CompTIA A+ Solutions 7-11

You are developing a Bash script to test whether a given host is up. Users will run the script in the following format: ./ping.sh 192.168.1.1 Within the code, what identifier can you use to refer to the IP address passed to the script as an argument?

$1 will refer to the first positional argument.

You are auditing a file system for the presence of any unauthorized Windows shell script files. Which three extensions should you scan for?

.PS1 for PowerShell scripts, .VBS for VBScript, an .BAT or cmd batch files.

A company wants to minimize the number of devices and mobile OS versions that it must support but allow use if a device by employees for personal email and social networking. What mobile deployment model is the best fit for these requirements?

Corporate owned, personally enabled (COPE) will allow standarization to a single device and OS. As the requirement does not specify a single device and OS, choose your own device (CYOD) would also fit.

You are completing a checklist of security features for workstation deployments. Following the CompTIA A+ objective what additional item should you add to the following list, and what recommendation for a built-in Windows feature or features can you recommend be used to implement it? - Password best practices - End-user best practices - Account management - Change default administrator's user account/password - Disable AutoRun/AutoPlay - Enable Windows Update, Windows Defender Antivirus, and Windows Defender Firewall

Data-at-rest encryption. In Windows, this can be configured at file level via the Encrypting File System (EFS) or at disk level via BitLocker.

When you arrive at a customer location to service a network printer, the user is upset because the printer is not working and therefore he cannot submit his reports on time. How should you approach this user?

Demonstrate empathy with the customer's situation, use active listening skills to show that you understand the importance of the issue, and make the customer confident that you can help. Then use closed-questioning techniques to start to diagnose the problem.

You are assisting with the configuration of MDM software. One concern is to deny access to devices that might be able to run apps that could be used to circumvent the access controls enforced by MDM. What types of configurations are of concern?

Devices that are jailbroken or rooted allow the owner account complete control. Devices that allow app installation of apps from untrusted sources, such as sideloading APK packages or via developer mode could also have weakened permissions.

Why are the actions of a first responder critical in the context of a forensic investigation?

Digital evidence is difficult to capture in a form that demonstrates that it has not been tampered with. Documentation of the scene and proper procedures are crucial.

You are reviewing a secure deployment checklist for home router wireless configuration. Following the CompTIA A+ objectives, what additional setting should be considered along with the following four settings? - Changing the service set identifier (SSID) - Disabling SSID broadcast - Encryption setting s - Changing channels

Disabling guest access. It might be appropriate to allow a guest network depending on the circumstances, but the general principle that services and access methods that are not required should be disabled.

You are working on the training documentation for help-desk agents. What should you include for dealing with difficult situations?

Do not argue with customers and/or be defensive. Avoid dismissing customer problems, and do not be judgmental. Try to calm the customer and move the support call toward positive troubleshooting diagnosis and activity, emphasizing a collaborative approach. Do not disclose experience via social media outlets.

In which atmospheric conditions is the risk of ESD highest?

During cool, dry conditions when humidity is low. hen humidity is high, the static electricity can dissipate through the moisture present in the air.

True or false. TKIP represents the best available wireless encryption and should be configured in place of AES if supported.

False. Advance Encryption Standard (AES) provides stronger encryption and is enabled by selecting Wi-Fi Protected Access (WPA) version 2 with AES/CCMP or WPA3 encryption mode. The Temporal Key Integrity Protocol (TKIP) attempts to fix problems with the older RC4 cipher used by the first version of WPA. TKIP and WPA1 are now deprecated.

True or false? Updates are not necessary for iOS devices because the OS is closed source.

False. Closed source just means the vendor controls development of the OS. It is still subject to updates to fix problems and introduce new features.

True or false? Using a browser's incognito mode will prevent sites from recording the user's IP address.

False. Incognito mode can prevent the use of cookies but cannot conceal the user's source IP address. You do not need to include this in your answer, but the main way to conceal the source IP address is to connect to sites via a virtual private network (VPN)

True or false? A factory reset preserves the user's personal data.

False. Restoring to factory settings means removing all user data and settings.

What two types of biometric authentication mechanism are supported on smartphones?

Fingerprint recognition and facial recognition

You receive a support call from a user who is "stuck" on a web page. She is trying to use the Back button to return to her search results, but the page just displays again with a pop-up message. Is her computer infected with malware?

