Anna's dog and hasn't been changed in over a year. Which of the following security best practices should the technician recommend?
-Set a password expiration period. -Require a strong password. Strong passwords are harder to hack, and they should be changed frequently. Screen saver passwords may not be needed in a home office environment. Restricting user permissions for Ann will not increase security. Setting a lower number of password attempts may not be warranted in a home office environment.
You are the IT administrator for a small corporate network. You want to update the drivers for the user's sound card to see if it will correct some issues with the sound. Before doing so, you want to be able to easily revert back to the current state, in the event the update causes issues. To do this, you have decided to use the Windows system protection feature. In this lab, your task is to complete the following: -Turn on system protection on the C: drive and set a maximum of 5% of disk space for system protection. -Turn on system protection on the D: drive and set a maximum of 5% of disk space for system protection. -Create a manual restore point. When naming the restore point, choose your own name for the restore point.
1.Turn on system protection for the C: and D: drives. a.From the taskbar, select File Explorer. b.Right-click This PC and select Properties. c.From the left, select System protection. d.Select the disk to configure system protection. e.Select Configure.Select f.Turn on system protection. g.Under Disk Space Usage, slide the Max Usage tab to 5%. h.Select OK. i.Repeat steps 1d-1h for the additional drive. 2.Create a restore point a.Select Create to create a restore point. b.In the field provided, enter your own name as the name for the restore point. c.Select Create. d.Select Close.
Consider the virtual memory configuration for the Windows 10 system shown in the exhibit: https://cdn.testout.com/_version_60144/pcpro2018v6-en-us/en-us/resources/text/t_vmem_pp6/virtualmemory.png Given that this Windows 10 system has 16 GB of system RAM and three hard disks installed, which configuration change could you make to the paging file to increase system performance?
Add paging files to the E: and F: volumes. You can sometimes achieve a modest increase in system performance by adding paging files to other storage devices in the system. This offloads some of the paging file work to a disk other than the system volume. However, generally speaking, you should keep a paging file on the system volume. Without it, Windows can't create a dump file if the system crashes. With the amount of system RAM installed in this computer, creating a large paging file probably won't increase system performance.
One day, while trying to start your Windows 10 computer, the system displays the following error: Windows could not start. Could not read from the selected boot disk. Check boot path and disk hardware. Which of the following will most likely fix the problem?
Boot into the recovery environment and run the bootrec /rebuildbcd command. This error message is generated when the system cannot find the partition specified in the BCD database where the operating system files are located. For example, the database might be pointing to the D: drive for the operating system files, but that drive does not exist. Run bootrec /rebuildbcd to rebuild the boot loader database with a list of valid operating system locations. bootcfg /rebuild and fixmbr were used in early versions of Windows to fix boot problems. Reverting to a restore point will not fix the damaged boot files in this scenario.
Rodney, a user in the research department, reports that he is experiencing blue screen errors while using his Windows computer. You ask Rodney if anything has changed on the computer recently. Rodney explains that he recently installed a TV tuner board in an expansion slot. Now he has to reboot the computer every time he loads the TV tuner application to watch TV. You need to fix Rodney's computer and prevent Rodney from using the TV until you can install an updated driver. What should you do?
Boot the system into Safe Mode. Disable the TV tuner driver in Device Manager. You should disable the driver. Although you might be able to disable the driver without booting in Safe mode, booting in Safe mode is a good way to prevent drivers that could interfere with your task from being loaded. Resetting or reinstalling the operating system are drastic troubleshooting options. You should try simpler resolutions first before restoring to more aggressive options. Because the boot process is functioning, there is no indication that the boot sector or master boot record needs fixing using the Startup Repair.
System Restore is currently disabled for all volumes on a Windows 10 system. You need to enable System Protection for the C: volume. Click the option you would select to do this.
Configure To enable system protection in this scenario, you would select the C: volume from the Available Drives list and then click Configure. The System Restore option is used to revert the system to an existing restore point. The Create option is used to manually create a restore point. However, this can't be done until System Protection is first enabled on the volume. The Advanced tab is used to manage advanced system settings, such as visual effects and virtual memory.
Users have been experiencing periodic system lockups that generate the same error message. After checking Microsoft's website, you find that a hotfix is available to address the issue. What should you do next?
Deploy the hotfix on a test computer. Before deploying a hotfix, you should test it to make sure that you can successfully apply the fix, that the fix corrects the problem, and that it does not cause other problems. After it is tested, you should deploy the hotfix on all computers. Though the hotfix will be included in the next service pack, you should not wait until the service pack is released if you have problems that can be resolved by the hotfix.
