Practices Test Notes
What type of malicious application does not require user intervention or another application to act as a host to replicate?
Worm A worm is a self-replicating type of malware that does not require user intervention or another application to act as a host for it to replicate. Viruses and Macros require user intervention to spread, and Trojans are hosted within another application that appears harmless.
Dion Training uses DHCP to assign private Class C IP addresses to its Windows 10 workstations. Which of the following IP addresses is a Class C address?
192.168.3.5 Classes of IP Class A: Public IP Range: 1.0.0.0 to 127.0.0.0 First octet value range from 1 to 127 Private IP Range: 10.0.0.0 to 10.255.255.255 Class B: Public IP Range: 128.0.0.0 to 191.255.0.0 First octet value range from 128 to 191 Private IP Range: 172.16.0.0 to 172.31.255.255 Class C: Public IP Range: 192.0.0.0 to 223.255.255.0 First octet value range from 192 to 223 Private IP Range: 192.168.0.0 to 192.168.255.255 Class D: Range: 224.0.0.0 to 239.255.255.255 First octet value range from 224 to 239 - Multicasting Class E: Range: 240.0.0.0 to 255.255.255.255 First octet value range from 240 to 255 - reserved IPs
CDFS
CD File System (CDFS or ISO 9660)
Surge Suppressor
A surge suppressor defends against possible voltage spikes that could damage your electronics, appliances, or equipment. A power strip will not protect against voltage spikes.
What kind of attack is an example of IP spoofing?
An on-path attack (formerly known as a man-in-the-middle attack) intercepts communications between two systems. For example, in an HTTP transaction, the target is the TCP connection between client and server. Using different techniques, the attacker splits the original TCP connection into 2 new connections, one between the client and the attacker and the other between the attacker and the server. This often uses IP spoofing to trick a victim into connecting to the attack.
Which of the following should be used to uniquely identify every piece of hardware installed on the corporate network, including servers, desktops, laptops, printers, and monitors?
Asset ID
Which of the following components presents the largest risk of electrical shock to a technician?
CRT monitor - Large capacitors that could shock someone
Peter is attempting to print to his office printer, but nothing comes out. Yesterday, his printer was working just fine. Peter does not notice any errors on the taskbar's printer icon. Which of the following actions should Peter try FIRST to solve this issue?
Check the status of the print server queue OBJ-3.1: When this issue occurs, it is often because the system properly sent the print job to the print queue, but the print queue has become stuck. If no error is shown in the taskbar's printer icon, the user should open the print queue to determine if the print job has become stuck. If it is, then the print queue can be emptied or reset.
You are configuring a new printer for a small real estate office. There are only 4 computers in the network, and they are all connected to a single 4-port switch/router/cable modem device. There are no additional open ports on the device and no servers configured within the network. All the computers operate as part of a single workgroup with no domain controller. You need to configure the printer to allow all 4 computers to print to it as long as they are connected to the switch. Which of the following methods would BEST allow the users to print to the printer based on this network's configuration?
Configure it as a shared printer connected to one of the four workstations
You have just set up a Minecraft server on a spare computer within your network and want your friends to connect to it over the internet. What do you need to configure in your SOHO router to allow your friends to connect to the new Minecraft server you created?
Configure port forwarding
Your home network is configured with a long, strong, and complex pre-shared key for its WPA2 encryption. You noticed that your wireless network has been running slow, so you checked the list of "connected clients" and see that "Bob's Laptop" is connected to it. Bob lives downstairs and is the maintenance man for your apartment building. You know that you never gave Bob your password, but somehow he has figured out how to connect to your wireless network. Which of the following actions should you take to prevent anyone from connecting to your wireless network without the proper WPA2 password?
