CompTIA A+ 220-1102 (Core 2) Domain 4: Operational Procedures

Which of the following are true about a policy? (Select two.) Answer Defines when the work should be completed. Defines who should complete the work. Identifies the problem, such as why action is needed and which action should be taken. Defines a desired outcome and outlines how that outcome should be met. Explains which action should be taken. Includes rules that have been set by an organization to address a particular problem or concern.

--Includes rules that have been set by an organization to address a particular problem or concern --identifies the problem, such as why action is needed and which action should be taken.

Which of the following BEST describes a Security Policy? Answer A document that outlines how long a password should be and which characters can be used in the password. A document that outlines who has access to company resources. A document that defines how often backups should run and where they should be saved. A document or collection of documents that provide information about an organization's network security.

A document or collection of documents that provide information about an organization's network security.

Which of the following policies defines who has access to which company resources and explains any restrictions that have been set for their use? Answer Physical Security Policy Standard Operating Procedure (SOP) Bring Your Own Device (BYOD) Policy Acceptable Use Policy (AUP)

Acceptable Use Policy (AUP)

Which of the following is the process of tracking and managing an organization's assets? Answer Asset management Deployment Decommissioning Procurement

Asset management

Which part of the change management process specifies how you will return affected systems to their original state if your implementation fails? Answer Backout plan Scope Purpose Risk analysis

Backout plan

You are filling out a change order form. Toward its end, you explain how you will return affected hardware and software to its original state if the change fails. What is this plan called? Answer Rollback plan System image plan Risk analysis Backout plan

Backout plan

You plan on including Employee Education and Awareness Policy training for all new employees. As part of that training, which of the following should you instruct your employees NOT to do as part of company procedures? (Select three.) Answer Access restricted areas in the company building. Become familiar with the company Security Policy. Respond to social engineering attacks. Connect unauthorized devices. Bring your own devices to work. Click on links in a phishing email. Install software on their company laptops.

Click on links in a phishing email. Respond to social engineering attacks. Connect unauthorized devices.

Which of the following are information assets? (Select two.) Answer Routers Files Support services Firewalls Databases

Databases & Files

Jason is a system administrator for a hospital. As part of his role, he helps to maintain all devices in the hospital that connect to the internet (IoT devices). Recently, the hospital has purchase some new heart-rate monitoring devices that are IoT-enabled. Jason needs to add the devices to the inventory management database. Which of the following is the asset management phase that Jason is currently involved with? Answer Deployment Operations Priority Procurement

Deployment

Candace is a purchasing manager for a large metropolitan hospital and is responsible for making purchasing decisions for millions of dollars worth of equipment each year. The hospital board has recently decided that many of the older hospital devices need to be upgraded to IoMT (Internet of Medical Things) equipment to become more efficient and effective in their procedures. Candace has decided to start by ordering new IoMT heart-monitoring devices that track a patient's heart information remotely. She immediately talked to her equipment sales representative and ordered several new IoMT heart-monitoring devices. However, after deploying them, she finds that they do not provide all the data that nurses and doctors were expecting. Which of the following steps did Candance fail to complete during the asset management Procurement phase that led to this issue? Answer Negotiate with the supplier Obtain a list of suppliers Finalize the purchase order Determine goods and services required

Determine goods and services required

Which of the following are procedures that should be included when offboarding (ending a relationship with) an employee? (Select two.) Answer Have the employee sign a Non-Disclosure Agreement. Disable electronic access for the employee. Collect physical access items from the employee. Review the Acceptable Use Policy (AUP) with the employee. Make sure the employee has access to the company's knowledge base.

Disable electronic access for the employee. Collect physical access items from the employee.

Aaron is a system administrator for a school district and has been assigned to maintain and decommission computer equipment throughout the district schools. He has been assigned to review all the workstations currently being used by the administrative staff at the district and school levels to determine if they need to be replaced or upgraded to meet current administrative requirements. He decides to replace the workstations with new equipment, decommission the existing computers, and sell them to the public as surplus. After selling several of the decommissioned computers, a local paper publishes an article about financial corruption in the school district with documentation to prove the accusations. Which of the following steps in the Decommissioning process did Aaron fail to do that might have BEST prevented this situation? Answer Remove the workstations from the asset management database. Determine whether the workstations should have been destroyed or disposed of properly in the trash. Remove the workstations from the production network. Ensure that any sensitive or proprietary information was permanently removed from the workstations before selling them to the public.