Nathan, a long-time Mac user, has been using his Mac computer for some time now with no issues. Recently, however, he reported that his cursor turns into a pinwheel and he can't do anything. Which of the following would be the BEST first step for troubleshooting this issue?
Determine if the problem is caused by software or hardware. When troubleshooting system lockups, a good place to start is to determine if the problem is being caused by software or hardware. Once you know that you can narrow your troubleshooting steps further. All of the other options are valid ways to troubleshoot and fix problems causing a system lockup, but isolating the issue as a software or hardware issue is the first path to explore.
A technician was able to stop a security attack on a user's computer. When conducting a forensic investigation, which of the following actions should be performed FIRST?
Document what's on the screen Preserving evidence while conducting a forensic investigation is a trade-off. Any attempt to collect evidence may actually destroy the very data needed to identify an attack or attacker. Of the choices given, documenting what's on the screen is the least intrusive and the least likely to destroy critical evidence. Halting, disassembling, or stopping running processes may erase evidence.
A technician assists Joe, an employee in the sales department who needs access to the client database, by granting him administrator privileges. Later, Joe discovers he has access to the salaries in the payroll database. Which of the following security practices was violated?
The technician violated the principle of least privilege, the practice of limiting access rights for users to the bare minimum permissions they need to perform their work. Strong passwords are recommended to prevent unauthorized access, but in this scenario, the database is not password-protected. Multifactor authentication is the process of authenticating a user by validating two or more claims presented by the user, each from a different category, such as a password and the possession of a mobile phone, or a password and a fingerprint. Security personnel can grant access to a physical area using the entry control roster. A database is not normally protected by physical security.
How can you keep a Windows 10 system from automatically restarting after a critical system error occurs?
Use the Disable automatic restart after failure option on the Advanced Startup Options menu. By default, Windows is configured to reboot whenever a critical system error occurs (Blue Screen of Death). Use the Disable automatic restart after failure option on the Advanced Startup Options menu to stop the automatic reboots. Safe Mode with Networking is a variation of Safe Mode that also loads networking components if the problem is related to a network component. Safe Mode with Command Prompt is a variation of Safe Mode that allows you to boot to a command prompt. Neither of these options will stop the automatic reboots. The Last Known Good configuration option is not available in Windows 8 and later.
You work for a large company as the IT administrator. With the many external attacks being perpetrated in the form of security breaches being found in applications, you are concerned that your Windows 10 computers may be vulnerable. You also want to ensure that Windows is using the latest features. Which of the following would BEST protect your computers?
Windows updates By default, Windows 10 PCs automatically check for updates and install any updates it finds. Although this function can be disabled, Microsoft strongly encourages the use of automatic updates to find and install Windows update as well as to keep the computers up to date with the latest features. These updates often include patches to fix security issues found in applications. Automatic maintenance can be used to perform these checks. Scheduled backups are important to have and would be useful when a computer has a virus or the computer has been ransomed. They do not, however, keep the computer safe from application security leaks or update Windows with the latest features. Scheduled disk maintenance allows the system to diagnose and repair disk errors. It does not back up files.
As you are working on your Windows 10 computer during a fierce thunder storm, lightning strikes the nearby transformer, and your office loses all power. Since your laptop's battery is dead, your computer instantly turns off. Once power to the building has been restored, you turn your computer on and notice that you are now getting a missing DLL error message. Which of the following tools is MOST likely to rectify this issue?
sfc System File Checker (SFC) is integrated with Windows Resource Protection, which protects registry keys and folders as well as critical system files. If any changes are detected to a protected system file, the modified file is restored from a cached copy located in the Windows folder itself. The chkdsk (check disk) command checks the hard drive for errors, such as read errors and other storage related errors. If errors are found, chkdsk has the ability to try to fix these errors and repairs corrupted or missing DLL files. The defrag command lets you defragment your hard disk, but it does not fix missing DLL files. The bootrec command, or the bootrec.exe utility, is a tool provided by Microsoft in Windows Recovery Environment, or the Windows RE. It is typically used to troubleshoot boot issues and is capable of fixing such things as the mater boot record, the boot sector, and the Boot Configuration Data (BCD) store.
You want to make sure that you always have the latest patches installed on your workstation for an order entry application created by DataComLink corporation. What should you do?
-Configure the application to automatically download and install updates as they are released. -Check the DataComLink Website regularly for patches and updates to the software. The best ways to make sure that an application is up to date include the following: Manually check the manufacturer's website regularly for software updates.Configure the application to automatically download and install updates as they are released. Windows Update only works for Microsoft products and some critical driver files. It will not update third-party software. Most software companies do not contact you directly when updates are released.