Disable WPS OBJ-2.9: WPS was created to ease the setup and configuration of new wireless devices by allowing the router to automatically configure them after a short eight-digit PIN was entered. Unfortunately, WPS is vulnerable to a brute-force attack and is easily compromised. Therefore, WPS should be disabled on all wireless networks. If Bob could enter your apartment and press the WPS button, he could have configured his laptop to use your wireless network without your WPA2 password. While disabling the SSID broadcast could help prevent someone from seeing your network, the issue was someone connecting to your network without having the password. Disabling the SSID broadcast would not solve this issue.
ext3 and ext4 file systems
Ext3 and Ext4 are two popular file systems primarily used in Linux-based operating systems for managing data storage. They are successors to the earlier Ext2 file system, offering improved features and performance. - ext4 is the latest and best
An Android user recently cracked their screen and had it replaced. If they are in a dark room, the phone works fine. If the user enters a room with normal lights on, then the phone's display is dim and hard to read. What is MOST likely the problem?
Faulty ambient light sensor - The ambient light sensor may be too sensitive as it is taking in more light than usual. This can occur if the sensor is faulty or if the screen was replaced incorrectly, and the technician forgot to install the black gasket around the ambient light sensor.
You are trying to copy a 4.7 GB file from your Windows laptop to an external hard drive using USB 3. The external hard drive is formatted with FAT32. Every time you attempt this copy, you receive an error. What is MOST likely the issue?
Files over 4 GB cannot be stored on a FAT32 formatted drive Since this file is 4.7 GB in size, it cannot be stored as a single file on the FAT32 hard drive. The file allocation table 32-bit (FAT32) is the 32-bit file system supported by Windows, macOS, and Linux computers. FAT32 can support maximum volume sizes of up to 2 TB and maximum file sizes of up to 4 GB. The Apple file system (APFS) is the default file system for Mac computers using macOS 10.13 or later and features strong encryption, space sharing, snapshots, fast directory sizing, and improved file system fundamentals.
Windows Requirements
For the Windows 10 (32-bit) operating system, the minimum requirements are a 1 GHz processor, 1 GB of RAM, and at least 32 GB of hard drive space. For the Windows 10 (64-bit) operating system, the minimum requirements are a 1 GHz processor, 2 GB of RAM, and at least 32 GB of hard drive space. For the Windows 11 (64-bit) operating system, the minimum requirements are a dual-core 1 GHz processor, 4 GB of RAM, and at least 64 GB of hard drive space.
Which of the following allows users to save their current session to disk and before powering down their Windows 10 laptop?
Hibernate mode is used to save the current session to disk before powering off the computer to save battery life when the system is not being used. The computer takes longer to start up again from hibernate mode than it does from the sleep or standby mode. Sleep or standby mode is used to save the current session to memory and put the computer into a minimal power state to save battery life when the system is not being used.
Which of the following types of backup requires the LEAST time to complete a backup?
Incremental
The Chief Financial Officer has asked Maria for a recommendation on how the company could reduce its software licensing costs while still maintaining the ability to access its application server remotely. Which of the following should Maria recommend?
Install and deploy thin clients without an operating system for each user A thin client is a small device that can operate with or without an operating system installed on the client device. Instead, it can boot directly from a network-based operating system on a common server and access applications on the company's application server. This type of architecture can drastically reduce the need for operating system licenses and reduce deployment costs. A thin client runs from resources stored on a central server instead of a localized hard drive. Thin clients work by connecting remotely to a server-based computing environment where most applications, sensitive data, and memory are stored.
Another technician tells you that they are PXE booting a computer. What is the technician MOST likely doing with the computer?
Installing an image to the computer over the network
Jason wants to configure his Windows 10 workstation to automatically block pop-ups when searching for websites online. Which of the following Control Panel sections should he use to achieve this?
Internet Options
Kerberos
Kerberos is a network authentication protocol that ensures secure communication between two or more trusted hosts across an untrusted network, like the internet. Imagine it as a digital gatekeeper, verifying the identity of both the user and the service before granting access.
