Cram Exam Core 2

Jason from accounting is attempting to create a script in a Microsoft Windows scripting utility. However, when it comes time to save the file, he is not sure what file type to save it as. Which of the following is the correct file extension for Jason to use? · .sh · .js · .py · .ps1

.ps1 Explanation: The preferred Microsoft Windows scripting utility is PowerShell, which by default saves files with the .ps1 extension. Other acceptable PowerShell file extensions include .psm1, .psd1, and .ps1xml. To script in Windows, a person might also use Notepad and save the file with the .bat extension as a batch file, but PowerShell is the preferred utility. See Chapter 42, "Basic Scripting and remote Access Technologies," for more information. Incorrect answers: The rest of the answers are not Microsoft Windows scripting utilities. The .py file extension is used by Python. The .js file extension is used by JavaScript. The .sh file extension is used by Bash in Linux/Unix systems.

You are responding to a request for help configuring a small business's open wireless network. The owner is concerned that the company next door is connecting to the Wi-Fi network without the owner's permission. The business requires that the wireless network remain open. What can you do to address the problem? · Implement content filtering. · Adjust power levels. · Use a default SSID. · Enable MAC filtering.

Adjust power levels. Explanation: By adjusting the power levels (to low, or a similar settings), the wireless network's range will be reduced—hopefully to the perimeter of the office. See Chapter 35, "Data Destruction and SOHO Security," for more information." Incorrect answers: The default SSID is the wireless network name that comes built into the access point. It is not secure in any way, and won't help in this situation. Content filtering is used to block certain domains or websites, which is a good security feature for the users on the network, but won't help in this scenario. Enabling MAC filtering is normally an excellent security precaution, but it can't be done in this scenario because the company wants the network to remain "open."

You are part of an IT team that is deploying a temporary server room at a site to provide support during construction. Which of the following should you use while setting up the server room? Antistatic mats Air filters Privacy screens Vacuums

Air filters Explanation: Use air filters for the server room because it is near a construction zone, which will create a lot of airborne particles that can be damaging to computers. The server room will most likely be makeshift in this scenario; it could be in a temporary structure or a trailer. Proper ventilation and filtering is a top priority. See Chapter 40, "Safety Procedures and Environmental Controls," for more information. Incorrect answers: A vacuum won't do much in a construction site. But you should definitely vacuum out any area that will be used as a server room prior to installing racks, networking equipment, and servers. Privacy screens are used to prevent shoulder surfing. Antistatic mats are used to prevent electrostatic discharge (ESD).

A user just returned from another country and cannot connect to the WLAN with a smartphone. Which of the following should be checked first? · Hotspot configuration · Bluetooth conflict · Wi-Fi calling · Airplane mode

Airplane Mode Explanation: You should check whether the smartphone is in airplane mode first. That can be easily done by simply looking at the top of the screen for an airplane icon. If the device is in airplane mode, it most likely is not connected to a WLAN (wireless local area network). You could then check other things such as whether Wi-Fi is enabled, whether the person is connecting to the correct wireless network name, is using the right protocols and password, and so on. See Chapter 38, "Troubleshooting Mobile Operating Systems," for more information. Incorrect answers: You could also check if the smartphone is configured to act as a hotspot, because that nullifies its WLAN connection as well, but that answer is less likely than the smartphone being in airplane mode in this particular scenario. It is unlikely that Bluetooth would cause a conflict with Wi-Fi, but it is possible, and you can check this by disabling Bluetooth if it is running. Remember that the terms Wi-Fi and WLAN mean essentially the same thing.

You are a technician working at a help desk. You receive a call from a user that is experiencing a BSOD issue. You are scheduled to take a break just after the call comes in. Which of the following actions should you take? (Select the best answer.) Troubleshoot the BSOD issue. Escalate the issue to tier 2 support. Politely ask the user to call back. Ask another technician to take the call. Put the user on hold and troubleshoot the problem after the break.

Ask another technician to take the call. Explanation: You should ask another technician to take the call, then explain to the user that you are transferring the call to another tech, then transfer the call. Take your break at the scheduled break time. See Chapter 41, "Incident Response, Communication, and Professionalism," for more information. Incorrect answers: While you might be able to troubleshoot the issue, you should transfer it to another tech, because break times are planned by management in a specific way so that the help desk is always staffed properly. However, do not place the user in a queue. If no other technician is readily available, you should attempt to solve the issue, and then let your manager know that you are taking your break late and why. Do not escalate to tier 2 until you are sure that a tier 1 tech has had a crack at the problem. Do not put the user on hold for extended periods of time. Do not ask the user to call back (even politely). For example, if you have a bad connection, try to get the phone number of the user, and call the person back immediately.

You have been tasked with creating a computer-naming convention that will allow client computers to be easier to track and identify while they are in use. Which of the following naming conventions should you choose? · Domain name, location, and asset ID · Asset ID and MAC address · Location and IP address · Location and RFID

Asset ID and MAC address. Explanation: The best naming convention of the listed answers is asset ID and MAC address. Each computer can be tagged in a variety of ways (barcode, RFID, and so on) and entered into the asset management database. The corresponding MAC address of each system can also be entered into that system, and can be tracked by a variety of network monitoring programs as well. The beauty of the MAC address is that it is part of the network adapter, so whatever happens to the OS, the computer can still be located (as long as it is on). See Chapter 39, " Documentation, Change Management, and Disaster Recovery," for more information Incorrect answers: In this scenario you don't know if there is a domain at all. But even if there is one, it's not the best way to track individual computers, because they will most likely all be part of the same domain. A better way would be to use the fully qualified domain name (FQDN); for example: computer13.dpro42.com. The location of the computer could be tracked by way of GPS or other location services, but both terms "location" and "RFID" are somewhat vague. You need a specific naming convention to be able to locate the computer. IP address is sometimes used, but if the computers will be using DHCP, then the IP address could change over time. The same goes for a computer name. These are assigned in the operating system and so they could be modified at some point; for example, if there is a network redesign. However, the MAC address remains regardless of any software modifications, and as long as the physical network adapter exists in the computer.

Which of the following is an executable that checks the integrity of an NTFS volume in Windows? SFC convert Autochk.exe Regedit.exe

Autochk.exe Explanation: Autochk.exe is an executable (and system process) that checks the integrity of an NTFS volume in Windows. It enables a Windows operating system to revert core system settings to their original state. Autochk is similar to chkdsk but autochk runs during system bootup (after a cold boot), whereas chkdsk runs in the command line. Autochk cannot run within the command line. Autochk will be initiated if: 1. Chkdsk cannot gain exclusive access to the volume, 2. If you try to run chkdsk on the boot volume, or 3. If the volume to be checked is "dirty." For example, if a system hangs and has open files, those files are considered to be dirty, and therefore the volume that houses them is also dirty, and is checked by autochk after a hard reset (otherwise known as a cold boot). See Chapter 25, "Microsoft Command Line Tools," for more information. Incorrect answers: SFC is the System File Checker utility. The convert command is used to change a FAT partition to NTFS without loss of data. Regedit.exe is the executable in Windows that opens the Registry Editor.

Which of the following answers can be the cause of a blue screen error? Incompatible USB device Bad driver Incorrect router configuration Rogue DHCP server

Bad Driver Explanation: Bad drivers can be the cause of a stop error or blue screen error (also known as a BSOD), for example, if ntfs.sys, the main NTFS partitioning system file, were to fail during bootup. The CPU and RAM can also cause these errors to occur. See Chapter 36, "Troubleshooting Microsoft Windows," for more information. Incorrect answers: The blue screen error affects only the local computer; it is not a network-wide problem that could be associated with a rogue DHCP server or incorrect router configuration. An incompatible USB device should not cause a blue screen error, nor should that device's driver. Also, the whole idea of USB is that devices you connect to it are automatically recognized and are generally all compatible. However, the USB driver could be a culprit, though that is less common.

Which of the following environmental impacts can cause the customer to lose data? Air filters Blackout Being on time Backup battery

Blackout Explanation: A blackout is an environmental impact that can cause the customer to lose data. A blackout is when there is a complete loss of power for an extended period of time. Going beyond the blackout, there are other concerns, such as the brownout (which is a reduction in power over an extended period of time) and a power surge (which is a spike in power for a short period of time). To protect against all of these, a battery backup device such as a UPS is recommended. See Chapter 40, "Safety Procedures and Environmental Controls," for more information. Incorrect answers: Air filters are environmental controls used to protect an organization's air from unwanted airborne particles. Being on time is an important part of professionalism. If you are going to be late, be sure to contact the customer. However, this isn't likely to cause the customer to lose data.

Which of the following is the path of the print$ share? C:\Windows C:\Windows\System32\spool\print$ C:\Windows\System32 C:\Windows\System32\spool\drivers

C:\Windows\System32\spool\drivers Explanation: The default path of the print$ administrative share in Windows is C:\Windows\System32\spool\drivers. This is an important folder because it contains drivers for different types of printers; it's a folder you might want to access as an administrator over the network. So, the share is hidden as an administrative share by adding a $ to the end of the share name. See Chapter 33, "Windows Security Settings and Best Practices," for more information. Incorrect answers: C:\Windows is the %systemroot% (also known as %windir%). There is an administrative share for that called ADMIN$. C:\Windows\System32 has the bulk of the system files in Windows. By the way, it does not have an administrative share by default. C:\Windows\System32\spool\print$ is not a valid path. Print$ is the share name associated with the drivers folder.