One of the Windows workstations you manage has three user accounts defined on it. Two of the users are limited users while the third (your account) is an administrative user. Each limited and administrative user has been assigned a strong password. File and folder permissions have been assigned to prevent users from accessing each other's files. Which of the following would MOST likely increase the security of this system?
-Disable autorun on the system. -Set a screensaver password. You could increase the overall security of this system by disabling autorun on the system and setting a screensaver password. Enabling the Guest user account would decrease the security of the system, as would assigning simple passwords to user accounts. There's no such thing as a restricted user on Windows operating systems.
You need to protect the user data on a Windows 10 system. Which tools could you use to do this?
-File History -Windows 7 (Backup and Restore) You can protect user data on a Windows 10 system using the following tools: *File History can be used to protect user data. All user profile files (such as documents, music, and videos) are automatically backed up at a regular interval to a second storage device in the system. *Windows 7 (Backup and Restore) can be used to back up user data to backup media on a specified schedule. Previous Versions was used on Windows 7 to provide a similar function to File History on Windows 8.1 and later. Storage Spaces are used to aggregate storage space from multiple storage devices in the system. Work Folders are used to make files available on other devices, even when the main system is offline.
You have a computer that runs Windows 7, and you want to install Windows 10. You are not concerned about keeping any of the existing data currently on the drive, and you want to do a clean install. After placing the Windows 10 installation DVD in the optical drive, you restart the computer, but it does not boot to the DVD, and you are unable to install Windows. Which of the following are the BEST methods for installing Windows from the DVD?
-From the UEFI or BIOS firmware, change the boot order. -While the computer is rebooting, press the boot menu function key. Since the computer did not recognize the DVD on restart, you will need to either change the boot order from within the computes UEFI or BIOS firmware settings, or you can press the boot menu key, which will allow you to boot from the DVD. The exact function key that can be pressed is determined by the computer's manufacturer. Examples include, F8, F12, F11, and F10. The other key combinations listed in the question will not allow you to boot to the DVD.
To protect user data on a Windows 10 system, you've configured System Restore to automatically create restore points for the C: volume. Given that your user profile data is stored in the default directory (C:\Users), will this strategy adequately protect your users' data?
-No. You need to enable File History. -No. You need to create a backup of your user data as well. Using restore points alone is an incomplete strategy for protecting user data. You should also use Backup and Restore (Windows 7) in Control Panel to back up user data or enable File History. This is because System Restore on Windows 10 maintains restore points on the same hard disk as the data being protected. In the event of a disk failure, all data will be lost, including restore points. A RAID 0 array does not provide data redundancy.
You provide desktop support at the branch office of a bank. One of the Windows workstations you manage is used by a bank employee to set up new customer accounts and fill out customer loan applications. Each user account on the system has been assigned a strong password. A cable lock has been installed to prevent it from being stolen. Which of the following steps could be completed to BEST increase the security of this system?
-Remove the optical drive -Disable all USB ports in the BIOS/UEFI firmware configuration Because this system is used in a public are in close proximity to customers, you should disable all USB ports in the BIOS/UEFI firmware configuration and also remove the optical drive if it is capable of burning optical discs. This will help prevent data from being stolen from the system if it is left unattended. Because this system is used by bank personnel to service customers, it really can't be locked in a separate room. Likewise, disconnecting from the network or disabling its network jack would also make it unable to perform its required function.
You need to boot a Windows 10 system into Safe Mode. Which steps will accomplish this task? (Select TWO. Each choice is a complete solution.)
-Select Start > Settings > Update & Security > Recovery > Advanced startup > Restart Now. -Run the msconfig.exe utility and specify the boot mode. You can also boot the system into Safe Mode by selecting Start > Settings > Update & Security > Recovery > Advanced startup > Restart now. The computer restarts into the Advanced Startup Options and then select Troubleshoot > Advanced Options > Startup Settings > Restart. The system will restart and then select the desired Safe Mode option. Alternately you can run the msconfig.exe utility to specify which boot mode you would like to use, then reboot the system. When working with Windows 7 and earlier, pressing the F8 button during the system boot brings up the Advanced Boot Options menu. This option is not available by default on systems running Windows 8 and later. Pressing F2 during the boot process brings up the UEFI/Bios on many systems. Pressing ALT does not do anything on most systems.