If it inly occurs on certain sites, it is probably part of the site design. A script running on the site can prevent use of the Back button. It could also be a sign of adware or spyware though, so it would be safest to scan the computer using up-to-date anti-malware software.

Why might a PC infected with malware display no obvious symptoms?

If the malware is used with the intent to steal information or record behavior, it will not try to make its presence obvious. A rootkit may be very hard to detect even when a rigorous investigation is made.

Advanced malware can operate covertly with no easily detectable symptoms that cab be obtained by scanning the device itself. What other type of symptom could provide evidence of compromise in this scenario?

Leaked data files or personal information such as passowrds.

You are updating data handling guidance to help employees recognize different types of regulated data. What examples could you add to help identify healthcare data?

Personal healthcare data is medical records, insurance forms, hospital/laboratory test results, and so on. Healthcare information is also present in de-identified or anonymized data sets.

What type of account management policy can protect against password-guessing attacks?

A lockout policy disables the account after a number of incorrect sign-in attempts.

When might you need to consult MSDS documentation?

A material safety data sheet (MSDS) should be read when introducing a new product or substance to the workplace. Subsequently, you should consult it if there is an accident involving the substance and when you need to dispose of the substance.

A threat actor crafts an email addressed to a senior support technician and part-time football coach inviting him to register for free football coaching advice. The website contains password-stealing malware. What is the name of this type of attack?

A phishing attack tries to make users authenticate with a fake resource, such as a website. Phishing emails are often sent in mass as spam. This is variant of phishing called spear phishing because it is specifically targeted at a single person, using personal information known about the subject (his or her football-coaching volunteer work)

What role do barcodes play in managing inventory?

An inventory is a list of assets stored as database records. You must be able to correlate each physical device with an asset record by labeling it. A barcode label is a good way of doing this.

Katie works in a high-security government facility. When she comes to work in the morning, she places her hand on a scanning device installed at a turnstile in the building lobby. The scanner reads her palmprint and compares it to a master record of her palmprint in a database to verify her identity. What type of security control is this?

Biometric authentication deployed as part of a building's entry-control system.

A threat actor recovers some documents via dumpster diving and learns that the system policy causes passwords to be configured with a random mix of different characters that are only five characters in length. To what type of password cracking attack is this vulnerable?

Brute force attacks are effective against short passwords. Dictionary attacks depend on users choosing ordinary words or phrases in a password.

Why is DNS configuration a step in the malware remediation process?

Compromising domain-name resolution is a very effective means of redirecting users to malicious websites. Following malware infection, it is important to ensure that DNS is being performed by valid servers.

Users working from home need to be able to access a PC on the corporate network via RDP. What technology will enable this without having to open the RDP port to Internet access?

Configure a virtual private network (VPN) so that remote users can connect to the corporate LAN and then launch the remote desktop protocol (RDP) client to connect to the office PC.

You are developing a script to scan server hosts to discover which ports are open and to identify which server software is operating the port. what considerations should you make before deploying this script?

While the risk is low, scanning activity could cause problems with the target and possibly even crash it. test the script in sandbox environment before deploying it. Security software might block the operation of this script, and there is some risk from the script, or its output being misused. Make sure that use of the script and its output are subject to access controls and that any system reconfiguration is properly change-managed.

What does chain-of-custody documentation prove?

Who has had access to evidence collected from a crime scene and where and how it has been stored.

The marketing department has refitted a kitchen area and provisioned several smart appliances for employe use. Should the IT department have been consulted first?

Yes. Uncontrolled deployment of network-enabled devices is referred as shadow IT. The devices could increase the network attack surface and expose it to vulnerabilities. The devices must be deployed in a secure configuration and monitored for security advisories and updates.

True or false? You should fit an antistatic wrist strap over your clothing as this is most likely to retain a charge.

false. The conductive path will occur through your fingers as you touch electronic components. The stud in the wrist strap must make contact with your skin to drain the charge.

You are joining a new startup business that will perform outsourced IT management for client firms. You have been asked to identify an appropriate software solution for off-site support and to ensure that service level agreement (SLA) metrics for downtime incidents are adhered to. What general class of remote access technology will be most suitable?

Remote monitoring and management (RMM) tools are principally designed for use by managed service providers (MSPs). As well as remote access and monitoring, this class of tools supports management of multiple client accounts and billing/reporting.