Which command in Linux will open the text editor shell? edit chown vi dd

Can you describe the steps you have taken? Explanation: Use the vi command to open the text editor shell in Linux. Use q or q! to exit (depending on the distribution). You might also see the VIM and Nano editors as part of Linux. See Chapter 30, "Linux and macOS Tools," for more information. Incorrect answers: Edit is an older command in Windows that used to open the MS-DOS text editor. chown is a Linux command that allows a user to change the file owner. dd is a Linux command that is used to convert a file from one format to another, or to overwrite a drive.

Which of the following is the most appropriate question to ask a customer first when attempting to troubleshoot an input device issue over the phone? Are you sure that the device is plugged in? Have you verified that all USB plugs are secure? Have you tried turning it off and on again? Can you describe the steps you have taken?

Can you describe the steps you have taken? Explanation: The key here is what you ask the customer first. You should first ask the customer to describe the steps taken so far. By asking this, you will probably elicit a lot of the other listed answers from the customer. Remember, you are not accusing the user of anything; you are simply asking what the customer did so far. See Chapter 41, "Incident Response, Communication, and Professionalism," for more information. Incorrect answers: You don't even know if the device is USB or not. Plus, some devices are not turned on and off. They simply plug into the computer and either work or don't. And when you ask what the customer has done so far, the person will probably tell you that the device is simply plugged in. The moral of this question is to get the whole story before asking questions that are arbitrary—and possibly unnecessary.

You are tasked with troubleshooting a RAID 1 array that is running slowly. You reboot the system and see S.M.A.R.T. errors when the computer boots. Which tool should be used to troubleshoot these errors? chkdsk format Disk Cleanup diskpart

Chkdsk Explanation: Use the chkdsk utility in the Command Prompt to check for issues related to the S.M.A.R.T. errors. You could also use third-party utilities to view the S.M.A.R.T. errors directly. See Chapter 25, "Microsoft Command Line Tool," for more information. Incorrect answers: Diskpart is the Command Prompt utility used to manage hard drives; it is the text-based counterpart of the Disk Management program. Disk Cleanup is used to remove temporary files from a Windows system. The format command is used to write a file system (such as NTFS) to a volume; it deletes all data when used.

1 One of your customer's is asking for recommendations on how to prevent potential data and hardware loss during a natural disaster. Of the following, what should you recommend? (Select the two best answers.) Cloud storage Hot/warm site Waterproof smartphones Data recovery Local backups Backup testing

Cloud Storage & Hot/warm site Explanation: Of the listed answers, you should recommend cloud storage and a hot or warm site. The cloud storage acts as offsite storage of data, away from the customer's building. The hot or warm site acts as a secondary office that is ready to go (or close to ready) if the main office is compromised. Depending on the company's budget, it might not be able to afford a hot site, but a warm site can work well if there is an efficient disaster recovery plan in place, and if the cloud-based data is quickly accessible. See Chapter 39, "Documentation, Change Management, and Disaster Recovery," for more information. Incorrect answers: Data recovery is rather vague. Also, the customer doesn't want to have to recover data; it wants the data to be safe. Backup testing is always important regardless of where the data will be stored; however, the question isn't about backing data up, it's about how data will be stored. Waterproof smartphones might work in a flood or a hurricane, but it's difficult to waterproof things like PCs, servers, networking equipment, and so on. Local backups will not help in the event of a disaster—the customer needs offsite storage of data.

Which of the following options is the best way to secure a Windows workstation? Disable AutoPlay Screensaver Key fob User education Retinal scan Complex password ID badge

Complex Password Explanation: The complex password is the best way to secure a Windows workstation. The word "complex" means that the password uses uppercase and lowercase letters, numbers, and special characters. More important is the length of the password. For example, a 15-character password without much complexity is actually better than a complex, 6-character password. So, make the password complex, but use at least 8 to 10 characters as well. In highly secure organizations, this number will often be 15 (or more). See Chapter 33, "Windows Security Settings and Best Practices," for more information. Incorrect answers: A screensaver by itself does not protect Windows, but a screensaver with a required password will require the user's login when the screensaver is deactivated. (Locking the workstation when going to lunch or taking breaks is also a smart idea.) Disabling Autorun is a good security precaution that will stop removable media from running automatically when it is inserted into the computer, but it is a distant second to a complex password when it comes to securing the Windows workstation. The rest of the answers are not options in Windows but are all good security practices. User education is important; one of your responsibilities as a PC technician is to stress the importance of complex passwords to your customers and to make sure they know how and where to configure the password. An ID badge is an authentication method used to allow access to a building or secure area. The badge will have a person's information, photo, and possibly even a magnetic stripe that can be read by a security system. A key fob could be a variety of things, including a physical smart token for gaining access to individual computers or systems or for gaining access to automated door systems. A retinal scan is a type of biometric authentication method where a security system scans a person's eye before allowing admittance to a secure area.

One of the computers in your warehouse often requires the replacement of power supplies, CPUs, and optical drives. Which tool can help to prevent these types of hardware faults? · Antistatic wrist straps · Rescue disk · Compressed air · Multimeter

Compressed Air Explanation: Compressed air, if used periodically inside the computer, can help to prevent the hardware faults that occur. Most likely, the warehouse is not the cleanest, and the computer is sucking in dirt 24 hours a day. If you take the computer outside, remove the cover, and carefully blow out the dust bunnies with compressed air, you might increase the life expectancy of the hardware components. Other ways to help prevent this problem are to install a filter in front of the computer where air is drawn into the system, and to enable hibernation of the computer during off-hours. During this time, the computer does not draw any air into the case, limiting the intake of dust, dirt, and other pollutants. See Chapter 40, "Safety Procedures and Environmental Controls," for more information. Incorrect answers: Antistatic wrist straps are necessary when installing devices, and if they are not used, devices could become damaged, but the frequency of the issues in the question points to environmental conditions, and not ESD. A rescue disk (or rescue disc or repair disc) is used to repair an OS when a catastrophic stop error or other similar error occurs. It rebuilds the OS so that it can function again. Because in this scenario the problem is hardware-related, a rescue disk does not help the situation. A multimeter is used to test hardware; it cannot prevent hardware faults.

You have been tasked with setting up a proxy server connection for a Windows computer. Which of the following Internet Options tabs should you select? Connections Content Privacy Security Advanced

Connections Explanation: In Windows, use the Connections tab in the Internet Options to make a connection through a proxy server. This can be accessed from the web browser settings or from Control Panel > All Control Panel Items > Internet Options. (That actually opens the Internet Properties dialog box.) Then select the Connections tab and click the LAN settings button. Click the check box in the Proxy server section to select a proxy server and specify the IP address and port to be used. Remember, a proxy server is used to cache commonly accessed web pages so that clients can get the information faster, but the client has to be configured to use the proxy server. See Chapter 29, "Windows Networking and Application Installation," for more information. Incorrect answers: The Advanced tab is where you would enable/disable scripts and enable/disable security protocols such as SSL and TLS. The Security tab is used to set the security levels for zones (Internet, Trusted sites, and so on). The Privacy tab is used to allow or block specific domains and turn on the Pop-up Blocker. The Content tab is used to configure certificates and to set things such as AutoComplete.

You have been dispatched to a customer's small office that has four computers. One of the systems is displaying an Invalid Certificate error when visiting a website on port 443. The other systems do not get this error when visiting the same website. Which of the following should you adjust on the affected computer to resolve the problem? UAC Date and time Domain policy Logon times UEFI boot mode

Date and time Explanation: Configure the date and time to resolve the issue. Do this in the BIOS/UEFI, or in the operating system (or both). Certificates are time based, and are typically valid for one or two years. If the computer's time is outside of that range, then the browser will not be able to connect to the website. This is more common than you might think, even with the common practice of synchronizing to a time server. If a system is not synchronized, then the time could be modified in the OS by the user. Perhaps it was never set up properly, or perhaps the user pushed the time back so that he or she could continue working with an expired application, or perhaps it was affected by a virus. Also consider that a discharged CMOS battery will cause the BIOS to revert to an earlier time and date. Time synchronization is an important concept with computers and networks. See Chapter 31, "Physical and Logical Security," for more information. Incorrect answers: Whether or not the system is in BIOS or UEFI boot mode will not affect time, but in many cases UEFI mode is preferred, especially with newer OSes. The logon times for a user are configured at a domain controller, which is normally used in larger IT environments. User Account Control (UAC) is a system in Windows that works to run sessions with least privileges whenever possible; it won't affect browsing, but it might prevent a user from installing a particular browser! You can configure time using the Network Time Protocol (NTP) by working with a group policy in a domain, but again, domain policies are used in larger networks. The chances of a small business with four computers having a domain are very slim.

Which of the following statements best describes how to secure only physically unused network ports on a switch? Use DHCP addressing on the network. Disable the ports in the firmware. Power down the router when it is not being used. Disable DNS on the network.