Ensure that any sensitive or proprietary information was permanently removed from the workstations before selling them to the public.

Your organization has expanded into an adjacent office. You have been tasked with laying cables to connect the new space with the existing space. Which document should you look at to ensure that there will be no interference or damage to the cables from existing infrastructure? Answer Knowledge base Floor plan Physical security diagram Network topology diagram

Floor plan

Which issue resolution status in a ticketing system indicates that a ticket has been assigned and that an individual is working on resolving that issue? Answer In-progress Solved Closed Open

In-progress

Where could a company employee find out how to reset a password or change their voicemail message? Answer Bring Your Own Device (BYOD) Policy Security Policy Acceptable Use Policy (AUP) Knowledge base

Knowledge base

Anna is an account rep for a financial firm and has submitted a ticket in the company ticketing system to resolve an issue with a high-profile customer's account. The account is frequently losing important financial transactions. She has filled out the following information on the ticket: Customer's name and contact information Relevant problem information After waiting three days, the ticket is assigned to a tier-two support operator and set to an in-progress status. In addition, the operator sends the ticket back to Anna with a request for information about her work computer. She is frustrated because a resolution to the issue is not being addressed. SOLUTION: Anna adds additional information in the ticket description about the importance of resolving the issue immediately. She also includes the make and model of her work computer and then sends the ticket back to the support operator. Drag Yes Drop Does this action provide what the support operator needs to help resolve the ticketing system issue?

NO

You are an information security specialist in charge of developing and implementing security measures for your company. You are currently working with the company's IT system administrator to make sure that all policies and procedures meet city, state, and industry regulations. You have noted that employees often allow coworkers into restricted areas who may not have authorized access. In addition, employees often work from home using company laptops that are often unsecure and frequently contain sensitive company data on the local hard drive. SOLUTION: You update the Acceptable Use Policy (AUP) to clearly state that only authorized employees can access restricted areas with a proper key fob (no tailgating), along with any penalties for non-compliance. To address the laptop security issue, you work with the IT system administrator to update the network diagram and inform employees of the changes to help secure their laptops. Drag Yes No Drop Does this solution provide a reasonable approach for addressing the security area and work-from-home issues?

No

During which asset management phase would you perform maintenance tasks, such as installing updates and patches or upgrading a hard drive? Answer Deployment Operations Decommissioning Procurement

Operations

During which asset management phase would you consider whether an asset would replace an existing one and whether it will have any impact on the existing network and users? Answer Deployment Operations Decommissioning Procurement

Procurement

Which documents are generally finished and approved before a project begins? (Select three.) Answer Risk Assessment Slide presentation Analysis spreadsheet Budget Customer acceptance checklist Change order form Project plan

Project plan Risk Assessment Budget

You work for a company that provides payroll automation software to its clients. You are creating a program that will automate payroll tasks for small businesses with few employees. You are on track to meet your deadline for the project, and you anticipate having a lot of money leftover in the project budget. Mid-project, you receive a call from the human resources manager at MakeStuff, a company that will use the small-business payroll software. The manager informs you that MakeStuff has decided to offer its employees a 401k investment option and asks whether the small-business payroll program can automatically manage 401k investments. Currently, the project plan does not include that function, but you believe making the addition would be valuable to your business. You are worried about requesting permission to add this functionality for two reasons. First, the deadline for this project is very close, and it cannot be moved. Second, you have created software that automates flexible savings account management, but you haven't automated 401k investments before, and you know they are more complicated. You must fill out a change order form to request this change. Select the best option for each portion of the form. Purpose of Change Scope of Change Plan for Change Risk Analysis Backout Plan

Purpose of Change--To provide every client using the software the functionality to automate 401k management. Scope of Change--Add 401k management to the payroll software. Plan for Change--Request to hire contractors to implement 401k management. Risk Analysis--Using contractors could result in going over budget if there are problems with the project. Backout Plan--Back up the program and data before adding the new feature.