Marcus was attempting to tweak the way his Windows 10 workstation boots when he inadvertently corrupted his system boot files. It will now no longer boot to a logon prompt. He boots the system from the Windows installation disc and accesses the Recovery Environment. What should he do next?
-Select Troubleshoot > Advanced Options > Startup Repair He should select Troubleshoot > Advanced Options > Startup Repair. This option should be able to fix his startup files. Resetting the PC would also work, but it is a much more drastic option. You should try simpler recovery options first before moving to more aggressive ones. Reverting to a restore point probably won't fix the problem as System Protection only protects Windows system files, not boot files.
You are a security consultant and have been hired to evaluate an organization's physical security practices. All employees must pass through a locked door to enter the main work area. Access is restricted using a biometric fingerprint lock. A receptionist is located next to the locked door in the reception area. She uses an iPad application to log any security events that may occur. She also uses her iPad to complete work tasks as assigned by the organization's CEO. Network jacks are provided in the reception area such that employees and vendors can access the company network for work-related purposes. Users within the secured work area have been trained to lock their workstations if they will be leaving them for any period of time. Which of the following recommendations are you MOST likely to make to this organization to increase their security?
-Train the receptionist to keep her iPad in a locked drawer when not in use. -Disable the network jacks in the reception area. You should recommend the following: -Disable the network jacks in the reception area. Having these jacks in an unsecured area allows anyone who comes into the building to connect to the company's network. -Train the receptionist to keep her iPad in a locked drawer when not in use. Tablet devices are small and easily stolen if left unattended. The receptionist's desk should remain where it is currently located because it allows her to visually verify each employee as they access the secured area. Biometric locks are generally considered more secure than smart cards because cards can be easily stolen. Training users to lock their workstations is more secure than screensaver passwords, although this may be a good idea as a safeguard in case a user forgets.
You have a Windows system with two SATA hard drives, one used for the operating system and the other used for storing data. You have traced recent problems to a fault in the system motherboard. You replaced the motherboard and reconnected all the hardware. When you started the computer, the system showed the startup information screen, but then returned an error that an operating system could not be found. What should you do?
-Verify the operating system SATA drive is configured as the boot drive in the UEFI configuration. -Change the boot order in the UEFI configuration. The most likely cause is that the boot configuration in the UEFI firmware of the new motherboard needs to be modified. First, you should specify that the SATA hard disk with the operating system installed is the hard disk to boot from. Then set the boot order to boot from the hard disk first. When you replace the motherboard, the UEFI chips are replaced and previous boot configuration is lost.
While using a Windows 10 system, you accidentally downloaded and installed a malware package from a phishing email exploit. You were able to reboot the system into Safe Mode and use System Restore to revert the system to a point in time before the malware infection occurred. Given this information, which of the following are true?
-Your user files were not affected when the system was reverted to the restore point. -You must reinstall any applications that were installed after the restore point was taken. After reverting the system to a prior restore point in this scenario, the following facts are true: -Your user files were not affected when the system was reverted to the restore point. -You must reinstall any applications that were installed after the restore point was taken. On Windows 10, restore points contain snapshots of system files, registry settings, program files, and any other batch, script, or executable files. When you restore a system to a restore point, previous settings are restored, while subsequent changes are removed. For example, any applications installed after the restore point was created are no longer installed. However, user data is not affected when your revert to a restore point. Any changes made to user data after a restore point is created are retained if the restore point is restored.
You have just received a call from one of your customers. He informs you that after turning his computer on, he received the following error: -Error loading operating system BOOTMGR is missing Press Ctrl+Alt+Del to restart Every time he restarts his computer, the same error is shown. Which of the following tools is BEST for fixing this issue?
-bootrec To fix a master boot record (MBR) error, run Bootrec /fixmbr. Other switches can also be used to fixe the boot sector or rebuild the entire boot configuration data. DiskPart is a disk partition utility. FORMAT is a command/program to format a drive. Formatting a drive erases all data on that drive. CHKDSK can identify and automatically correct file system errors and make sure that you can continue to load and write data from the hard disk. CHKDSK will not fix a problem with the MBR.
You are the IT administrator for a small corporate network. Currently, the computer in Office 1 has a single paging file managed by the system on the system volume (C:). You need to move the paging file to the D: volume. In this lab, your task is to complete the following: *Disable system-managed paging file settings. *Delete the paging file on the C: drive. *Create a paging file on the D: drive using the following settings: -Initial size: 2048 -Maximum size: 3072 *Reboot to apply the changes and wait for it to restart.