Diable the ports in the firmware. Explanation: You should disable the physical ports within the switch or router. Let's say that there are three areas of a small office that have network jacks that lead to the switch, but only two areas are being used. The area with unused network jacks is the area you want to secure. By logging in to the switch or router and then accessing the firmware, you can configure the unused ports so that they cannot be used—thus securing them. (Note: some routers/switches do not have this functionality.) See Chapter 35, "Data Destruction and SOHO Security," for more information. Incorrect answers: Logical protocols such as DNS and DHCP do not come into play here because you are trying to secure tangible, physical ports. Powering down the router would make all of the ports unusable and would deny all wired network access.

Which command or tool would display the contents of C:\Windows\System32\? · net · dir · cd · System Information Tool

Dir Explanation: The dir command shows the contents of a folder or directory within the command line. For example, if you were within the system32 folder, you could just type dir to display its contents. if you were in any other folder, you would type dir c:\windows\system32; but be prepared to use the /p switch, because there will be a lot of results! See Chapter 25, "Microsoft Command Line Tools," for more information Incorrect answers: The net command has many uses; for example, use net stop spooler to stop the print spooler, net use to map network drives, and so on. cd stands for change directory. Within the command line it enables you to move from one directory to any other directory in the tree. The System Information tool displays details about hardware resources, components, and the software environment.

You have been tasked with repairing a motherboard issue in a computer. Which of the following steps should you take first to prevent electrical hazards when working inside the computer? Disconnect the power before servicing the computer. Place components on an antistatic mat. Put on an antistatic wrist strap. Put the computer on a grounded work bench.

Disconnect the power before servicing the computer Explanation: The first course of action is to disconnect the power. This stops the flow of power to the computer, and therefore prevents electrical hazards to you, the technician (at least as far as the computer is concerned). Always unplug the computer before working on it! See Chapter 40, "Safety Procedures and Environmental Controls," for more information. Incorrect answers: The rest of the answers are good ideas that will help to protect the computer from electrostatic discharge (ESD). In addition, the antistatic strap—if it's ultimately connected to a grounded outlet or other grounding source—will protect the wearer from other electrical hazards, as long as it has a 1-megaohm resistor. However, always unplug the computer first before doing anything else. Then, put the computer on a grounded work bench or antistatic mat, and put on the antistatic wrist strap. Open the computer and begin working. As you work, keep components either on the antistatic mat or in antistatic bags (and lay them on the antistatic mat). Remember, the concepts here are to: 1. Equalize the electric potentials between you and the equipment so as to prevent ESD, and 2. Always be safely protected from electrical hazards.

You want to create a spanned volume over two hard drives that are separate from the system volume of a Windows workstation. What tool can help you determine if the hard drives can support spanned volumes? Disk Management Task Manager System Information Device Manager

Disk Management. Explanation: The Disk Management tool can determine if hard drives support spanned volumes. A spanned volume in Windows is a volume that extends across 2 or more dynamic disks (up to 32) but not including the boot or system volume. In this case, you should most likely create a spanned volume because the requirements have been met. The Disk Management tool (located in Computer Management) is where you can initialize disks, create and format partitions and volumes, and assign drive letters. See Chapter 24, "Operating System Installation," for more information. Incorrect answers: The Task Manager shows the performance of a computer's CPU and RAM and displays the programs/processes currently running. The Device Manager is used to configure devices, update drivers, and view device settings. The System Information tool is similar to the Device Manager, but you cannot make changes; this tool also shows information about the software environment and hardware resources.

You are planning an important operating system update of a router that is the default gateway. So far you have documented the purpose of the change, documented the scope of the change, and performed risk analysis. Which of the following is still required as part of your change request? · Configure a redundant data path to eliminate downtime. · Document a backout plan to roll back changes. · Make the downtime window larger than actually anticipated. · Inform management regarding the anticipated duration of downtime.

Document a backout plan to roll back changes. Explanation: Of the listed answers, you should have a well-documented backout plan in the case that the update fails. It should detail how the router update can be rolled back. Your plan should also include more planning; for example, a test bed where a simulated router will go through the update. Other things to consider include: how end users will be affected and what their acceptance might be; and to use change control forms throughout the process, especially when presenting the change request to the people on the change board. See Chapter 39, "Documentation, Change Management, and Disaster Recovery," for more information. Incorrect answers: This scenario is based on planning, and creating documentation that will support your proposed plan. It isn't about actually doing anything yet! Configuring a redundant data path could be part of the plan, but it won't do much good if there is only one router; a redundant router would be a better answer. Either way, this isn't something you would perform until your change request is accepted and approved. The change board is who you would inform about the anticipated downtime, which might include managers, but it would be done in a well-documented way. The actual notification of downtime to managers would occur later when the change is being performed. Of course, most change board members want zero downtime—but that's another matter altogether! Falsifying information or exaggerating estimated downtime could be bad for your job security (unless you are "Scotty" from Star Trek...).

A co-worker reports that a suspicious-looking individual was scavenging through the recycle bin. What type of social engineering is this? Dumpster diving Impersonation Phishing Spear phishing

Dumpster Diving Explanation: This is most likely an example of dumpster diving. A malicious person might try to get company or personal information by looking through trash, shredded papers, recycling, and more. Dumpster diving can be prevented by keeping trash and recyclables locked up until removal time. Also, keep them in a well-lit area with surveillance. See Chapter 32, "Wireless Security, Malware, and Social Engineering," for more information. Incorrect answers: Phishing is when a person attempts to gain person information about someone—usually by e-mail—often by impersonating another person (masquerading as someone else) or by claiming to represent a fictitious company. Spear phishing is when a particular person is targeted for phishing, often executives (also known as whaling).

You have been tasked with installing a private computer in a public workspace. What best password practice should you use on the computer to secure network access? Disable SSO. Issue a default strong password for the user. Require authentication when the system wakes. Delete the Guest account.

Explanation: The best of the listed answers is to require authentication at wake-up. The user should have to type the password when the system comes out of sleep mode or standby mode, or when it is unlocked. In some operating systems, it is set this way by default. But you never know what OS you are working with, and how it has been configured, so always double-check security settings to be sure. The scenario asked about best password practices, but as a technician, you should also consider additional forms of authentication, such as a smart card. See Chapter 33, "Windows Security Settings and Best Practices," for more information. Incorrect answers: Disabling SSO (single sign-on) would remove user functionality, and then the user might have to log in separately to different systems, instead of using one login for multiple systems; but it wouldn't require authentication, which is what we want. As an administrator, you generally shouldn't be issuing passwords to users (unless it is on a temporary basis). Strong passwords should be a part of the computer's policy anyway. Normally, we never delete accounts. We disable them. However, in many systems, such as Windows 10 and Windows 8.1, the Guest account is disabled by default already.

What command repairs the bootmgr.exe file in Windows? bootrec /rebuildbcd boot\bcd bootrec /fixmbr bootrec /fixboot

Explanation: Bootrec /fixboot is one of the methods you can use to try to repair bootmgr.exe in Windows. If the bootmgr.exe file needs to be repaired, then the system most likely is not booting properly. So, this repair will have to be done in the Windows Recovery Environment, or another bootable repair environment. See Chapter 36, "Troubleshooting Microsoft Windows," for more information. Incorrect answers: Bootrec /fixmbr rewrites the master boot record in Windows (for those systems that still use MBR). Bootrec /rebuildbcd attempts to rebuild the boot configuration store, and boot\bcd is where the boot configuration store is located.

You are required to install Windows to ten separate computers. Which of the following is the quickest method for implementing a standard configuration to all the computers? Internal hard drive partition with the image Hot-swappable image drive Prebuilt image using PXE One SSD with an answer file

Explanation: Build the image beforehand and deploy it across the network by using the Preboot Execution Environment (PXE) of the computers' network adapters. This is the fastest listed method. You might use Windows Deployment Service (WDS) or Symantec Ghost to deploy the image over the network from a server. See Chapter 24, "Operating System Installation," for more information. Incorrect answers: A hot-swappable image drive would require that each computer could house (or connect to) that drive, which probably means more hardware and more configuration (and more time). An internal hard drive partition would have to be created on each computer, which would be extremely time consuming. An SSD with an answer file might work internally on a system, but moving that from one system to another would be troublesome at best. When dealing with more than a few systems, always consider the option of streaming the image over the network to PXE-compatible PCs.

You are working with a virtual machine (VM) when you discover that it has been infected with malware. Which of the following will apply? The VM can be shut down with no harm to the host PC. The VM will crash and cause damage to the host PC. The host computer will quarantine the VM automatically. The host computer will delete the VM automatically.

Explanation: One of the reasons for using a VM is to create a separate OS work environment from the hosting computer. By default, this creates a barrier that viruses and other malware do not cross. So, in most cases, the VM can be shut down with no harm to the host PC. However, this is not always the case. If the host PC has networked connections to the VM, malware could travel between the two. This is why it is important to secure your VMs, your VM software, and the host computer. See Chapter 32, "Wireless Security, Malware, and Social Engineering," for more information. Incorrect answers: Initially, the host computer does not monitor for malware on the VMs that it hosts. So it will not quarantine or delete any malware on a VM automatically. The VM should be treated as a wholly separate OS, even though it might run within a hosting OS.