Key Fob VS Smart Card
Key fob - small and generally uses NFC or generates a code for MFA and added security Smart Card - improved security, can hold data - Could be an ID card that also has a chip that you need to login to laptop
Dion Training just released a new corporate policy that dictates all access to network resources will be controlled based on the user's job functions and tasks within the organization. For example, only people working in Human Resources can access employee records, and only the people working in finance can access customer payment histories. Which of the following security concepts is BEST described by this new policy?
Least privilege OBJ-2.1: Least privilege is the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, legitimate activities. Privilege itself refers to the authorization to bypass certain security restraints. Zero-trust is a security framework that requires all users, whether in or outside the organization's network, to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and data. Defense in Depth is an approach to cybersecurity in which a series of defensive mechanisms are layered to protect valuable data and information. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used.
Which of the following tools in Windows 10 allows a technician to add different utilities, such as disk management, computer management, performance monitor, print management, and others to create a modular and customized tool kit for the technician to utilize?
MMC OBJ-1.3: The Microsoft management console (MMC) is a utility that uses snap-ins for various Windows tools such as disk management, computer management, performance monitor, print management, and others to perform operations on a local or networked computer. Remote desktop services (RDS) is used to connect to a remote desktop session host servers or other remote computers, edit an existing remote desktop connection (.rdp) configuration file, and migrate legacy connection files that were created with the client connection manager to the newer .rdp connection file type. User account control (UAC) is used to prevent malware from damaging a PC by blocking the automatic installation of unauthorized apps and preventing inadvertent changes to system settings. PerfMon is a performance monitoring and system monitoring utility in Windows that is used to monitor the activities on CPU and memory activity on a computer. Performance monitor is used for viewing performance data either in real-time or from a log file. The performance monitor can only monitor the resource utilization, but it cannot manage or terminate those processes.
Windows file servers commonly hold sensitive files, databases, passwords, and more. What common vulnerability is usually used against a Windows file server to expose sensitive files, databases, and passwords?
Missing Patches
Which of the following is TRUE about the GPT schema?
OBJ-1.8: The GUID Partition Table was created to address limitations of the Master Boot Record (MBR) schema, so it is a more up to date partitioning schema. The MBR uses the first 512 byte sector to hold the master boot record. The GPT can run up to 128 partitions and supports drives larger than 2 TB. The GPT uses UEFI as its boot method.
Data Destruction
OBJ-2.8: Data wiping or clearing occurs by using a software tool to overwrite the data on a hard drive to destroy all electronic data on a hard disk or other media. Data wiping may be performed with a 1x, 7x, or 35x overwriting, with a higher number of times being more secure. This allows the hard drive to remain functional and allows for hardware reuse. Degaussing a hard drive involves demagnetizing a hard drive to erase its stored data. You cannot reuse a hard drive once it has been degaussed. Therefore, it is a bad solution for this scenario. Purging involves removing sensitive data from a hard drive using the device's internal electronics or an outside source such as a degausser, or by using a cryptographic erase function if the drive supports one. Shredding involves the physical destruction of the hard drive. This is a secure method of destruction but doesn't allow for device reuse.
Which of the following policies or plans would dictate the complexity requirements for a wireless network's shared secret key?
Password policy A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. This document promotes strong passwords by specifying a minimum password length, complexity requirements, requiring periodic password changes, and placing limits on the reuse of passwords. An acceptable use policy (AUP) is a set of rules applied by the owner, creator, or administrator of a network, website, or service, that restrict how the network, website, or system may be used and sets guidelines as to how it should be used. A data loss prevention policy is a document that defines how organizations can share and protect data. It guides how data can be used in decision-making without it being exposed to anyone who should not have access to it. The goal of a data loss prevention policy is to minimize accidental or malicious data loss. A remote access policy is a document that outlines and defines acceptable methods of remotely connecting to the internal network.