1.Disable system-managed paging file settings as follows: a.From the taskbar, open File Explorer. b.Right-click This PC and select Properties. c.Select Advanced system settings. d.Under Performance, select Settings. e.Select the Advanced tab. f.Under Virtual Memory, select Change. g.Unmark Automatically manage paging file size for all drives. 2.Delete the paging file on the C: drive as follows: a.Under Drive [Volume Label], select C: [System]. b.Select No paging file. c.Select Set. d.Click Yes. 3.Create a paging file on the D: drive as follows: a.Under Drive [Volume Label], select D: [Data]. b.Select Custom size to manually configure the paging file settings. c.In the Initial size field, enter 2048. d.In the Maximum size field, enter 3072. e.Select Set. f.Click OK. g.Click OK to agree to restart the computer. h.Click OK to close the Performance Options window. i.Click OK to close the System Properties window. 4.Select Restart Now and wait for the computer to reboot.
The employee who uses Office1 is responsible for developing an important new advertising campaign. To protect her data, you've decided to enable File History on her Windows 10 system and configure it to take frequent snapshots of her files. In this lab, your task is to complete the following: Enable File History on the Data (D:) volume. Configure File History to save copies of files every 10 minutes. Retain previous versions of files for 3 months.
1.Enable File History on the Data (D:) volume as follows: a.In the search field, enter Control Panel. b.Under Best match, select Control Panel. c.Select System and Security. d.Select File History. e.Verify that Data (D:) has been selected for storing File f.History information. g.Select Turn on. 2.Configure File History as follows: a.On the left, select Advanced settings. b.In the Save copies of files drop-down list, select Every 10 minutes. c.In the Keep saved versions drop-down list, select 3 months. 3.Select Save changes.
Susan, who uses Office1, produces your organization's monthly magazine. While working on an upcoming issue, she accidentally deleted significant portions of the layout image. In addition, she made extensive changes to the cover artwork, but has now been asked to discard the changes and use the original artwork. She has asked you to help her recover older versions of her files in the Pictures library so she can meet her publishing deadline. In this lab, your task is to complete the following: -Restore the Layouts\June2020Issue.jpg file to the version that was last modified on March 16 at 11:15 AM. -Restore the Images\coverart.jpg file to the version that was last modified on March 16 at 12:15 PM.
1.From the taskbar, open File Explorer. 2.Maximize the window for easier viewing. 3.In the left pane, expand This PC. 4.Expand System C:. 5.Expand Users. 6.Expand Susan. 7.Expand Pictures. 8.Restore the June2016Issue.jpg file as follows: a.Select Layouts. b.Right-click June2020Issue.jpg and select Restore previous versions. c.Select the 11:15 AM version. d.Select Restore. e.When prompted that the file already exists, select Restore, and then OK. f.Select OK. g.Right-click June2020Issue.jpg and select Properties. h.Verify that the file is 115.44 MB in size and was last modified on March 16 at 11:15:12 AM. 9.Restore the coverart.jpg file as follows: a.In the left pane, select Images. b.Right-click coverart.jpg and select Restore previous versions. c.Select the 12:15 PM version. d.Select Restore. e.When prompted that the file already exists, select f.Restore, and then OK. g.Select OK. h.Right-click coverart.jpg and select Properties. i.Verify that the file is 1.09 MB in size and was last modified on March 16 at 12:15:12 PM.
You are the IT administrator for a small corporate network. You are configuring Windows Update on the Office2 workstation in Office 2. In this lab, your task is to complete the following: Set the active hours of the workstation to 6:00 a.m. to 11:00 p.m. -Configure Windows Update to install updates semi-annually. -Allow other Microsoft products to update when I update Windows. -Defer the update to 90 days. -Set security improvements to 0 days. -Set Pause Updates to Off.
1.Right-click Start and select Settings. 2.Maximize the window for easier viewing. 3.Select Update & security. 4.Under Update Settings, select Change active hours. 5.Set the Start time to 6:00 a.m. 6.Select the check mark. 7.Set the End time to 11:00 p.m. 8.Select the check mark. 9.Select Save. 10.Select Advanced options. 11.Select Give me updates for other Microsoft products when I update Windows. 12.From the Choose when updates are installed drop-down list, select Semi-Annual Channel. 13.From the deferred update drop-down list, select 90. 14.From the deferred security improvements drop-down list, select 0. 15.Set Pause Updates to Off.
Bob calls and complains that he has suddenly started getting a lot of unwanted email. Which of the following is the BEST type of software to install to help solve Bob's problem?