A Mac user's OS has become corrupted, and the user needs to access data that was previously stored on the computer. Which of the following built-in utilities should be used? Boot Camp File History System Restore Time Machine

Explanation: To access data that was previously stored on the Mac computer, or to revert to an earlier period of time, use the built-in Time Machine utility. This will bring the computer back to a "snapshot" of macOS that was taken by the utility previously. It can be instrumental in regaining access to files in the case that the system was corrupted or affected by malware. See Chapter 30, "Linux and macOS Tools," for more information. Incorrect answers: System Restore is a Windows program that is similar to Time Machine. Boot Camp is a macOS utility that allows a user to dual-boot the system, for example to macOS and Windows. File History is a backup and restoration program for files in Windows.

You have been tasked with limiting computer access to certain Windows users. Which of the following should be configured? System Configuration BCD Advanced Security Local Security Policy

Explanation: You should configure the Local Security Policy utility. This can be accessed by going to the Run prompt and typing secpol.msc or by accessing it through Administrative Tools. From this utility you can set who can access which systems and when. See Chapter 26, "Microsoft Operating System Features and Tools, Part 1," for more information. Incorrect answers: System Configuration is msconfig, which is used to modify how the system boots and enable/disable applications and services. BCD stands for boot configuration data. The BCD store contains information about the operating system(s) that can be booted to. Advanced Security is a place you can go for the Windows Firewall that allows you to create advanced port exceptions for applications.

A user's smartphone is overheating. Which of the following is the most likely cause? Faulty GPS program Proper ventilation Damage to the CPU Damaged battery Virus

Faulty GPS program Explanation: The most likely cause is a faulty GPS program or other application that is using far too many resources. See Chapter 20, "Troubleshooting Video Issues and Mobile Devices," for more information. Incorrect answers: It is possible that a damaged battery or a virus could also cause the smartphone to overheat, but that is not as common. Damage to the CPU would probably render the device inoperable. Proper ventilation would be acceptable, but improper ventilation (for example, a poorly made smartphone case) would be unwanted, and could possibly lead to overheating.

Your boss has asked you to get rid of old company cell phones, tablets, batteries, CRTs, and laser printer toner cartridges. What should you do with these? (Select the best answer.) · Place them neatly in the dumpster and cover with paper. · Remove valuable internal parts for reuse. · Follow government regulations for toxic waste. · Take them home and sell them online.

Follow government regulations for toxic waste. Explanation: Always follow government regulations for toxic waste and proper disposal of batteries, toner, CRTs, cell phones, and tablets. Aside from that, you should also consider the data on these devices. Were they properly wiped? Were memory cards removed? Some companies have policies stating that cell phones and tablets need be shredded (or otherwise destroyed), after the batteries have been removed. So follow local municipal regulations, but also adhere to your company policy. See Chapter 40, "Safety Procedures and Environmental Controls," for more information. Incorrect answers: Placing them neatly in the garbage might make a dumpster diver's day, but that poses both a security concern and an environmental concern. Removing internal parts, especially from CRTs, brings up safety issues, and selling company parts online is at best unethical, and potentially illegal.

7 A co-worker tells you that his Windows computer is making noise constantly. You look at the computer and note that the hard drive activity light is frequently on. You also note that there is plenty of free space on the drive's only partition. Of the following, which best explains why the drive light is continuously active? · Too many documents on the partition · Page file issue · Drive needs a new SATA connector · Fragmented hard drive

Fragmented hard drive Explanation: If the hard drive is constantly accessed (and as a result makes a good deal of noise) and the activity light is frequently on, these are good signs that the drive is fragmented. You need to run the Windows Disk Defragmenter. This can analyze the disk and tell you if the partition is indeed fragmented, and then continue with the defragmentation if you authorize it. See Chapter 19, "Troubleshooting Hard Drives and RAID Arrays," and Chapter 27, "Microsoft Operating System Features and Tools, Part 2," for more information. Incorrect answers: The page file deals with information transferred between RAM and the hard drive. Page file issues often hang Windows; the page file usually fails altogether if there is a problem. In the scenario, you noted that there is plenty of free space on the hard drive's partition, so there can't be too many documents. However, if there was a full drive, it could become more difficult to defragment. The Windows Optimize Drives/Disk Defragmenter program requires 15 percent free space to work. If you have less than this, you must run a defrag -f in the command line. SATA connectors rarely fail, and if they do, then the hard drive would become inaccessible. In this case, if this were the only drive in the computer, the system would not boot to the operating system.

You are setting up a secure kiosk that should allow users access to one application only. Which of the following account types should you configure for this system? Power User Guest Administrator Remote Desktop User

Guest Explanation: Set up a Guest account for users that will be working at the kiosk. This way, they can easily get access to the system but will only be able to work with the single application that you allow (which can be further secured through the use of the Group Policy Editor). The Guest account is the most locked-down default account in Windows. See Chapter 28, "Windows Control Panel Utilities," for more information. Incorrect answers: The Remote Desktop User account is not necessary in this scenario; the users will be working locally at the kiosk. You definitely do not want to set up an Administrator account, because that will have full control over the computer. The Power User account is also not necessary. While the Power User account is essentially the same as the Standard User account, it is also used for backward compatibility with older applications.

You have been tasked with installing the latest Windows operating system on a customer's computer. The customer wants all of the settings and files to remain intact during and after the installation. Which of the following upgrade methods should you perform? · Network installation · Clean install · In-place upgrade · Image deployment

In-Place Upgrade Explanation: The only option of the listed answers that will retain settings and files is the in-place upgrade. This is when the OS is effectively reinstalled, but without losing user data. This is generally done as a last resort while troubleshooting a system. You might also choose to do Reset this PC in Windows 10, keeping files and settings, or Refresh this PC in Windows 8. See Chapter 24, "Operating System Installation," for more information. Incorrect answers: The other answers will normally wipe the target partition, so the files and settings would be lost. A network installation is one that is done over the network from a PXE-compliant PC. Image deployment can be done with removable media or over the network. A clean install, by definition, wipes the drive and installs a fresh version of Windows.

30 Which utility would you use to configure Windows for safe boot? · MSConfig · Windows Recovery Environment · Regedit · Advanced Boot Options menu · Task Manager

MSConfig Explanation: MSConfig (the System Configuration utility) is used to configure Windows to boot in "safe boot" mode; it is done within the Boot tab. See Chapter 26, "Microsoft Operating System Features and Tools, Part 1," for more information. Incorrect answers: The Windows Recovery Environment is used to repair problems with Windows. The same goes for the Advanced Boot Options menu; you will see Safe Mode in that menu, but that is slightly different than configuring safe boot in MSConfig. The Task Manager doesn't allow you to change the boot options, but it does show processes, performance, and other analytics of the OS. Regedit is used to make less common (and usually more difficult) configuration changes to the system.

32 You downloaded an image file because you need to install an application stored within the image. When you attempt to execute the file, an error is displayed. Which of the following should be performed? · Download a different file from the website. · Mount the file as an emulated disc. · Rename the extension of the file to a known extension. · Verify the MD5 hash of the downloaded file.

Mount the file as an emulated disc. Explanation: You should first attempt to mount the file as an emulated disc. Image files (for example, .iso files) are files that are meant to be burned to disc (or flash drive) or accessed from a mount point that will emulate the disc drive. You can mount the .iso (or .img) file simply by double-clicking the file in newer versions of Windows. Or, in the Disk Management program (in Windows), you can right-click unused space within a partition on a drive, starting the process for a new volume, or right-click an existing partition. Then click Change Drive Letter and Paths and click Add. Finally, select Mount in the following empty NTFS folder. Once the volume is mounted, you can then place the file in that location. Note: You can also use the more configurable diskpart for this process. (See this link for more information on both methods: https://docs.microsoft.com/en-us/windows-server/storage/disk-management/assign-a-mount-point-folder-path-to-a-drive.) In macOS you would double-click the file, or right-click it, and select Open With > DiskImageMounter (or similar utility). Or in the Disk Utility program, you could go to File > Open Disk Image. Many Linux distributions also have Disk Image Mounter. See Chapter 27, "Microsoft Operating System Features and Tools, Part 2," for more information. Incorrect answers: Renaming the extension will cause the image file to fail. Whatever the image file uses (.iso, .img, .dmg), you should leave it as is, unless of course the file was zipped—then you would unzip it first. The file is most likely okay, so there should be no need to download it from a different website. You should always check the MD5 hash (or other hash) of the file, which verifies data integrity, and make sure that it is correct. This could be a problem if it is incorrect. But the most likely problem is that you have not prepared the image file appropriately, meaning mounting it or burning it to disc.

You have just identified malware on a customer's computer. According to the CompTIA malware removal best practices, what should you do next? Update the antivirus software and run a full system scan. Move the infected system to a lab with no network connectivity. Educate the user about how to avoid malware in the future. Enable System Restore and create a restore point.