Dion Consulting Group has been hired by a small real estate office to build its network. The office has 4 computers running Windows 10 Professional edition configured in a workgroup to access a shared file server. Which of the following types of network models is being used by this real estate office?
Peer-to-peer A workgroup is a Microsoft peer-to-peer network model in which computers are connected together for access to shared resources for organizational purposes
You have been asked to configure your neighbor's SOHO network. Your neighbor wants to build a Minecraft server so that all their friends can play together over the internet. When configuring their firewall, where should you place the server?
Perimeter network A perimeter network (formerly called a Demilitarized Zone or DMZ) is a portion of a private network connected to the Internet and protected against intrusion. Certain services may need to be made publicly accessible from the Internet (such as a web, email, or Minecraft server) and they should be installed in the perimeter network instead of in your intranet. If communication is required between hosts on either side of a perimeter network, then a host within the perimeter network will act as a proxy to take the request. If the request is valid, it re-transmits it to the destination.
You have submitted an RFC to install a security patch on all of your company's Windows 2019 servers during the weekly maintenance window. Which of the following change request documents would describe why the change will be installed during this maintenance window?
Plan
What is the FOURTH step of the seven-step malware removal process?
Remediate the infected system
You are troubleshooting a user's laptop that is unable to print a document. You have verified the printer is working and properly connected to the workstation by USB. Which of the following actions should you attempt to fix the problem in Windows 10?
Restart the print spooler service
XSS vs SQL Injection
SQL injection focuses on compromising the database. XSS targets the user's browser to steal information or manipulate the user's actions.
You are working as a forensic investigator for the police. The police have a search warrant to capture a suspect's workstation as evidence for an ongoing criminal investigation. As you enter the room with the policeman, he arrests the suspect and handcuffs him. What should you do FIRST?
Secure the area
Which of the following contains virtual memory that can supplement the physical system memory in a Linux system?
Swap Partition The swap partition on a Linux system is a portion of the hard disk formatted with a minimal kind of file system and used in situations when the operating system runs out of physical memory and needs more of it.
Which of the following types of backups generates the recovered files from a complete copy of a file created at some point in time and one or more partial backups created at later times to merge them into the recovered data?
Synthetic OBJ-4.3: Synthetic backup is the process of generating a file from a complete copy of a file created at some past time and one or more incremental copies created at later times. The expression synthetic in this context refers to the fact that the assembled file is not a direct copy of any single current or previously created file. Instead, a synthetic file is merged or synthesized by a specialized application program from the original file and one or more modifications to it. A full backup creates a copy of all the selected data regardless of when it was previously backed up. It takes the most time to complete a backup but is the fastest when conducting a restoral of all the data on a hard drive. A differential backup only creates a copy of the selected data that has been modified since the last full backup. It is a good compromise in speed between a full backup (which takes the longest to backup and the least to restore) and an incremental backup (which takes the least to backup and the longest to restore). An incremental backup only creates a copy of new files and files modified since the last full, incremental, or differential backup. Therefore, it takes the least amount of time to complete a backup. Unfortunately, it also takes the most time to restore since you have to first restore the full backup, then any differential and incremental backups until all your data is restored.
You are troubleshooting a user's laptop that is unable to print a document. You have verified the printer is working and properly connected to the workstation by USB. Which log in Windows 10 would you review to determine if the print spooler service is causing this issue?
System log OBJ-3.1: The event viewer shows a log of application and system messages, including errors, information messages, and warnings. It's a useful tool for troubleshooting all kinds of different Windows problems. The system log contains information about service load failures, hardware conflicts, driver load failures, and more. The file (system.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The security log contains information regarding audit data and security on a system. For example, the security log contains a list of every successful and failed login attempt. The file (security.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The application log contains information regarding application errors. The file (application.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The setup log contains a record of the events generated during the Windows installation or upgrade process. The file (setup.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer.
Which of the following authentication protocols was developed by Cisco to provide authentication, authorization, and accounting services?