Anti-spam In computer terms, SPAM email (or junk email) is the unsolicited email users receive. One of the best ways to prevent receiving this type of email is to use anti-spam software. Anti-malware software helps protects a computer from software that is intentionally designed to cause harm or damage to your computer. Anti-virus software helps protect the infiltration and spread of malicious code that is designed to alter the way a computer operates. Anti-plagiarism software helps detect when someone has plagiarized someone else's material.
You work as the IT administrator for a small startup company. Lily's computer has two internal hard drives and runs Windows 10. She is concerned that she may accidently delete a file or that her primary hard disk may fail at some future time. She has come to you for suggestions about how to protect her files. Due to the size and revenue of this startup company, resources are somewhat limited. Which of the following would BEST protect Lily's files?
Back up her files using File History. Windows 10 includes the ability to back up files to another drive. This service is known as Back up using File History and can be found under Settings > Update & Security > Backup. This drive could include such things as a second drive in a computer, a USB-connected drive, or a network drive. Lily could use this feature to back up her files from her primary drive to her second drive, or you could purchase her an inexpensive USB drive she could automatically back files to. With the limited funds available, buying a third-party backup software probably isn't feasible at this time. Having Lily copy her files to a network share would work for files she creates, but counting on her to back these up on a regular basis is risky. Scheduled disk maintenance allows the system to diagnose and repair disk errors. It does not back up files.
Wendy had been searching the internet for a great deal on jewelry. While looking at one site, a pop-up was displayed that told her she had just been chosen as the winner of a nice prize. Being excited to win, Wendy clicked on the link provided to claim her prize. The next day, when Wendy tried to turn on her computer, her computer displayed the Blue Screen of Death (BSOD). After interviewing Wendy, you suspect that the pop-up she clicked on installed some malicious software that has caused her computer to lock up. Which of the following is the BEST place to begin repairing Wendy's computer?
Boot the computer from the Windows installation disc and run Startup Repair. Although BSOD can be caused by many things, given the circumstances and your suspicion that malware may be the cause, you should first isolate Wendy's computer and then try to make her computer bootable by running Startup Repair. Startup Repair attempts to fix problems that keep Windows from loading. If this process fixes her computer, you would then take the proper steps to find and remove the malicious software that caused the issue in the first place. If the computer does not boot after completing the above, you can try to run a System Restore. This would recover your computer to a previous point, but all of the changes made after the restore point was created would be lost. If the restore process fails, you could then try to Reset the PC. Keep in mind that this step may get the computer running again, but it will remove all of the applications and settings. If this step does work, you must still check for malicious software that may be disguised as a personal file. If all else fails, a clean installation of Windows can be performed. And if a backup of Wendy's files are available, they can be restored.
You are the IT administrator for a small corporate network. You have just changed the SATA hard disk in the workstation in the Executive Office. Now you need to edit the boot order to make it consistent with office standards. In this lab, your task is to configure the system to boot using devices in the following order: -Internal HDD. -CD/DVD/CD-RW drive. -Onboard NIC. -USB storage device. -Disable booting from the diskette drive.
Click the Power button on the computer. As the BIOS loads, press the Delete key. In the left pane, select Boot Sequence. On the right-hand side, select the device to modify the boot device order. Move the device up or down using the arrows to the right of the device list. Repeat steps 4-5 to modify additional device priorities as required. To the left, unmark Diskette Drive to disable the device. Select Apply. Select Exit.
You work for a company that offers their services through the internet. Therefore, it is critical that your website performs well. As a member of the IT technician staff, you receive a call from a fellow employee who informs you that customers are complaining that they can't access your website. After doing a little research, you have determined that you are a victim of a denial of service attack. As a first responder, which of the following is the next BEST step to perform?
Contain the issue. You have already identified the issue, so the next step is to take actions to stop the attack and contain the damage. Although it is important to preserve as much information as possible to assist in later investigations, it might be better to stop the attack, even if doing so alerts the attacker or results in the loss of evidence regarding the attack. After the attack is contained, the forensic team should be contacted to investigate, eradicate the issue, and perform other tasks to bring this incident to a close.
Employees in a small business have a habit of transferring files between computers using a USB flash drive and often bring in files from outside the company. Recently, a computer was infected with malware from a USB flash drive even though the employee did not access any files. Which of the following options would prevent this issue in the future?
Disable autorun. Disabling autorun would prevent the malware from installing when the flash drive was attached. Setting strong passwords is a best practice, but would not prevent the malware on a flash drive from installing. BitLocker is used to encrypt drives and will not prevent malware on a flash drive from installing. Configure screen savers to require a password is a best practice, but would not prevent the malware on a flash drive from installing.
