A+ Core 2 Quiz Questions
A user at a large organization notices that their computer is extremely sluggish. This happened shortly after the user clicked on a link in an email that seemed suspicious. Where should the user most likely report this to? A. CSIRT B. EULA C. Forensics team D. Help desk
A. CSIRT (Computer security incidence response team)
A user wants to use the netstat command but is unfamiliar with the different parameters. What can they use to learn more? (Select all that apply.) A. help netstat B. netstat help C. netstat | D. netstat /?
B. netstat help D. netstat /?
A Windows administrator is combing through server logs and sees that a wscript.exe executed a script. What type of script is executed by default? A. .BAT B. .PS1 C. .VBS D. .SH
C. .VBS
A user is frustrated that an app crashes after receiving a recent update. What is the first step the user should try? A. Clear app cache. B. Reboot. C. Force stop and relaunch. D. Check for pending updates.
C. Force stop and relaunch.
A server administrator wants to create several virtual machines with a consistent set of software and configuration options. What should the administrator use for installation? A.DirectAccess B.BitLocker C.Images D.POSIX
C. Images
A user calls tech support about a hardware malfunction. The tech support representative is not able to resolve the issue. What option does the representative choose next? A. VNF B. API calls C. MANO D. Replacement
D. Replacement
A Firefox user wants to open up their browser settings to configure their intranet as the home page. How can the Firefox user access the settings? A. chrome://settings B. edge://settings C. firefox://settings D. about:preferences
D. about:preferences
A server administrator performs a statistical analysis on server operations to provide optimized resources. For example, the administrator wants to see resource performance graphs and key statistics, such as threads started by a process or hard page faults/second. What is the best tool to use? A.taskmgr.exe B.services.msc C.msconfig.exe D.resmon.exe
D. resmon.exe Resource Monitor (resmon.exe) shows an enhanced version of the type of snapshot monitoring provided by the Task Manager.
A user's phone is randomly rebooting all the time. What should the user do first to diagnose the issue? A. Battery diagnostics B. Inadequate resources C. Autorotate settings D. Ensure the device is connected to Wi-Fi.
A. Battery diagnostics
A security analyst sets up a new mobile device management policy and is looking into remote wiping, device wiping, and enterprise wiping. Which of the following will the enterprise wipe erase? (Select all that apply.) A. Corporate container B. Personal apps C. Business accounts D. Settings
A. Corporate Container C. Business Accounts
A security architect sets up a policy for the secure destruction of optical media. Which of the following is NOT an effective method? A. Degaussing B. Shredding C. Incinerating D. Smashing
A. Degaussing this works with hard disks but it does not work with SSDs or optical media
A security analyst baselines web activity and notices several caveats with browsers. For example, they notice that when a user types in a query, a query is actually made after every typed key. The analyst is trying to group browser activity together. Which browser is based on the same code as Chrome? A. Edge B. Internet Explorer C. Safari D. FireFox
A. Edge
A security analyst receives a notification of possible malware based on common indicators. They run several different antivirus software against the disk, and the scans indicate no malware. What is the analyst's computer likely infected with? A. Fileless malware B. Worm C. Boot sector virus D. Viruses
A. Fileless malware
A new helpdesk operator wants to be more efficient. They want to find where other helpdesk operators have already resolved issues. Where should the new operator look? A. KB B. API calls C. VPN D. Application service
A. KB a knowledge base (KB) will have articles for FAQs and other common troubleshooting scenarios
A security manager sets up monitoring mechanisms to detect a rooted or jailbroken device. What type of security mechanism should the manager implement? A. MDM B. AV C. Firewall D. No-root firewall
A. MDM (mobile device management)
A company's threat intelligence team determines that one of a threat actor's techniques is to perform a denial of service against the Remote Desktop Protocol (RDP) functionality in servers. What can the company enable to help prevent this? A. NLA B. RDPRA C. Remote credential guard D. VNC
A. NLA Network Level Authentication
A developer is reading their email and comes across a new memorandum from the security department about a clean desk policy. Why does security need to publish this? A. Personal identifiable information (PII) protection B. Secure critical hardware C. Prevent lunchtime attack D. Protect UEFI
A. Personal identifiable information (PII) protection
A phone operator at a helpdesk is working with several frustrated customers and is put in various difficult positions. Which of the following is NOT part of handling difficult situations properly? A. Post on social media. B. Have a positive attitude. C. Stay calm. D. Actively listen.