Arrange the standard change order form information on the left in its standard presentation order on the right. (Not every answer will be used.) Risk analysis Proposal to the CEO Explanation of changes already made Backout plan Scope of the change Purpose of the change Proposal to the customer Change board membership

Purpose of the change Scope of the change Risk analysis Backout plan

Which of the following occurs during asset deployment? Answer Recording of asset tag information Deciding which assets to replace Finding out how much an asset will cost Applying updates and patches

Recording of asset tag information

You need to find out which kind of laws might apply to your network's operations. Which document type would you consult? Answer Standard Operating Procedure (SOP) Procedure Regulation Policy

Regulation

Jason is a sales rep with a computer company that sells customized laptops to the public. He is opening a ticket to help resolve a customer issue with a malfunctioning laptop, which was purchased by an important customer who is relying on the laptop to complete a critical project. Which of the following items in the ticket can Jason use to help the support team immediately determine the time sensitivity of resolving this issue? Answer Detailed issue description Tier assignment Department assignment Severity level

Severity level

Which issue resolution status in a ticketing system indicates that an issue has been fixed and is awaiting customer acknowledgement? Answer Open In-progress Closed: Solved

Solved

You are responsible for updating your company's onboard training for all new employees. Which of the following items are important to include in that training? (Select three.) Answer The procedure for closing user accounts The process for reporting suspicious behavior The Security Policy The Data Backup Policy The help desk's contact information The network diagram The User Education and Awareness Policy

The Security Policy- The help desk's contact information- The process for reporting suspicious behavior

Jared, an employee in Human Resources, left the company two months ago as part of a company downsizing initiative. A new Human Resources VP is now running the department and has re-hired Jared to work as a manager in Human Resources. As a new IT system administrator for the company, you have been assigned to re-establish all of Jared's accounts, including network accounts, email, software, and VPN access. However, you discover that no accounts exist for Jared. What should have been done during Jared's offboarding process to make sure his accounts were still available for a period of time? Answer The accounts should have been deleted, but not removed from the trash. The account passwords should have been changed. The accounts should have been left in place for a required period of time. The accounts should have been disabled instead of deleted.

The accounts should have been disabled instead of deleted.

Which of the following are included in a network topology diagram? (Select two.) Answer A layout of server racks, cooling, and air circulation systems. A layout of all plumbing and HVAC components. The location and IP addresses of hubs, switches, routers, and firewalls. The relationship between remote locations and the WAN links that connect them. A layout of all electrical wiring and components.

The location and IP addresses of hubs, switches, routers, and firewalls. The relationship between remote locations and the WAN links that connect them.

Which of the following BEST describes the primary role of Tier 1 support operators? Answer They solve issues behind the scenes and handle the most complex situations. They gather information about a problem and perform basic troubleshooting. They track the progress of and open and close tickets. They use their specialized training and experience with the organization to help resolve an issue.

They gather information about a problem and perform basic troubleshooting

Which of the following is used to identify and record technical issues, manage their progress, and verify full resolution? Answer Change management Inventory management database Support systems Ticketing system

Ticketing system

Which document outlines how to communicate standards, procedures, and baselines that help an employee perform their job safely and effectively? Answer Acceptable Use Policy (AUP) Bring Your Own Device (BYOD) Policy Security Policy User Education and Awareness Policy

User Education and Awareness Policy

You are an information security specialist in charge of developing and implementing security measures for your company. You are currently working with the company's IT system administrator to make sure that all policies and procedures meet city, state, and industry regulations. You have noted that employees often allow coworkers into restricted areas who may not have authorized access. In addition, employees often work from home using company laptops that are often unsecure and frequently contain sensitive company data on the local hard drive. SOLUTION: You update the Physical Security Policy to clearly state that only authorized employees can access restricted areas with a proper key fob (no tailgating), along with any penalties for non-compliance. You also work with Human Resources to develop a user education and awareness policy that includes security training. To address the laptop security issue, you work with the IT system administrator to develop a splash screen (which is pushed out to all company laptops) reminding employees to lock their laptop screens when leaving their laptops in an unsecure area. Drag Yes No Drop Does this solution provide a reasonable approach for addressing the security area and work-from-home issues?

Yes