Move the infected system to a lab with no network connectivity. Explanation: You should disconnect the computer from the network (physically disconnect the cable and disable any wireless adapters in the Device Manager). Then, isolate the computer and quarantine it in a lab or other similar location where it can do no more harm. This is step 2 of the CompTIA recommended procedure for the removal of malware. See Chapter 37, "Troubleshooting PC and Security Issues and Malware Removal," for more information. Incorrect answers: The other answers are different steps that occur after step 2. Update the antivirus software is part of step 4. Enable System Restore is step 6. Educating the user is part of the final step, step 7. Know that seven-step process! 1. Identify and research malware symptoms. 2. Quarantine the infected systems. 3. Disable System Restore (in Windows). 4. Remediate the infected systems. a. Update the anti-malware software. b. Scan and use removal techniques (safe mode, pre-installation environment). 5. Schedule scans and run updates. 6. Enable System Restore and create a restore point (in Windows). 7. Educate the end user.

8 Of the following ways to manipulate a file, which can retain the file's NTFS permissions? · Copying the file to another FAT32 volume · Copying the file to a new location on the same volume · Moving the file to a new location on the same volume · Moving the file to another NTFS volume

Moving the file to a new location on the same volume. Explanation: Basically, the only way a file can retain its NTFS permissions is if the file is moved to a new location on the same volume. See Chapter 33, "Windows Security Settings and Best Practices," for more information. Incorrect answers: Moving the file to any other volume or copying it anywhere will create new NTFS permissions for that newly moved or copied file. These permissions are taken by default from the parent folder in a process known as inheritance.

One of the users at your company is attempting to log in to an e-mail service using a third-party e-mail client on a smartphone. When entering the username and password, the user receives an error message that states the credentials are invalid. Password resets do not fix the problem. Which of the following is the cause of the problem? Strong password requirements have not been met. The account is locked. Full device encryption is enabled. Multifactor authentication criteria have not been met.

Mulitfactor authentication criteria have not been met. One of the users at your company is attempting to log in to an e-mail service using a third-party e-mail client on a smartphone. When entering the username and password, the user receives an error message that states the credentials are invalid. Password resets do not fix the problem. Which of the following is the cause of the problem? Strong password requirements have not been met. The account is locked. Full device encryption is enabled. Multifactor authentication criteria have not been met.

You need to find out more information about which switch a Windows Server is connected to. Which of the following should you refer to? · Inventory management barcode · Network topology diagram · Knowledge Base · Incident documentation

Network Topology Diagram Explanation: Use your network documentation—for example, use a logical network topology diagram to find out how the network is logically laid out, or a physical network diagram for more specific information such as which ports computers are connected to on switches. See Chapter 39, "Documentation, Change Management, and Disaster Recovery," for more information. Incorrect answers: Knowledge bases are used to look up information about hardware and software and are usually maintained by the manufacturer or developer, whereas the network documentation will be maintained by your organization. Inventory management barcodes are scannable codes that are used to identify and track resources in an organization. In some cases, inventory management and network documentation can be linked, but it is not the best answer. Incident documentation refers to incident response and how various information, evidence, and other documentation is preserved during an incident.

It seems someone has spilled a large amount of coffee in the break room and has not cleaned it up. It is seeping into the server room next door. Which of the following statements best describes the first step you should take to remedy the problem? Fill out an accident report. Reference the MSDS. Start mopping up the mess. Notify the network administrator.

Notify the network administrator × Explanation: If anything is going to disturb the server room or other equipment rooms, notify the network administrator immediately. See Chapter 40, "Safety Procedures and Environmental Controls," for more information. Incorrect answers: It's coffee—no need to fill out an accident report. After you notify the admin, you might choose to mop up the mess; that's your prerogative, but I would hope the person who made the mess had a hand in cleaning it up. Material Safety Data Sheets (MSDSs) are available for anything that has a chemical within it. I've had some terrible coffee in my day, but nothing that required an MSDS.

You turn on a computer, and a blue screen appears with an error code. Where should you go to find out what this error code means? Installation manual OS manufacturer's website Hardware manufacturer's website Third-party website

Os Manufacturer's website Explanation: A blue screen, or BSOD, is an error screen produced by Windows, so you should access the OS manufacturer's website—in this case Microsoft. It is also known as a stop error. See Chapter 36, "Troubleshooting Microsoft Windows," for more information. Incorrect answers: Accessing third-party websites is not generally recommended and should be used only as a last resort because you never know exactly what kind of information you will get from those websites. The error code and the blue screen are not directly produced by the hardware, so you would not go to the hardware manufacturer's website. Installation manuals for operating systems usually do not go into this type of troubleshooting depth. However, manufacturers such as Microsoft have multiple websites that you can visit to figure out the problem, such as Microsoft Support and TechNet. In many cases you can even get support from them.

Your organization wants to use a cloud service that will allow developers to program entire applications within a working environment that they can modify as they see fit. Which type of technology should be used? · SaaS · Community cloud · IaaS · PaaS

Paas Explanation: You should be most interested in PaaS (platform as a service). This cloud technology provides the programmers with an entire platform, or environment, that they can use for application development and testing. See Chapter 16, "Cloud Computing and Client-side Virtualization," for more information. Incorrect answers: SaaS is software as a service. IaaS is infrastructure as a service. Community cloud is when multiple customers share a provider's cloud service.

5 Which of the following social engineering attacks relies on impersonation in an attempt to gain personal information? Hoaxes Dumpster diving Shoulder surfing Phishing

Phishing Explanation: Phishing is the attempt to fraudulently obtain private information. Usually the phisher masquerades as someone else. See Chapter 32, "Wireless Security, Malware, and Social Engineering," for more information. Incorrect answers: A hoax is an attempt at deceiving people into believing something that is false. Dumpster diving is when a person literally scavenges for private information in the garbage. Shoulder surfing is when a person uses direct observation to find out a target password and other personally identifiable information (PII).

10 How would you secure a smartphone and its data? (Select the two best answers.) · GPS tracking · Remote wipe · Bluetooth · SSID · Passcode lock

Remote Wipe & Passcode Lock Explanation: A passcode lock and remote wipe are effective ways to secure a smartphone and its data. The passcode (usually a four- to eight-digit number) stops the average person from accessing the phone unless he knows the code. Remote wipe allows the owner to remove any and all confidential data on the phone from a remote location if the phone is stolen. Both of these are good ways to secure a smartphone. You might also consider encryption and document passwords. Chapter 34, "Mobile Device Security," for more information. Incorrect answers: Service Set Identifier (SSID) names are given to wireless access points and are effectively the name of the wireless network. A GPS tracking/location service might seem like a good way to secure the phone, but it doesn't actually secure the phone or the data; it secures only the possibility of retrieving the phone if it is lost or stolen. Bluetooth is a wireless standard in which devices are used to communicate with the smartphone, such as headsets. Bluetooth is not secure out of the box, and the owner should make use of a secure pairing passcode instead of the default 0000 code.

An older Windows computer is taking a long time to boot. Which of the following should you perform to fix the problem without spending any money? (Select the two best answers.) Install more RAM. End processes in the Task Manager. Remove applications from startup. Run the Disk Cleanup utility. Install a faster HDD. Defragment the hard drive. Select 2 answers

Remove application from startup Defragment the hard drive Explanation: The best listed answers are to defragment the hard drive and remove applications from startup. If it is an older Windows system, then it potentially has a magnetic hard drive. These are prone to fragmentation over time; disk defragmenting can work wonders for bootup speed! In Windows, run the Optimize Drives utility. But also, if there are a lot of programs in startup, that can really bog the system down, especially while it is booting and loading all of those programs. Use the Task Manager > Startup tab to remove applications that are undesirable. Go to Control Panel > All Control Panel Items > Programs and Features to uninstall applications. These will be some of the cheapest solutions to the problem. See Chapter 19, "Troubleshooting Hard Drives and RAID Arrays," and Chapter 36, "Troubleshooting Microsoft Windows," for more information. Incorrect answers: Installing more RAM or another hard drive costs money and is time consuming, so they don't meet the requirements in the question. Also, in many cases, it would be better to install a solid-state drive (SSD), not a hard disk drive (HDD). Ending processes in the Task Manager helps in the short term (for that one session), but the processes will simply restart the next time the system boots. Also, that is done in the Processes tab, whereas you want to access the Startup tab. The Disk Cleanup utility will remove temporary files, and that very well may be the next step after completing the two correct answers. However, this doesn't really affect bootup time. However, if a user profile has lots and lots of temporary files, that could cause the logon to be very slow. It's a less common problem, but something to think about.

You just finished removing malware from a customer's computer located in a small office, but the Internet browser cannot access any websites. What should you do first? Remove the browser proxy settings. Install the latest service pack. Reset the router. Reboot the computer.

Remove the browser proxy settings. Explanation: You should remove any proxy settings that were placed there by the malware. This is done by malicious individuals so that the computer's browser becomes hijacked and is redirected to the website(s) of the attacker's choice. Legitimate proxy servers are used by larger companies, but usually not in small offices. So if you see a proxy setting in the browser of a small office, it is probably not justifiable. See Chapter 32, "Wireless Security, Malware, and Social Engineering," for more information. Incorrect answers: Resetting the router will not fix the problem because the issue is relegated to the local computer. Rebooting the computer will have no effect because the setting is saved in the OS. Installing the latest service pack is a good idea if the computer is not up to date, but doing so will not help in this situation because SP updates do not rewrite browser settings. Also, Windows 7 was the last operating system to use service packs. In addition, the end-of-support date for Windows 7 is in January 2020, so if you do find that OS, it most likely should be updated.