A. Post on social media
A data center technician receives the latest shipment, but it includes some hazardous materials. What should the technician check first? A. SDS B. MPLS C. Lifting technique D. RMA
A. SDS safety data sheet
A user is setting up their company phone and wants the login to be secure. Which of the following authentications is the least secure? A. Screen swipe B. PIN C. Fingerprint D. Facial recognition
A. Screen swipe
A manager for a server team is creating a backup strategy for full backups but with lower data transfer requirements. Which technique should the manager use? A. Synthetic B. Full only C. Full with incremental D. Full with differential
A. Synthetic
A helpdesk operator normally works with Windows computers in the environment, but the company starts rolling out test Mac computers. The operator needs to connect to a user's Mac. What should the operator use? A. VNC B. RDP C. mstsc D. COBO
A. VNC macOS uses screensharing which is based on the Virtual Network Computing (VNC) protocol
A penetration tester wants to perform drive mapping on an engagement but suspects that the security is monitoring PowerShell commands. What could the tester use to map a network drive while remaining unnoticed? A. net use B. New-PSDrive C. mount D. echo "New-PSDrive"
A. net use
A Linux server administrator wants to elevate their privileges. Which of the following commands will elevate their account? (Select all that apply.) A. su B. passwd C. sudo D. chown
A. su C. sudo
A user calls into the helpdesk after receiving a recent update to their computer and now certain functions are no longer working properly. The helpdesk technician asks for their FQDN. What would be an example of the FQDN? A. userhost.comptia.com B. userhost C. comptia.com D. 192.168.14.25
A. userhost.comptia.com
A server administrator wants to connect to a user's computer. They are trying to get their patching numbers up and discover that users must pull the updates, so the administrator wants to push a script that forces the pull. The administrator wants to copy the file to users' automatically hidden shares. Which of the following could the administrator use? (Select all that apply.) A. C:\Windows$ B. C$ C. C:\Users$ D. ADMIN$
B. C$ D. ADMIN$
A security manager sets up a defense in depth mechanism and sets up monitoring to catch communications from the attacker to the malware. What is the manager monitoring for? A. Spyware B. C2 C. Keylogger D. Rootkit
B. C2
A company sets up a mobile device management policy. The company has concerns about the controllability of the devices due to liability, so they are going to purchase the devices for employees to use for business. What is this policy considered? A. BYOD B. COBO C. COPE D. CYOD
B. COBO (corporate owned, business only)
A server administrator notices that a few servers in their screened subnet (demilitarized zone) went from around 5% central processing unit (CPU) utilization to 95%. They also notice the machines lack many patches. If malware infects the servers, what is the likely cause of the high CPU utilization? A. Crypto-ransomware B. Cryptomining software C. Rogue antivirus D. RAT
B. Cryptomining software
A security manager proactively looks for solutions to prevent illegitimate apps from running on corporate iOS devices and stealing credentials. What is the security manager concerned about? A. App Store B. Developer tools C. OS compatibility D. Overheating
B. Developer tools
A user accidentally deleted the presentation they were working on for an important upcoming meeting. Where should the user go for help? A. Backup and Restore Center B. File History C. MSRA D. NLA
B. File History
A support technician receives a call from a single user, but the issue happened during a big change. The support team is worried some users might not be calling in, or that the problem may occur again. What should the support team do? A. Replacement B. Follow up C. RMA D. Change request
B. Follow up
A client administrator was recently promoted to manager and is now looking at various aspects of the team which were not visited in a while. What is NOT part of regulations that typically affect PC maintenance or installation? A. OSHA B. HBA C. Building codes D. Environmental regulations
B. HBA
A user is experiencing issues on their iPhone. The user should troubleshoot what first? A. Hold the power button. B. Hold the Side/Top buttons. C. Perform a Settings/General/Factory reset. D. Perform a System/Advanced/Factory reset.