A technician wants to destroy the data on a hard drive and repurpose it as a spare drive. Which of the following data destruction methods allow the reuse of the hard drive?
Drive wipe Drive wipe is a software-based method of overwriting the actual data that makes up files on the hard drive. The overwriting process is performed multiple times to remove the magnetic traces of previous data. The drive remains usable after a disk wipe. Incineration completely destroys both the data and the physical hard drive. Degaussing destroys the data on a hard drive, but also removes the low-level formatting. Degaussing can also destroy the electronic hardware in the drive. In either case, the drive will be unusable. Shredding completely destroys both the data and the physical hard drive.
You need to back up user data on a Windows 10 system. The computer has a single SSD storage device installed that contains both the Windows operating system (in C:\Windows) and user profile data (in C:\Users). You plan to do the following: -Use Backup and Restore to backup user data. -Run the backup automatically every night at 11:00 p.m. -Store the backups in the C:\Backups folder. -Include a system image in each backup. Will this configuration work?
No. Backups created with Backup and Restore can't be stored on the drive that contains the information being backed up. The configuration in the scenario will not work because backups created with the Backup and Restore utility can't be stored on the same drive containing the information being backed up. To fix this issue, a second hard disk or an external storage device needs to be added to the system. Windows 10 includes both File History and Backup and Restore utilities. System image backups can be included within a scheduled file backup.
You have purchased new computers and will be disposing of your old computers. These computers were previously used for storing highly-sensitive customer order information, including credit card numbers. To properly protect the accidental discovery of the company's sensitive information, which of the following steps MUST be completed prior to getting rid of the computers?
Physically destroy the hard drives with a hammer. Because the hard drives contained very sensitive information (such as credit card numbers), the best solution in this scenario is to physically destroy the drives. For example, they could be rendered useless with a hammer or hard disk shredder. Reinstalling Windows, repartitioning the drives, or even reformatting them will not remove all data remnants. Deleting data and applications from the hard drives also will not permanently remove data from the system.
During an airline flight, a laptop user makes last-minute changes to a presentation that contains sensitive company information. Which of the following would make it difficult for other passengers to view this information on the laptop display?
Privacy filter A privacy filter narrows the viewing angle of the laptop display so that only the person directly in front can see the display. A cable lock can be used to secure valuable items that can be easily removed from the workplace, like laptops. It would do nothing to prevent others from viewing the laptop display. Smart cards can provide authentication, but do nothing to prevent others from viewing the laptop display. A mantrap is used to control access between two areas that have different security levels. It helps prevent tailgating by requiring that the entry into the mantrap from one area close before entry to the second area is possible.
Micka, a tech-savvy employee, tried to upgrade her computer from Windows 7 to Windows 10 from the internet. Something went wrong during the upgrade, and Micka's computer will no longer boot to Windows. She has brought her computer to the IT department for you to repair. You have tried to repair the computer, but you are unable to get it to boot to Windows. Which of the following methods would be the QUICKEST way to get Micka's computer back to its original Windows 7 operating system?
Restore her system using the recovery partition. The recovery partition contains a Windows 7 factory image as it came fresh from the factory, including all of the correct drivers for its devices. Her system can be recovered using this partition, but all of her data will be lost. Since the original installation of Windows 7 was corrupted during the upgrade process, trying to do an upgrade from the source DVD will not detect the old operating system, and it will fail. The Windows Automated Installation Kit (AIK) for Windows 7 helps you to install and customize the Microsoft Windows 7 operating systems, but would take more time to download and manually install than restoring the image from the recovery partition. Reinstalling Windows using the DVD or an external flash drive would be time-consuming and may require additional steps to download and install the drivers required.
An administrator configures the Time Machine application on Mac OS computers and develops scripts that use the tar command on Linux computers. Which of the following best practices is the administrator following?
Scheduled backups The Time Machine application on Mac OS computers and the tar command in Linux are used for backups. While Time Machine and tar can be used to restore disk files, scheduled disk maintenance is usually performed to maintain disk and filesystem integrity. Patch management involves updating operating systems and applications, not performing backups. Driver/firmware updates involves updating the middleware that interfaces with internal and external devices, not performing backups.
You're troubleshooting a computer that runs Windows 10. The operating system has halted and a blue screen is displayed on the monitor with an error message. What is the first step you should take to troubleshoot the issue?
Search for the error in Microsoft's knowledge base or using an internet search engine. The first thing you should do when a Blue Screen of Death is displayed is identify the source of the error by searching for the error text message in Microsoft's knowledgebase or across the internet in general using a search engine such as Google. This will help you identify what is causing the problem so you can troubleshoot it.