You are troubleshooting a print problem. which turned out to be caused by user error. The user is not confident that the problem is solved and wants more reassurance. You have already explained what the user was doing wrong in some detail. what should you do?

Run through the print process step-by-step to show that it works. It is very important to get a customer's acceptance that a problem is closed.

You are assisting with the design of a new campus building for a multinational firm. On the recommendation of a security consultant, the architect has added closely spaced sculpted stone posts with reinforced steel cores that surround the area between the building entrance and the street. At the most recent client meeting, the building owner has queried the cost of these. Can you explain their purpose?

These bollards are designed to prevent vehicles from crashing into the building lobby as part of a terrorist of criminal attack. The security consultant should only recommend the control if the risk of this type of attacks justifies the expense.

What are the principles characteristics of a surge protector?

This is a circuit designed to protect connected deices from the effect of sudden increases or spikes in the supply voltage and/or current. Surge protectors are rated by clamping voltage, joules rating, and amperage.

You discover that a threat actor has been able to harvest credential from some visitors connecting to the company's wireless network from the lobby. The visitors had connected to a network named "Internet" and were presented with a web page requesting an email address and password to enable guest access. The company's access point had been disconnected from the cabled network. What type of attack has been perpetrated?

This is an evil twin attack where the threat actor uses social engineering techniques to persuade users to connect to an access point that spoofs a legitimate guest network service.

A user reports that a new device is not sustaining a battery charge for more than a couple of hours. What type of malware could this be a symptom of?

This is most characteristic of cryptomining malware as that explicitly hijacks the compute resources of a device to perform the intensive calculations required to mint blockchain currency.

You are writing a proposal to improve a company's current support procedures with a ticketing system. You have identified the following requirements for information that each ticket should capture. Following the CompTIA A+ objectives, what additional field or data point should be captured? - User information - Device information - Problem description/Progress notes/Problem resolution - Categories - Escalation levels

This list contains no means of recording the severity of the ticket. This field is important for prioritizing issues.

True or false? You can configure a web server running on Linux to accept remote terminal connections from clients without using passwords.

True. This can be configured using public key authorization with Secure Shell (SSH) protocol. The server can be installed with the public keys of authorized users.

True or false? WPA3 personal mode is configured by selecting shared between all users who are permitted to connect to the network.

True. WPA3-Perosnal uses group authentication via a shared passphrase. The simultaneous authentication of equals (SAE) mechanism by which this passphrase is sued to generate network encryption keys is improved compared to the older WPA2 protocol, however.

You are developing a script to ensure that the M: drive is map consistently to the same network folder on all client workstations. What type of construct might you use to ensure the script runs without errors?

Use a conditional block to check for an existing mapping and remove it before applying the correct mapping.

You are updating an internal support knowledge base with advice for troubleshooting mobile devices. What is the first step to take if a user reports that an app will not start?

Use force stop if available and/or reboot the device

Your organization is donating workstations to a local college. The workstations have a mix of HDD and SSD fixed disks. There is a proposal to use a Windows boot disk to delete the partition information for each disk. What factors must be considered before proceeding with this method?

Using standard formatting tools will leave data remnants that could be recovered in some circumstances. This might not be considered high risk, but it would be safer to use a vendor low-level format tool with support for Secure Erase or Crypto Erase.

You are updating a procedure that lists security considerations for remote access technologies. One of the precautions is to check that remote access ports have not been opened on the firewall without authorization. Which default port for VNC needs to be monitored?

Virtual Network Computing (VNC) uses TCP port 5900 by default.

For which backup/restore issue is a cloud-based backup service an effective solution?

The issue of provisioning an off-site copy of a backup. Cloud storage can provide extra capacity.

What care should you take when lifting a heavy object?

The main concern is damaging your back. Lift slowly and use your legs for power, not your back muscles.

A company must deploy custom browser software to employees' workstations. What method can be used to validate the download and installation of this custom software?

The package can be signed using a developer certificate issued by a trust certificate authority. Alternatively, a cryptographic hash of the installer can be made, and this value can be given to each support technician. When installing the software, the technician can make his or her own hash of the download installer and compare it to the reference hash.

What type of cryptographic key is delivered in a digital certificate?

A digital certificate is a wrapper for a subject's public key. The public and private keys in an asymmetric cipher are paired. If one key is used to encrypt a message, only the other key can then decrypt it.

What is the purpose of a KB?