TACACS+ is an extension to TACACS (Terminal Access Controller Access Control System) and was developed as a proprietary protocol by Cisco. The Remote Authentication Dial-In User Service (RADIUS) is a networking protocol that operates on port 1812 and provides centralized Authentication, Authorization, and Accounting management for users who connect and use a network service, but Cisco did not develop it. Kerberos is a network authentication protocol designed to provide strong mutual authentication for client/server applications using secret-key cryptography developed by MIT. Challenge-Handshake Authentication Protocol (CHAP) is used to authenticate a user or network host to an authenticating entity. CHAP is an authentication protocol but does not provide authorization or accounting services.
Which of the following encryption types was used by WPA to better secure wireless networks than WEP?
TKIP OBJ-2.2: Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications designed to replace WEP. WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wired equivalent privacy (WEP) is an older mechanism for encrypting data sent over a wireless connection. WEP is considered vulnerable to attacks that can break its encryption. WEP relies on the use of a 24-bit initialization vector to secure its preshared key. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard. WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption.
3-2-1 backup
The 3-2-1 backup rule states that an organization should create (3) one primary backup and two copies of the data, (2) save the backups to two different types of media, and (1) keep at least one backup copy off-site.
GFS / Grandfather Father Son
The grandfather-father-son (GFS) backup rotation scheme is widely used to combine full and incremental backups to reduce backup time and enhance storage security. The grandfather is a full backup that is stored off-site once per month. The father is a weekly full backup that is conducted. The son is an incremental or differential backup conducted each day.
Data at rest encryption
The technique of encrypting data that is not transmitted across a network.
tracert, ipconfig, netstat, nbtstat
The tracert (trace route) diagnostic utility determines the route to a destination by sending Internet Control Message Protocol (ICMP) echo packets to the destination. In these packets, tracert uses varying IP Time-To-Live (TTL) values. When the TTL on a packet reaches zero (0), the router sends an ICMP "Time Exceeded" message back to the source computer. The ICMP "Time Exceeded" messages that intermediate routers send back show the route. The ipconfig tool displays all current TCP/IP network configuration values on a given system. The netstat tool is a command-line network utility that displays network connections for Transmission Control Protocol, routing tables, and some network interface and network protocol statistics on a single system. The nbtstat command is a diagnostic tool for NetBIOS over TCP/IP used to troubleshoot NetBIOS name resolution problems.
You are setting up the Remote Desktop Services on a Windows 2019 server. To increase the security of the server, which of the following actions should you take?
To best secure the server, you should logically place the Windows 2019 server into the network's screen subnet and block all unused ports on the switch, router, and firewall. Since the server will allow remote connections from across the internet to access the server directly, the server must be placed into the screened subnet of the network and not in the internal trusted portion of the network. Additionally, any server or services that will be forward-facing to the internet (like a Remote Desktop Services server) should have all of the unused ports blocked on the switch, router, and firewall to minimize the footprint of the network. By blocking unused ports, there are fewer ways for an attacker to get into the network and attack the server.
Which of the following open-source remote access tools allows users to connect to their desktop remotely, see what is on their screen, and control it with their mouse and keyboard?
VNC (virtual network computing) is a remote access tool and protocol. It is used for screen sharing on Linux and macOS. RDP is not open-source. SSH and telnet are text-based remote access tools.
Your boss from work just sent you an important email, but you are not in the office. You tried to open the email from your smartphone, but it is encrypted and won't open. What should you do?
Verify Device's Digital Cert is installed OBJ-3.5: If an encrypted email does not open in your mail app, you most likely need to verify that your digital certificates are properly installed on the device as these are used to decrypt encrypted emails. If the email was sent to your Gmail account, it would be sent unencrypted. You should not ask for the email to be sent unencrypted since it removes the confidentiality and privacy of the email. Regardless of whether you are using the email client or the mobile web browser, if the digital certificate is not properly installed then the encrypted email will not be able to be read.