A security incident is currently occurring on the company network. You discover that the attack involves a computer system that is attached to the network. You're unsure what kind of damage is being done to the network systems or data. Which of the following actions should you take FIRST?
Stop the attack and contain the damage by disconnecting the system from the network. The first step in responding to an incident should be to take actions to stop the attack and contain the damage. If the attack involves a computer system attached to the network, the first step might be to disconnect it from the network. Although you want to preserve as much information as possible to assist in later investigations, it is better to stop the attack, even if doing so alerts the attacker or results in the loss of evidence regarding the attack. After containing the damage, subsequent steps you can take include, but are not limited to, the following: *Examine the active computer system to analyze the live network connection, memory contents, and running programs. *Document and photograph the entire scene of the crime, including the current state of the attached computer system. *Determine whether you have the expertise to conduct an investigation, or whether you need to call in additional help.
You want to perform a Windows update on your Windows 10 computer. Before doing so, you want to make sure you can easily go back to the state it was in prior to the update. Which of the following Control Panel utilities is BEST to enable and use prior to the update?
System protection System protection provides full control over your System Restore operations. In Windows 10, System Protection is disabled by default. Before you perform the Windows update, you should enable this feature. Once enabled, Windows will automatically create restore points when system changes are made. However, it may be best to create the first restore point manually. If, for some reason, your Windows system is not functioning properly after the update, you can use this feature to restore your system back to the restore point created prior to the upgrade. Program and Features lets you view the programs installed on your computer and, if needed, uninstall, change, or repair an application. It cannot be used to create or use restore points. Performance lets you adjust settings to use for the appearance and performance of Windows. It also lets you configure some advanced settings, such as configuring virtual memory. It cannot be used to create or use restore points. View hidden files will let you see and work with files that are normally hidden. It cannot be used to create or use restore points.
You would like to run an application on your Windows workstation every Monday at 3:00 p.m. Which tool would you use to configure the application to run automatically?
Task Scheduler The Task Scheduler is a tool that you can use to automatically start an application or run a script based on events. Triggers identify conditions that start the task. Triggers include day and time, logon, and system events. Common tasks that are scheduled to run at regular intervals include backups, system virus scans, and system updates. Use the Services console to view and manage services on your computer. Use the Msconfig utility to customize the way the Windows system boots.
You are an IT technician for your company. One of your employees calls and tells you that every time they turn their computer on, they hear three beeps. Which of the following BEST describes an accurate reply to this employee?
Three repeated beeps may mean different things. First, we need to check the motherboard documentation. Every time the PC boots, it runs a power-on self-test, or a POST. POST checks to make sure that all of the basic hardware in your system is present and functioning at boot time, such as the system memory, keyboard, CPU, chipset, and so on. If the PC finds a problem during POST, an error is registered. How this error is reported depends on the motherboard manufacturer. Since each motherboard may have a different meaning for three beeps, you should first check the motherboard's documentation before proceeding further. Each of the other options may be the issue, but without checking the documentation, you cannot be sure.
You are responsible for disposing of several old workstations formerly used by accountants in your organization's Finance department. Before being shipped to a computer recycler, you decide to make sure any old data on the hard drives is erased. To do this, you use the Windows XP Installation CDs that came with these systems to delete all partitions from the hard drives. Which of the following BEST describes what needs to be done before the systems are ready to be recycled?
Use disk wiping software to fully erase the drives on the systems. You should use disk wiping software to fully erase the drives. The problem here is that partitioning and even reformatting doesn't completely remove old data from the drive. Data could potentially be recovered from the drive. To keep this from happening, you should use disk wiping software to erase the drive and write random characters multiple times to the drive to completely destroy any old data.
Recently, a Windows 10 update was automatically downloaded and installed on your Windows 10 system. After you install the update, your contact manager database application no longer works correctly. You want to uninstall the latest updates to see if the application starts working again. Click the option you would use in the Settings app to do this.
View your update history If you select the View Your Update History option in the Settings app, you can view a list of Windows updates that have been installed on your system. You also are presented with the option to uninstall an update.
Which of the following is another name for the paging file?
Virtual memory A paging (swap) file on a storage device is sometimes called virtual memory because it mimics real memory (though at a much slower speed). The process of moving data from RAM to disk (and back) is known as swapping or paging. Random access memory (RAM) is used as a temporary data storage location and is called physical memory. The terms extended and upper memory refer to memory above the first megabyte of address space in PC systems with older processors.