A knowledge base (KB) is a reference to assist with installing, configuring, and troubleshooting hardware and software. KBs might be created by vendors to support their products. A company might also create an internal KB, populated with guidelines, procedures, information from service tickets, and answers to frequently asked questions (FAQs).

The building will house a number of servers contained within a secure room and network racks. You have recommended that the provisioning requirement includes key-operated chassis faceplates. What threats will this mitigate?

A lockable faceplate controls who can access the power button, eternal ports, and internal components. This mitigates the risk of someone gaining access to the server room via social engineering. It also mitigates risks from insider threat by rouge administrators, though to a lesser extent (each request for a chassis key would need to be approved and logged).

What backup issue does the synthetic job type address?

A synthetic full backup reduces data transfer requirements and, therefore, backup job time by synthesizing a full backup from previous incremental backups rather than directly from the source data.

In AAA architecture, what type of device might a RADIUS client be?

AAA refers to Authentication, Authorization, and Accounting and the Remote Access Dial-in User Service (RADIUS) protocol is one way of implementing this architecture. The RADIUS server is positioned on the internal network and processes authentication and authorization requests. The RADIUS client is the access point, and it must be configured with the IP address of the server plus a shared secret passphrase. The access point forwards authentication traffic between the end-user and the RADIUS server but cannot inspect the traffic.

You are trying to troubleshoot a problem over the phone and need to get advice form your manager. How should you handle this with the customer?

Advise the customer that you will put him or her on hold whole you speak to someone else, or arrange to call the customer back.

Confidentiality and integrity are two important properties of information stored in a secure retrieval system. What is the third property?

Availability information that is inaccessible is not of much use to authorized users. For example, a secure system must protect against denial of service (DoS) attacks.

You have selected a secure location for a new home router, changed the default password, and verified then WAN IP address and Internet link. What next step should you perform before configuring wireless settings?

Check for a firmware update. Using the latest firmware is important to mitigate risks form software vulnerabilities.

You are troubleshooting a user device that keeps powering off unexpectedly. You run hardware diagnostics and confirm there is not component fault or overheating issue. What should your next troubleshooting step be?

Check that the device has sufficient spare storage, and check for updates. If you can't identify a device-wide fault, test to see whether the issue is associated with use of a single app.

What two factors must a user present to authenticate to a wireless network secured using EAP-TLS?

Extensible Authentication Protocol (EAP) allows for different types of mechanisms and credentials. The Transport Layer Security (TLS) method uses digital certificates installed on both the server and the wireless station. The station must use its private key and its certificate to perform a handshake with the server. This is one factor. The user must authenticate to the device to allow use of this private key. This device authentication via a password, PIN, or bio gesture is the second factor.

True or false? An organization should rely on automatic screen savers to prevent lunchtime attacks.

False. A lunchtime attack is where a threat actor gains access to a signed-in user account because the desktop has not locked. While an automatic screensaver lock provides some protection, there may still be a window of opportunity for a threat actor between the user leaving the workstation unattended and the screensaver activating. Users must lock the workstation manually when leaving it unattended.

True or false? The level of risk from zero-day attacks is only significant with respect to EOL systems.

False. A zero-day is a vulnerability that is unknown to the product vendor and means that not patch is available to mitigate it. This can affect currently supported as well as unsupported end-of-life (EOL) systems. The main difference is that there is good chance of a patch being developed if the system is still supported, but almost no chance if it is EOL.

You are updating a deployment checklist for installing new workstation PCs. What are the principal environmental hazards to consider when choosing a location?

Heat and direct sunlight, excessive dust and liquids, and very low or high humidity. Equipment should also be installed so as not to pose a topple or trip hazard.

Early in the day, a user called the help desk saying that his computer is running slowly and freezing up. Shortly after this user called, other help desk technicians who overheard your call also received calls from users who report similar symptoms. Is this likely to be a malware infection?

It is certainly possible. Software updates are often applied when a computer is started in the morning, so that is another potential cause, but you should investigate and log a warning so that all support staff are alerted. it is very difficult to categorize malware when the only symptom is performance issues. However, performance issues could be a result of a badly written Trojan, or a Trojan/backdoor application might be using maliciously.

You are documenting workstation backup and recovery methods and want to include the 3-2-1 backup rule. What is this rule?

It states that you should have three copies of your data across two media types, with one copy held offline and off site. The production data counts as one copy.