B. Hold the Side/Top buttons.
A security manager is setting up a password policy for users. Which of the following is the best security practice when it comes to passwords? A. Password expiration B. Length C. Character mix D. Memorable
B. Length
A data center operator receives a new chassis of blade servers to install and configure. Which of the following safety concerns should the operator take? A. Spine and leaf B. Lifting technique C. Grounding D. Zero trust
B. Lifting technique
A transportation company outfits its mobile units with devices that will enable them to analyze routes, patterns, and create efficiencies. The devices will connect to their cloud servers through a 4G WWAN. What will the company need to ensure the devices have? A. VPN B. SIM C .NLA D. Link-layer Topology Discovery
B. SIM
A security manager wants to create a step-by-step list of the completed actions for any given task to comply with policy. What is the manager creating? A. Scalability B. SOP C. Elasticity D. Confidentiality
B. SOP
A Linux administrator is looking at the bash history and sees the command chmod u+x file.sh. What was trying to be done with this command? A. Execute a script. B. Set permissions. C. Designate which interpreter to use. D. Create a script.
B. Set permissions.
A network administrator is setting up administrative access to network devices. What common solution is used for this? A. Kerberos B. TACACS+ C. RADIUS D. EAP
B. TACACS+ typically used for device administration rather than user access to the network
A network administrator wants to deploy firmware updates to their managed devices. Which of the following tools should the administrator set up for use? A. EDR B. WOL C. RMM D. MDM
B. WOL (wake on LAN)
A security analyst analyzes how most attackers perform exploits against iOS operating systems. Which of the following is most applicable? A. Sideloaded apps B. While tethered C. Root access D. Clear app cache
B. While tethered
A project manager implements a new ticketing system that allows the helpdesk to record knowledge, streamline efficiencies, and automate solutions. Which of the following is the least of concerns for application support? A.Licensing B.Distribution method C.Support D.Training
B.Distribution method
A developer wants to create functionality for a web browser by making API calls on the back end. What should the developer build? A.Plug-ins B.Extension C.Apps D.Themes
B.Extension
A security administrator is concerned about the introduction of new software to the environment. What security considerations should be made when allowing new software in the environment? (Select all that apply.) A.Memory consumption B.Trusted sources C.Digital signature D.Network bandwidth consumption
B.Trusted sources C.Digital signature
A server administrator sets up static network configurations for servers since they do not want the IP address to change. The administrator sets up the IP address on a 24-bit subnet. What should the administrator set the subnet mask to? A. 255.255.0.0 B. 255.0.0.0 C. 255.255.255.0 D. 0.0.0.0
C. 255.255.255.0
A server administrator helps the human resources department whitelist an external website for their new training platform. What will the administrator need to do to ensure the web page shows up as secure? A. Adjust the firewall. B. Configure browser sign-in. C. Add trusted certificates. D. Whitelist in the web application firewall.
C. Add trusted certificates
A Windows administrator wants to become more familiar with Linux but still wants to use Windows primarily. The administrator installs the bash subsystem for Windows and is reading about how Windows has made strides to become more compatible with Linux. Which of the following was part of the changes to the underlying New Technology File System (NTFS) structure? A .Journaling B. Snapshots C. Case-sensitive naming D. Indexing
C. Case-sensitive naming Microsoft engineered the New Technology File System (NTFS) to support case-sensitive naming, hard links, and other key features
A server administrator identifies a fault that needs to be fixed and wants to take steps towards fixing it. What is the first step the administrator should take? A. Automation B. API calls C. Change request D. Orchestration
C. Change Request
A server technician has a problem with servers overheating, but the HVAC system appears to run fine. What should the technician utilize? A. Lifting technique B. Grounding C. Compressed air D. mGRE
C. Compressed air
A security manager is looking at mobile security for company devices. They are investigating no-root firewalls and understanding how this works. Which of the following best describes no-root firewalls? A. Control access locally. B. Block phishing sites. C. Control access through a VPN. D. Block adware.