Which of the following file system formatting types should be used with a DVD?
UDF OBJ-1.8: The Universal Disk Format (UDF or ISO 13346) is an updated file system for optical media supporting multisession writing. It is the standard used by Windows, referred to as the Live File System, for CD and DVD recordable and rewritable discs. There are several different versions of UDF, with 2.01 being the default in Windows. Blu-ray reading and writing requires version 2.5 and third-party software. The CD file system (CDFS or ISO 9660) is a legacy file system used for CD optical disc media (CD-ROM and CD-R). CDFS supports two main data writing modes: mode 1 has better error correction, whereas mode 2 allows more data to be written to the disc. Joliet is an extension to CDFS that enables long filename support and Unicode characters in file names. The NT file system (NTFS) is a Windows file system that supports a 64-bit address space and can provide extra features such as file-by-file compression and RAID support as well as advanced file attribute management tools, encryption, and disk quotas. NTFS can support a maximum volume size of up to 8 PB. The file allocation table 32-bit (FAT32) is the 32-bit file system supported by Windows, macOS, and Linux computers. FAT32 can support maximum volume sizes of up to 2 TB and maximum file sizes of up to 4 GB.
You are working as a mobile device technician for a large corporation's enterprise service desk. A user complains that every time they attempt to launch the company's mobile email application, it crashes and displays an error message of Code123. This is the third user with this error on an Android (model DTA) smartphone. The same app is working on your smartphone, but it is a model DTX. Which of the following should you do FIRST to attempt to solve this problem?
Update the OS to match yours.
A co-worker just sent you a macro-enabled Microsoft Word document. After you opened the file, your computer began to delete the photos stored in your c:\photos directory. What type of malware did you MOST likely receive?
Virus
Which of the following types of encryption uses a 128-bit encryption key but is considered weak due to its use of a 24-bit initialization vector?
WEP
Which of the following types of wireless encryption uses a 40-bit encryption key with an RC4 encryption cipher?
WEP - Uses RC4
Which of the following commands is used on a Linux system to convert and copy files from one hard disk to another?
dd command
Which of the following Windows 10 system utilities would be used to test the functionality of the DirectX subsystem for video and sound-related problems?
dxdiag The DxDiag (DirectX diagnostic) utility is used to collect info about devices to help troubleshoot problems with DirectX sound and video. It is a diagnostics tool used to test DirectX functionality and troubleshoot video-related or sound-related hardware problems. DirectX diagnostic can save text files with the scan results. System information (msinfo32.exe) is a utility that gathers information about your computer and displays a comprehensive list of hardware, system components, and the software environment that can be used to diagnose computer issues.
A workstation at Dion Training's office is taking a long time to boot up. Once it finishes booting to the Windows 10 desktop, which of the following tools can a technician use to diagnose and fix the boot issues?
msconfig.exe OBJ-1.3: System configuration (msconfig.exe) is a system utility to troubleshoot the Microsoft Windows startup processes. MSConfig is used to disable or re-enable software, device drivers, and Windows services that run at startup, or to change boot parameters. PerfMon is a performance monitoring and system monitoring utility in Windows that is used to monitor the activities on CPU and memory activity on a computer. Performance monitor is used for viewing performance data either in real-time or from a log file. The performance monitor can only monitor the resource utilization, but it cannot manage or terminate those processes. Resource monitor is a utility used to display information about the use of hardware (CPU, memory, disk, and network) and software (file handles and modules) resources in real-time. The resource monitor helps check the performance counters of specific resources and decide a course of action to improve the performance. System information (msinfo32.exe) is a utility that gathers information about your computer and displays a comprehensive list of hardware, system components, and the software environment that can be used to diagnose computer issues.
Which of the following Linux command-line options would shut down a Linux server 11 minutes from now?
shutdown +11