A company has Category 6 cabling lying on the floor in several locations. Which of the following statements best describes the most appropriate action to take? Secure the cables to the floor with tape. Move the computers closer to the server. Install a wireless network. Reroute the cables using a protective material.

Reroute the cables using a protective material. Explanation: Your local municipality's electrical and safety code requires that all cables be installed properly. No cables can be left hanging or lying on the floor. Rerun the cables through the walls and ceiling, or use a special conduit to run the cables in a way that is safe. This in a nutshell is known as cable management. See Chapter 40, "Safety Procedures and Environmental Controls," for more information. Incorrect answers: The rest of the answers are not good permanent solutions to the problem. Duct tape can help temporarily until you reroute the cables properly. A wireless network is not going to help when the organization needs to have wired connections such as Category 6 cables. Moving the computers is a time-consuming and unnecessary task.

3 You are working at a help desk and receive a call from a user about a Windows issue that started in the morning when the computer was first started. The user can no longer use the mouse and local printer, and rebooting the computer does not fix the problem. Which of the following would most likely fix the problem? Roll back updates. Disable Windows Update. Restore hidden updates. Check for updates.

Roll back updates Explanation: The most likely solution is to roll back updates. Things such as mice and printers—once working—should continue to work, unless they have been reconfigured, fail, or are affected by an update. Because the computer was just started up in the beginning of the day, it is unlikely that the user (or anyone else) reconfigured the devices. It is unlikely that both the mouse and the printer would fail at the same time. So, chances are that an update occurred off-hours and caused the issue. You can roll back updates (or uninstall them) in Windows by going to Programs and Features; it is best to do this in Safe Mode. See Chapter 36, "Troubleshooting Microsoft Windows," for more information. Incorrect answers: Disabling Windows Update (for example, in services.msc) will simply stop Windows Update from working from that point, but it won't roll back updates, uninstall them, or otherwise fix the problem at hand. Hidden updates are updates that a user has made unavailable and chosen not to install. They can be restored from within the Windows Update program. But again, this won't fix the problem, as they are updates that never happened. Checking for updates will simply force the computer to check for any new updates. Chances are that there won't be any (or perhaps there are other updates) because the system was just updated that morning or the previous evening. Note: Larger companies will take control of Windows Updates and make sure that they are only installed after they are tested.

11 Which of the following can allow a hidden backdoor to be used by remote workstations on the Internet? · XSS · Rootkit · Firmware · SQL injection

Rootkit Explanation: Rootkit is the best answer. Rootkits are used to gain privileged access to the computer, perhaps with a hidden backdoor. A remote access Trojan (RAT) might be used to access the backdoor, which then uses the rootkit code to gain that privileged access. See Chapter 32, "Wireless Security, Malware, and Social Engineering," for more information. Incorrect answers: XSS stands for cross-site scripting, a vulnerability in web applications. Hidden backdoors are usually found in software (operating systems or applications), not in firmware (BIOS). SQL injection is another type of attack on websites that uses code to extract confidential information from website databases.

4 Which command is the best option for verifying that the protected system files in Windows are correct? diskpart SFC bootrec /fixmbr chkdsk

SFC Explanation: System File Checker (SFC) is the best option in this scenario. It checks and, if necessary, fixes system files in Windows. See Chapter 25, "Microsoft Command Line Tools," for more information. Incorrect answers: Diskpart is the command-line partitioning tool, the counterpart of the GUI version, Disk Management. Chkdsk can help to identify issues with a hard drive and can fix some basic problems automatically, but is not the best answer for dealing with protected system files. Bootrec /fixmbr is a recovery environment tool used in Windows to rewrite a faulty Master Boot Record (MBR). You won't use this as often because most systems will be GPT-based instead of MBR-based.

2 Which of the following commands can you issue in Linux to elevate the current user's access level to administrator? (Select the two best answers.) su vi sudo passwd chmod chown

SU & Sudo Explanation: su and sudo can be used to switch accounts or temporarily elevate an account to root (administrative) status. Use these commands whenever you need to make advanced changes to the system, install applications, or update software. See Chapter 30, "Linux and macOS Tools," for more information. Incorrect answers: chmod is used to change the permissions of a file or folder. passwd is used to change the currently logged-in user password. vi is used to open the text editor. chown changes the ownership settings of files and folders.

A customer wants a laptop to enter a power saving mode that will reduce the power consumption to nearly zero but retain memory of what the user was working on. It should be able to retain this information for weeks if need be, and even if the laptop's battery discharges completely. What is the best method? · Set the computer to shut down. · Set the computer to hibernate. · Set the computer to sleep. · Set the computer to standby.

Set the computer to hibernate. Explanation: The best answer is to configure the system to hibernate. That is an extremely low power saving mode that retains the memory of what the user was working on. The difference between hibernate and other power saving modes is that hibernate saves a snapshot of the RAM to a file in the root of C:\ called hiberfil.sys. When the computer is awoken, this file repopulates the RAM with the data that was there when the computer went to sleep. This works well if the laptop will be off for a long time and the user is concerned that the battery won't last. It can also be useful for PCs that are not connected to a UPS, but it requires additional configuration to use in Windows. Here's a Microsoft web page detailing shut down, sleep, and hibernate: https://support.microsoft.com/en-us/help/13770/windows-shut-down-sleep-hibernate-your-pc See Chapter 28, "Windows Control Panel Utilities," for more information. Incorrect answers: Setting the computer to sleep uses very little power (just a tad more than hibernation), but the contents are not saved to the hard drive, so it is good for short periods of time. Most laptops are set to go to sleep if the lid is closed. In Windows, standby is the same as sleep. Shutting down the computer simply turns it off. The only way to do this is for the system to close all applications, so in this case the user would lose all current work.

You just installed a customer's new printer and tested it. Which of the following should be performed next? · Recheck all connections. · Bill the customer. · Turn the printer on and off. · Show the customer the printer's basic functionality. · Install a maintenance kit.

Show the customer the printers basic functionality Explanation: After installing something for a customer, teach the customer how to use it (at least the basics). Not only is this an example of professionalism and good customer service, but by teaching the user, you might prevent support calls in the future. See Chapter 41, "Incident Response, Communication, and Professionalism," for more information. Incorrect answers: If you tested it, then there is no reason to recheck connections or turn the printer on and off. Unless you are an independent contractor or consultant, you probably won't bill the customer yourself. Even if that is your responsibility, you shouldn't do so until you have shown the basics of the new printer to the customer. Maintenance kits are not necessary for new printers. They are required when the printer reaches approximately 200,000 pages printed.

Which type of attack is an MITM associated with? Spoofing Brute force DDoS Zero-day

Spoofing Explanation: The man-in-the-middle (MITM) attack is within the category of spoofing attacks, where a person configures a computer to impersonate another computer in the hopes of intercepting (and possibly modifying) information. See Chapter 32, "Wireless Security, Malware, and Social Engineering," for more information. Incorrect answers: A distributed denial of service (DDoS) is a concerted attack on a server or router that is initiated at a master computer and carried out by many zombie computers (bots) across a large area. Brute force is associated with password cracking. Zero-day attacks are attacks that have not been discovered or documented yet, and have no patch or fix.

Which of the following statements describes the proper lifting technique? Squat and lift from the legs as you pick up the item. Have two people bend down and pick up the item. Bend down and pick up the item. Use gloves to pick up the item.

Squat and lift from the legs as you pick up the items. Explanation: The best answer is to squat and lift with the legs, not with your back. This helps to avoid injury when lifting heavier items. See Chapter 40, "Safety Procedures and Environmental Controls," for more information. Incorrect answers: Gloves are a good idea sometimes; however, it depends on how much grip they have. Never bend down or bend over to pick up an item. That is one way to injure your back. Having a second person help with a heavy item is a good idea also, but not when that person also uses the back to lift.

Which of the following utilities enables a Windows user to edit a file offline and then automatically update the changes after returning to the office? · File History · Cortana · Sync Center · Windows Defender

Sync Center Explanation: The Sync Center is a feature of Windows that enables you to keep information synchronized between your computer and network servers. You can still access the files and modify them even if you don't have physical access to the server; in this case they are modified "offline" and are synchronized automatically when you return to the network. Some mobile devices are also compatible with Sync Center. The Sync Center can be configured within the Control Panel. See Chapter 28, "Windows Control Panel Utilities," for more information. Incorrect answers: Cortana is Microsoft Windows personal assistant. Windows Defender is the free Microsoft anti-malware program. File History is a utility that copies and backs up files in Windows.