C. Control access through a VPN
A CIO is trying to get the different directors and managers to conduct a true asset inventory of systems. Which of the following will NOT help in this endeavor? A. Database systems B. Tags C. DaaS D. Topology diagram
C. DaaS
A server administrator downloads a particular software that helps them troubleshoot issues on devices. However, the software is free for personal use and not for commercial use. What did the administrator violate? A. PCI DSS B. DRM C. EULA D. Product key
C. EULA (end user license agreement)
A manager is responsible for client laptops, and is concerned about exposing data on the disks to a different OS and the permissions becoming overridden. What will help prevent this possible attack? A. Windows Defender Firewall B. Windows Defender Antivirus C. Encrypting File System D. Execution control
C. Encrypting File System
A user is reviewing a script and comes across the code in one of the lines #until ping -c1 "$1" &>/dev/null. What is the line doing? A. Set a variable. B. Set a loop. C. Exclude from executing. D. Prevent from writing to the terminal.
C. Exclude from executing
A server administrator is setting up a backup program for the servers to ensure recovery. Which of the following are the two main principles of backing up? (Select all that apply.) A. Confidentiality B. Integrity C. Frequency D. Retention
C. Frequency D. Retention
An IT professional wants to ensure that they are as professional as possible. Which of the following is NOT a core part of being professional? A. Attire B. Language C. Initiator D. Cultural sensitivity
C. Initiator
A security analyst working on a monitoring team wants to implement new monitoring mechanisms around Secure Shell (SSH) authentication. Which of the following should the analyst focus on? A. Monitor netflows for port 443 traffic. B. Monitor netflows for port 3389 traffic. C. Monitor for compromised keys. D. Monitor the screen sharing service.
C. Monitor for compromised keys.
A user connects their laptop to the company's wireless access point, but the internet is very slow. A connection to the Wi-Fi with their corporate mobile device is even slower. What should the user try? A. Check for airplane mode. B. Check individual radio functions. C. Move closer to the AP. D. Reboot the device.
C. Move closer to the AP.
A security manager puts together a security awareness campaign for mobile devices. Which of the following is least likely to be a symptom of malware? A. High number of ads B. Sluggish response time C. Unexpected Reboots D. Limited/no internet connectivity
C. Unexpected reboots
A security manager wants to set up a program where they can proactively mitigate malware infection as much as possible. Which of the following is least helpful in this endeavor? A.User training B.Scheduled scans C.Update trusted root certificates D.On-access scanning
C. Update trusted root certificates
An administrator wants to test their backups to ensure that in the event of a real emergency there will not be any unforeseen problems. Which of the following is NOT a common validation? A. Restore data to a test directory. B. Check job hashes. C. Wipe all backups. D. Run chkdsk.
C. Wipe all backups
The lead for a company's vulnerability management program is looking at the mobile aspect of the company's program. They started with end of life devices, then addressed patching statuses, and are now looking at hardening. Which of the following has the widest variety of change and will prove the most difficult? A. iOS B. iPadOS C. Windows D. Android
D. Android Android software code is made publicly available. This means there is more scope for hardware vendors, to produce specific versions for their smartphones and tablets models.
A curious IT professional investigates the hidden System Reserved partition. What will the professional find contained in the partition? A. RMM B. MSDS C. NLA D. BCD
D. BCD The BOOTMGR and the boot configuration data (BCD) file are normally installed to a hidden System Reserved partition.