Another user calls to say he is trying to sign-on to his online banking service, but the browser reports that the certificate is invalid. Should the bank update its certificate, or do you suspect another cause?

It would be highly unlikely for a commercial bank to allow its website certificates to run out of date or otherwise be misconfigured. You should strongly suspect redirection by malware or a phishing/pharming scam.

A security consultant has recommended blocking end-user access to the chrome://flags browser page. Does this prevent a user from changing any browser settings?

No. The chrome://flags page is for advanced configuration settings. General user, security, and privacy settings are configured via chrome://settings.

An employee has a private license for a graphics editing application that was bundled with the purchase of a digital camera. the employee needs to use this temporarily for a project and installs it on her computer at work. Is this a valid use of the license?

No. The license is likely to permit installation to only one computer a time. It might or might not prohibit commercial use, but regardless of the license terms, any installation of software must be managed by the It department.

A different user wants to configure a multiplayer game server by using the DMZ feature of the router. Is this the best configuration option?

Probably not. Using a home router's "demilitarized zone" or DMZ host option forwards traffic for all ports not covered by specific port-forwading rules to the host. Is it possible to achieve a secure configuration with this option by blocking unauthorized ports and protecting the host using a personal firewall, but using specific port-forwarding/mapping rules is better practice. The most secure solution is to isolate the game server in a screened subnet so that is separated from other LAN hosts, but this typically requires multiple router/firewalls.

You are assisting with the development of end-user security awareness documentation. What is the difference between tailgating and shoulder surfing?

Tailgating means following someone else through a door or gateway to enter premises without authorization. Shoulder surfing means covertly observing someone type a PIN or password or other confidential data.

A security consultant has recommended more frequent monitoring of the antivirus software on workstations. What sort of checks should this monitoring perform?

That the antivirus is enabled, is up to date with scan engine components and definitions, and has only authorized exclusions configured.

What primary indicator must be verified in the browser before using a web form?

That the browser address bar displays the lock ion to indicate that the site uses a trusted certificate. This validates the site identity and protects information submitted via the form from the interception.

You are assisting a user with setting up Internet access to a web server on a home network. you want to configure a DHCP reservation to set the web server's IP address, allow external clients to connect to the secure port TCP/443, but configure the web server to listen on port TCP/8080. Is this configuration possible on a typical home router?

Yes. You need to configure a port-mapping rule so that the router takes requests arriving at its WAN IP for TCP/443 and forwards them to the server's IP address on TCP/8080. Using a known IP address for the server by configuring a Dynamic Host Configuration Protocol (DHCP) reservation simplifies this configuration. The home router's DHCP server must be configured with the media access control (MAC) address or hardware identifier of the web server.

What are the two main types of network topology diagram?

You can create diagrams to show the physical topology or the logical topology. The physical topology shows how nodes are connected by cabling. The logical shows IP addresses and subnets/VLANs. There are lots of other types of network topology diagrams, of course, but physical and logical are the two basic distinctions you can make. It is best practice not to try to create a diagram that shows both as this is likely to reduce clarity.

What frequent tests should you perform to ensure the integrity of backup settings and media?

You can perform a test restore and validate the files. You can run an integrity check on the media by using, for example, chkdsk on a hard drive used for backup. Backup software can often be configured to perform an integrity check on each file during a backup operation. You can also perform an audit of files included in a backup against a list of source files to ensure that everything has been included.

You want to execute a block of statements based on the contents of an inventory list. What type of code construct is best suited to this task?

You can use any type of loop to iterate through the items in a list or collection, but a For loop is probably the simplest.

Why might you need to use a virus encyclopedia?

You might need to verify symptoms of infection. Also, if a virus cannot be removed automatically, you might want to find a manual removal method. You might also want to identify the consequences of infection—whether the virus might have stolen passwords, and so on.

The contract ended recently for several workers who were hired for a specific project. The IT department has not yet removed those employees' login accounts. It appears that one of the accounts has been used to access the network, and a rootkit was installed on a server. You immediately contact the agency the employee was hired through and learn that the employee is out of the country, so it is unlikely that this person caused the problem. What actions do you need to take?

You need to create an incident report, remove or disable the login accounts, isolate the infected server and possibly any user computers that communicate with the server, and remove the rootkit from the server. In terms of wider security policies, investigate why the temporary accounts were not disabled on completion off the project.