A customer has a computer running Windows. The Windows Defender Firewall appears to be causing communications to fail within a certain gaming application even though you set up an exception for the program. You stop the Windows Defender Firewall, but when the computer reboots, the service starts up again. Which of the following tools should be used to disable the Windows Defender Firewall service? · Task Scheduler · Local Security Policy · System Properties · System Configuration

System Configuration Explanation: Use the System Configuration tool (msconfig.exe) to disable the service. Do this in the Services tab. Of course, you can also disable services in the Services console window (services.msc). If you need to stop and disable a service, the Services console window is your best bet. That is because MSConfig can disable the service but not stop it (plus a restart is required for most MSConfig actions). And the Task Manager can stop it but not disable it. See Chapter 26, "Microsoft Operating System Features and Tools, Part 1," for more information. Incorrect answers: The Task Scheduler is used to set a time when particular applications and processes will run, but not to disable them (though you can disable tasks here if necessary). System Properties is the dialog box where you can change the name of the computer, configure System Restore, and set up Remote Desktop. Local Security Policy is where password and auditing policies can be configured.

You reboot a customer's computer and see a pop-up message that says One or More Services Failed to Start. Which of the following can give you more information? Security log Application event logs System event logs Task Manager

System event log. Explanation: If you get a message such as this, then you should follow up by looking for more information within the System log in the Event Viewer. See Chapter 26, "Microsoft Operating System Features and Tools, Part 1;" for more information. Incorrect answers: The Application log contains information, warnings, and errors pertaining to programs built into the OS as well as third-party applications. The Security log shows information regarding file access, permissions, logins, and so forth. The Task Manager gives you performance information about the computer and shows what processes and applications are running.

Which of the following is used by BitLocker to provide an encryption key and to protect data? (Select the best answer.) CMOS TPM IRQ EFS

TPM Explanation: A Trusted Platform Module (TPM) is used by BitLocker to provide an encryption key and to protect data. This module is normally located on the motherboard in the form of a chip. You can also use a USB drive to store the encryption key if the computer does not have a TPM chip. Chapter 33, "Windows Security Settings and Best Practices," for more information. Incorrect answers: CMOS stands for complementary metal-oxide semiconductor, the chip that retains the time and date, and other settings for the BIOS. An IRQ is an Interrupt ReQuest, the number that identifies a device to the CPU—it is unlikely that you will have to reconfigure an IRQ these days, but it is still a good idea to know what it is, just in case you have to modify it or an I/O address range (for instance, when configuring an older serial COM port). EFS stands for Encrypting File System, Windows' built-in technique for encrypting individual files.

A technician is working on a laptop running Windows that has become slower over time. The tech analyzes the CPU utilization and notices that it is hovering between 90 and 100 percent usage. When the technician closes some running applications, the CPU drops down to normal and the laptop runs faster until it is restarted, at which point the problem happens again. Which utility can the technician use to fix the problem? Task Manager msconfig mstsc Performance Monitor

Task Manager Explanation: The technician should use the Task Manager to fix the problem. The offending applications can be disabled from the Startup tab. In fact, it appears that the technician was already using the Task Manager. CPU utilization can be viewed in the Performance tab (among other places), and closing running applications is done in the Processes tab. However, when applications are closed from the Processes tab, it is only done temporarily; they restart when the computer restarts. The Startup tab is where a person would go to disable them so that they don't start back up again when the computer restarts. Offending programs could also be uninstalled from Control Panel > All Control Panel Items > Programs and Features, if absolutely necessary. See Chapter 26, "Microsoft Operating System Features and Tools, Part 1," for more information. Incorrect answers: The Performance Monitor is used to analyze the resources of the computer. It can be used to monitor CPU utilization, as mentioned in the question, but it can't be used to disable programs. Msconfig is used to modify how the system boot and services can be disabled from there, but not applications. Mstsc is the executable for the Remote Desktop Connection program.

31 A Windows application is not responding properly and it is causing the rest of the system to behave erratically. Which of the following commands should you issue in the Command Prompt first? · shutdown · taskkill · ifconfig · SFC · DISM

Taskkill Explanation: Use the taskkill command in the Command Prompt of Windows (in elevated mode, of course). By using the taskkill command, you can end the application or underlying process of the application that is misbehaving. You can also do this in the Task Manager, but sometimes the Command Prompt is more accessible than a GUI-based program, especially when Windows applications are behaving erratically. See Chapter 25, "Microsoft Command Line Tools," for more information. Incorrect answers: If taskkill doesn't work, then the shutdown command would be the next logical step (or simply shut down the computer from the GUI). If you can't access the Command Prompt, PowerShell, or Task Manager, and Ctrl+Alt+Del doesn't function, then you might have to press and hold the power button or disconnect the power cable, reboot the computer, and troubleshoot in Windows RE or Safe Mode. The System File Checker (SFC) utility is used to repair system files. DISM is used to repair and configure Windows images. Ifconfig displays the IP configuration of a Linux or macOS system; it is not used in Windows.

You see an exclamation point next to a device in the Device Manager. What does this indicate? The device driver is missing. The device driver is corrupt. The device driver is outdated. The device is disabled.

The device driver is missing. Explanation: An exclamation point in the Device Manager indicates that the device driver is missing. You should download the latest driver from the manufacturer's website. See Chapter 26, "Microsoft Operating System Features and Tools, Part 1," for more information. Incorrect answers: If the device were disabled, it would have a down arrow. That might also be the case if the driver file were corrupt, or the device would simply show up in the "Other devices" category in the Device Manager and not function at all. The Other devices category is also where the device would be listed if the driver was missing altogether. An outdated driver doesn't necessarily initiate an error or marking of any kind; however, drivers should be checked and updated periodically (if it is not done automatically).

At one of your customer's locations, two users share the same Windows computer. The first user creates a document intended to be used by both users and then logs off the computer. The second user logs on and types the name of the document in the Start menu, but the document cannot be found. Which of the following statements describes the problem? · The document is set to hidden. · The document is locked. · The document is owned by the first user. · The document is encrypted.

The document is owned by the first user. Explanation: The problem in this scenario is that the document is owned by the first user. By default, files created under one user account cannot be seen by another user account. For the second user to see the file, the user needs to become an owner or needs to be given permissions to the file. See Chapter 33, "Windows Security Settings and Best Practices," for more information. Incorrect answers: In this scenario, the first user never locked, hid, or encrypted the document in any way; this type of "document ownership" is simply a default security precaution that is built into Windows.

You install a new computer with a new version of Windows for a customer. They already have three older computers on the network with previous versions of Windows. The new Windows computer can ping the older Windows computers, but the older Windows computers cannot ping the new Windows computer. What is the reason for this? Windows updates need to be installed. The network cable is unplugged. The operating systems are not compatible. The firewall is on.

The firewall is on: Explanation: The new Windows computer probably has the firewall on; this is the default setting. This allows the Windows computer to contact other systems but stops other computers from making inbound connections to it. See Chapter 36, "Troubleshooting Microsoft Windows," for more information. Incorrect answers: If the network cable were unplugged, neither the new Windows system nor the older Windows systems could connect to each other. The operating systems can coexist on the network, but remember to update all systems for best compatibility.

You previously installed a biometric device using the supplied manufacturer driver. You confirmed that the device works properly. Afterward you update the laptop's Windows and AV updates. Which of the following statements best explains why the biometric device has stopped functioning? A virus that specifically targets retinal-scanning software infected the laptop because the user was late applying new definitions. The recently installed Windows updates overwrote the manufacturer driver. The recently updated AV software is interfering with the proper operation of the biometric device. The biometric device needs to be recalibrated.

The recently installed windows updates overwrote the manufacturer drive. Explanation: Most likely, the Windows update included its own driver for the biometric device, which could—for a variety of reasons—cause it to stop functioning. When it comes to these types of peripherals, the manufacturer's driver is the best bet and, unfortunately, you would have to reinstall that driver on the laptop. See Chapter 27, "Microsoft Operating System Features and Tools, Part 2", for more information. Incorrect answers: A virus could affect a biometric device, but it is unlikely that your laptop will have a retinal-scanning biometric device. It is more likely that it will be a fingerprint-scanning device. AV software updates should not interfere with the biometric device. If the device was not reading a fingerprint properly, then it might need to be recalibrated. But recalibration probably won't help if the device has stopped functioning altogether.

Of the following, which represent definitive security vulnerabilities to mobile devices used in a BYOD environment? (Select the two best answers.) Unauthorized downloads Theft Improper file permissions Viruses Phishing

Theft & Viruses Explanation: Viruses and theft are security vulnerabilities to mobile devices. AV software should be installed to the mobile device, and the device should be equipped with a remote wipe program, a passcode, GPS, and encryption if at all possible. See Chapter 34, "Mobile Device Security," for more information. Incorrect answers: Improper file permissions can pose a risk on computers, but more so on desktop-based operating systems such as Windows. By default, mobile devices run in a sort of protected mode. In order to gain full administrative access, the device has to be rooted or jailbroken. Phishing is accomplished usually by exploiting the user, not the computer or mobile device. Of course, users in a BYOD environment should be schooled as to the use of e-mail vetting, text scanning, not opening attachments, and so on. That applies to unauthorized downloads as well. A third-party program might initiate an unwanted download, or the user might stumble upon one in a web browser. User training becomes one of the most important parts of any security plan. But mobile devices in a BYOD environment should be secured by way of a mobile device management (MDM) solution that prevents the download of unauthorized applications.