A security engineer wants to learn how to code in Python but is running a Windows box. Which of the following is the easiest interpreter to set up for Windows? A. Pypy B. Wscript C. Cscript D. CPython
D. CPython
A server administrator wants to secure a whole row of servers. What would be the best way to secure access to the servers? A. Kensington locks B. Chassis locks C. Fingerprint readers D. Cabinet locks
D. Cabinet Locks
A helpdesk manager wants to assign tickets to the relevant support section or technician for reporting and analysis. What should the manager create? A. SOP B. Community C. Policy D. Categories
D. Categories
An administrator is configuring a user's computer and is currently utilizing the User Accounts applet in the Control Panel. What is the administrator doing? A. Adding a new account B. Adjusting privacy settings C. Checking printer access D. Changing UAC settings
D. Changing UAC settings
A helpdesk operator schedules a follow-up call with a user, but the ticket queue gets swamped. What should the operator do? A. Avoid distractions. B. Demonstrate respect for the customer's property. C. Send a replacement. D. Communicate with end-user.
D. Communicate with end-user
A mobile device manager is looking at data encryption and the "Data Protection" setting. Which of the following does this protect? A. Contacts B. SMS message C. Pictures D. Email data
D. Email data
An electrical engineer is setting up a secondary power supply to a data center. They want to ensure that if there is a problem with the electrical supply, power is broken in the circuit. What should the engineer use? A. API B. MANO C. SDN D. Fuse
D. Fuse
A user visits a news site that they go to frequently, and the news articles are not updated but are the same as the day before. The user also hears complaints about people not having internet, which is odd since they are on their normal news site. What is most likely going on? A. User is in private mode. B. There are pop-up blockers. C. User is on a different switch. D. Page is cached.
D. Page is cached
A soldier at a government facility accidentally typed up a report on the wrong system and needs to ensure that the file is not recoverable. What should be done? A. Delete the file. B. Format the file system. C. Delete the file and empty the garbage bin. D. Perform a secure erase.
D. Perform a secure erase
A helpdesk operator is reviewing a notification that a user clicked links in a very suspicious email. What is the second step the operator should take? A. Disable System Restore. B. Look for missing or renamed files. C. Look for services masquerading as legitimate services. D. Quarantine.
D. Quarantine
A user experiences issues with their computer and has asked someone to remote desktop onto their computer to help resolve the issue. Unfortunately, the firewall only allows port 443 traffic. What should they use for assistance? A. MSRA B. mstsc C. RDPRA D. Quick Assist
D. Quick Assist
A network administrator wants to enable authentication for wireless access points against an Active Directory database. Which of the following will the administrator need to use? A. LDAP B. TACACS+ C. OU D. RADIUS
D. RADIUS widely used for wireless access point authentication
After reading many positive reviews, a user downloads an app that they later found out was malicious to their corporate device. Which of the following was the most likely cause for the user to download the malicious program? A. Sideloading B. Root access C. Missing or renamed files D. Spoofed app
D. Spoofed app
A Linux administrator needs to run automation scripts and looks for a shell on their server. Which of the following should they NOT look for? A. Bash B. Zsh C. Ksh D. TTY
D. TTY the terminal and shell are connected by a teletype (TTY) device that handles text input and output in separate streams
A user is looking at their file system on the Mac and sees a .app file. What is this indicative of? A. The package contents were copied. B. The app setup needs to perform additional actions. C. The application is being sideloaded. D. The app has been installed.
D. The app has been installed.
A server technician reviews backup solutions and comes across the 3-2-1 rule. Which of the following holds true regarding this rule? A. Two copies of data B. Three media types C. One copy held on-premise D. Three copies of data
D. Three copies of data 3-2-1 = 3 copies of data 2 media types 1 copy held offline and offsite
A security manager in charge of the vulnerability program for the enterprise is looking at mobile security. They are reading about a "walled garden" approach. What does this entail? A. Autorun B. Antivirus C. Concurrent logins D. Trusted source
D. Trusted Source
A user finds that their home computer fails to boot. The user believes part of the operating system (OS) is corrupted. They want to recover it but do not want to lose any personal documents. What should the user do? A. Use a factory recovery partition. B. Use the full reset option. C. Format the drive. D. Use refresh.