Which of the following can keep a server running during a brownout? UPS Rack grounding Line conditioner Surge suppressor

UPS Explanation: An uninterruptible power supply (UPS) is the only answer listed that can protect the server in the case of a brownout. It has a battery backup which will keep the server running temporarily; typically 5 to 60 minutes depending on the UPS and the electrical load. The UPS can be configured to gracefully shut down the server toward the end of that time, avoiding damage due to power failures. A brownout is a power reduction that will cause computers to restart or shut down, potentially damaging the systems. While UPSes can protect against brownouts and blackouts, the protection is limited. If there are extended power outages, an organization would need some type of generator to keep the systems running. See Chapter 39, "Documentation, Change Management, and Disaster Recovery," for more information. Incorrect answers: A surge suppressor can protect against surges in voltages but not power reductions such as brownouts or blackouts. A line conditioner/power conditioner will regulate the voltage coming into a device and often is used to protect audio and video equipment; some UPSes are equipped with line-conditioning functionality. Rack grounding is used to provide a path for electricity away from the servers and networking equipment in the case that there is a surge, a live wire, lightning strike, or other unexpected electrical issue that comes in contact with the rack.

Which of the following installation types requires the use of an answer file? Upgrade Repair Unattended Clean

Unattended Explanation: An unattended installation is one that makes use of an answer file that you have created previously (for example, unattend.xml). That file answers all the questions that would normally be asked of you during a typical installation. Often, this method is used in conjunction with a remote installation from a server. See Chapter 24, "Operating System Installation," for more information. Incorrect answers: A clean install is a typical installation where the user is required to sit at the computer locally and answer the OS install questions step by step. Upgrades and repair installations also require the user to be available to answer questions posed by the setup program.

You have been dispatched to a customer site and discover that two users who have the same model smartphone are receiving error messages when launching a third-party application. What should you try first to resolve the problem? Reinstall the application Update the operating system of the smartphones Roll back the application Clear the application cache

Update the operating system of the smartphones Explanation: If two different users are receiving the same error message, the first thing you should try is to update the OS of the smartphones. Because the smartphones are the same model, chances are that they are running an older version of the OS that doesn't support the app properly. Maybe the app worked before, and perhaps the app has recently auto-updated and the current OS version won't support it anymore. Going beyond this, some additional investigation is required. You should first find out if the app is allowed by your organization. Then, locate the requirements for the app before performing any action. See Chapter 38, "Troubleshooting Mobile Operating Systems," for more information. Incorrect answers: If it was only one user having difficulty, you might opt to reinstall the application first. But in this case there are two users with the same model smartphone. Rolling back the application might be next on your list (if that is even possible); it could be that a newer version of the app is causing the problem. Clearing the application cache would be last (of the listed answers), because it is not needed as often, and is more time consuming. Also, it is designed for issues with apps that have worked before.

Your boss asks you to install a new wireless network. Which of the following should be implemented on the wireless network to help prevent unauthorized access? (Select the two best answers.) · Install a signal booster. · Use MAC filtering. · Broadcast the SSID. · Install additional wireless access points. · Use WPA2.

Use Mac Filtering Use WPA2 Explanation: By using WPA2 (the strongest type of encryption on most wireless access points), you ensure a high level of encryption, helping to reduce unauthorized access. Using MAC filtering filters out unwanted computers by checking their MAC addresses when the computers first try to connect. See Chapter 32, "Wireless Security, Malware, and Social Engineering," for more information. Incorrect answers: Additional wireless access points and signal boosters would increase the chances of unauthorized access. Broadcasting the SSID also increases the chance of unauthorized access because any wireless device will see the name of your network. When all wireless devices have made their initial connections to the wireless access point, consider disabling the SSID broadcast.

Which of the following is a potential risk associated with WEP when that protocol is used to secure a WLAN? · Weak encryption · SSID broadcast · Zero protection against war driving attacks · Data emanation

Weak Encryption Explanation: WEP is a deprecated standard. It has a weak encryption key and is vulnerable to the initialization vector (IV) attack, among other things. Instead it is recommended that WPA or WPA2 be used to protect wireless networks. See Chapter 32, "Wireless Security, Malware, and Social Engineering," for more information. Incorrect answers: The SSID broadcast functions regardless of the type of encryption protocol used on the wireless network; however, disabling the SSID broadcast is important after all clients have been connected to the wireless access point. Data emanation (also known as signal emanation) is an electromagnetic field generated by devices and cables. If nothing else is available, you should use WEP. This at least offers some level of protection against war driving attacks; it is better than using no encryption whatsoever.

29 Which of the following operating systems are you using if you are working in Computer Management? · Windows · Linux · Android · macOS

Windows Explanation: The Computer Management utility is a Windows program. It combines a variety of console windows, including the Task Scheduler, Event Viewer, Device Manager, Disk Management, and Services. It can be accessed from Administrative Tools or by going to Run and typing compmgmt.msc. See Chapter 23, "Operating System Types and Windows Versions," for more information. Incorrect answers: The rest of the answers do not have a "Computer Management" tool—it is a tool in Windows only. macOS is used on Mac desktops and laptops. Linux is used on many types of systems, including PCs—for example, Ubuntu Linux or Linux Mint. Android is used mainly by smartphones and tablets.

Which of the following editions of Windows 10 can join a domain, run AppLocker, and run Credential Guard? (Select the two best answers.) Windows 10 Education Windows 10 Enterprise Windows 10 Home Windows 10 Pro

Windows 10 Education Windows 10 Enterprise Explanation: Of the listed answers, only Windows 10 Education and Enterprise can join a domain and run AppLocker and Credential Guard. See Chapter 23, "Operating System Types and Windows Versions," for more information. Incorrect answers: Windows 10 Home cannot do any of those things. Windows 10 Pro can join a domain but cannot run those applications.

Which of the following security threats can be updated remotely from a command center? Virus Spam Worm Zombie

Zombie Explanation: A zombie is an individual compromised computer connected to the Internet. The owner is unaware that the computer has been installed with malware. The zombie can be updated and controlled remotely from a master computer at a control center. This master computer controls the entire botnet or group of compromised computers. See Chapter 32, "Wireless Security, Malware, and Social Engineering," for more information. Incorrect answers: A virus is code that runs on a computer without the user's knowledge, infecting files. A worm is similar to a virus and has the capability to self-replicate to other systems. Spam is unwanted, or unsolicited, e-mail.

You are tasked with reapplying a policy to a Windows computer. Which command should you use? gpupdate net use gpresult diskpart

gpupdate Explanation: Gpupdate is a command you can run to reapply all policy settings and any changes will be applied without having to log off and back on. See Chapter 25, "Microsoft Command Line Tools," for more information. Incorrect answers: The diskpart utility is used to configure hard drive partitions and volumes. Gpresult displays the policy information for a remote computer and user. Net use is the command for mapping network drives.

A systems administrator is working on a Windows domain controller and needs to set up mapped network drives for users. Which of the following will allow the admin to perform this task? (Select the two best answers.) Logon script Profile path Account > Log On To Home folder

logon script home folder Explanation: In the scenario, the administrator is working on a Windows domain controller, which has Active Directory installed. To configure user accounts, go to Active Directory Users and Computers > Users. From there (or from an OU), work on individual user accounts by right-clicking them and selecting Properties. Then, go to the Profile tab to configure either a Home folder or a logon script (or both). In the Home folder section, a mapped network drive can be set up for the user by clicking the Connect radio button, selecting a drive letter (for example Z:), and typing the path to the share. If a logon script is used, a script would have to be created using either the net use command or a similar PowerShell scripting technique, then saved, and pointed to in the Logon script form field. See Chapter 31, "Physical and Logical Security," for more information Note: If you haven't worked with Windows Server, consider downloading a free evaluation copy from Microsoft's website, and get to know it! Incorrect answers: Profile path is also in the Profile tab of the user account properties. That sets the path to a user's roaming profile—one that follows the user from computer to computer on the domain. The Account tab has several options, one of which is the Log On To feature, which is where a user can be restricted to particular systems on the domain.

Which command will ping continuously? ping /? ping -l ping -n ping -t

ping -t Explanation: Ping -t is a continuous ping. It can be stopped by pressing Ctrl+C. See Chapter 25, "Microsoft Command Line Tools," for more information. Incorrect answers: Ping /? will display the help file. Ping -l allows you to specify the number of bytes per ping. Ping -n specifies the exact number of pings to send.

Your boss asks you to find a list of routers along a given path through multiple networks. What command can help you? tracert nslookup ipconfig ping

tracert Explanation: The tracert program displays a list of routers along a path that starts at the local computer and ends at the requested destination. For example, tracert dprocomputer.com would show all network routers between the computer initiating the trace and the final destination: the web server that hosts the dprocomputer.com website. (Note: Linux and macOS use the traceroute command which works in the same manner.) See Chapter 25, "Microsoft Command Line Tools," for more information. Incorrect answers: Ping tells you if another computer on the network is accessible. Ipconfig shows the TCP/IP configuration for your computer's network adapters. Nslookup gives information about a name server and can resolve domain names to IP address.