D. Use refresh.
A network administrator is looking for an alternative network operating system (NOS) but also does not want a steep learning curve. Which of the following optimizes for NOS functionality? A. Windows 10 B. Windows 11 C. macOS D. Windows Server 2019
D. Windows Server 2019 Windows Server 2019 and Windows Server 2022 are optimized for use as NOSs. However, they share the same underlying code and desktop interface as the client versions.
A security analyst is investigating a possible incident and wants to view the logs on a remote computer. What should the security analyst use to accomplish this? A. msinfo32.exe B. gpedit.msc C. services.msc D. eventvwr.msc
D. eventvwr.msc The Event Viewer (eventvwr.msc) is a management console snap-in for viewing and managing logs on a Windows host. The default page summarizes system status, with recent error and warning events collected for viewing
A security administrator revisits the security of client machines and wants to push out configuration changes to users. What is the best way to do this? A. regedit.exe B. services.msc C. lusrmgr.msc D. gpedit.msc
D. gpedit.msc The Group Policy Editor (gpedit.msc) provides a more robust means of configuring many of these Windows settings than editing the registry directly.
A user started using near-field communication (NFC) for payments; however, the user is unable to pay using NFC. Which of the following is NOT part of troubleshooting? A. Unlock. B. Ensure airplane mode is off. C. Hold closer and longer to the reader. D. List in recipient's authorized list.
D. list in recipient's authorized list
A vulnerability manager cleans up the patching program in their enterprise. After getting it back to a good state, the manager focuses efforts on hardening. They begin with a test box and want to look at open connections from services. What command should the manager use? A. nslookup B. tracert C. ipconfig D. netstat
D. netstat
A security administrator wants to harden Linux machines and remove any unnecessary running processes. What command can the administrator use to inventory running processes? A. ip B. dig C. chmod D. ps
D. ps the ps command invokes the process table, which summarizes current running processes
A database administrator is scheduled for a meeting with the security team to discuss compliance with the PCI DSS standards. What type of information does it safeguard? A. Lab results B. PINs C. SSNs D. Cell numbers
PINs (PCI DSS stands for Payment Card Industry Data Security Standar)
A Windows user decides to start testing out Macs. They are working on a paper for school and need to cut and paste quite a bit. On the PC keyboard, they use Ctrl+C and Ctrl+V. What key should they use on the Mac? A. Option B. Command C. Apple D. Magic Mouse
B. Command
A company contracted out a development project to another country and had to grant certain permissions to the team, but during the extent of the project, the team was accessing files they should not have. The administrator investigates why they were able to access certain files. Which of the following applies last and sets the precedence for access? A. Inherited allow B. Explicit permissions C. Inherited deny D. RBAC
B. Explicit Permissions
An IT administrator at a university plans to push out security configuration to their computer lab to help prevent infection. Which of the following would best help the administrator? A. Bitlocker B. Group Policy C. Remote Desktop Protocol D. Services console
B. Group Policy used to create and apply OS and software application settings. These could be configured on each machine individually, but more typically they are applied via policies configured on the domain controller.
A penetration tester gains access to a regular user's box. The tester wants to escalate privileges, so they call into the help desk, as the regular user, and sets up a script that will capture the help desk user's Kerberos token to be able to replay. What is this social engineering technique called? A. Dumpster diving B. Impersonation C. Shoulder surfing D. Tailgating
B. Impersonation
An IT manager wants to secure a storage room with expensive server equipment. Which of the following will provide the best contactless security? A. Badge reader B. Electronic lock C. Conventional lock D. Bollard
A. Badge reader
A user wants to secure their home router. Which of the following are strong security practices? (Select all that apply.) A. Content filtering B. Disable 2.4 GHz Broadcast C. Firmware update D. AAA
A. Content Filtering C. Firmware update
A support technician receives a call from a user who cannot seem to go anywhere on the network, except for the share drive \\192.168.8.20\ShareDrive. Which of the following should the technician check first? A. DNS B. RTT C. Firewall D. APIPA
A. DNS
The receptionist at a record label company connects their phone to their computer so they can play the songs already downloaded on their phone. Where does the receptionist set this up? A. Device settings B. NTUSER.DAT C. Ease of access D. Task view
A. Device settings
A security analyst is looking at the overall security status of systems on the network. Which of the following represents the greatest risk? A. EOL system B. Unprotected system C. Zero-day D. Non-compliant system
A. EOL system legacy or end of life system no longer provides support or fixes for problems
A security administrator wants to set up anomalistic monitoring around behavioral-based user activity. Which of the following could the administrator implement for monitoring? (Select all that apply.) A. Failed attempts B. Login times C. Concurrent logins D. Screen lock
A. Failed Attempts B. Login Times C. Concurrent Logins
A user wants to experiment with virtualization by enabling Microsoft's virtualization solution. Where can the user go to enable this? A.Features B.Store apps C.WSL D.File Explorer
A. Features
A human resources specialist has started working from home. The specialist is somewhat security conscious and wants to keep their home network secure. What else besides the router operating system patches should the specialist keep patched? A. Firmware B. UPnP C. Default password D. AAA
A. Firmware
A student considers upgrading but has many custom drivers and hardware in their Windows-driven rig. Where can the student look for a catalog of tested devices and drivers for this platform? A. HCL B. PXE C. NIST D. SED
A. HCL
An enthusiastic computer user wants to test out the new Windows 11 desktop. Which of the following has become more easily accessible using Windows 11? A. Multiple desktops B. Instant Search C. Task View D. Notification area
A. Multiple desktops allow the user to set up different workspaces, such as one desktop that has windows for business apps open and another with windows and shortcuts for personal apps and games.
An administrator sets up a network share for the marketing team to collaborate. There is a need to protect the files from a user who is logged on locally to the computer hosting the shared resource. What type of permission should the administrator set up? A. NTFS B. Share-level C. FAT32 D. ACE
A. NTFS (New Technology File System)
A user experiences a slow desktop load, so they want to try to rebuild their local user profile. Which of the following is an invalid file when considering user profiles? A. NTUSER.MSI B. NTUSER.DAT C. NTUSER.DAT.LOG D. NTUSER.INI
A. NTUSER.MSI
A client administrator at a local university runs a computer lab and decides they want to image the machines nightly due to the high risk of having everything available and open to use. The administrator orders new computers which are compatible with the ability to use Preboot eXecution Environment (PXE). What type of boot would this be? A. Network B. Hard drive C. Optical D. USB
A. Network
A support operator helps a user who is complaining about latency and sluggish performance. Which of the following will be the least helpful in troubleshooting? A. Perform a system file check (SFC) B. Use Task Manager. C. Reboot. D. Run fewer programs.
A. Perform a system file check (SFC)
A cyber intern is tasked with installing a Windows 32-bit environment on a company computer. To confirm it is installed correctly, what folder can the intern view to ensure all files are present? A. Program Files (x86) B. Program Files C. %SystemRoot%\system32 D. %SystemRoot%\system64
A. Program Files (x86)
A manager in charge of client images wants to test out new updates that do not make radical changes to Windows. What should the manager most likely look for? A. Quality update B. Feature update C. Upgrade D. Patches
A. Quality Update Quality updates do not usually make radical changes to Windows, though some do include new features. These are often made along with feature updates
A security manager at a top-secret facility assesses the feasibility of integrating biometric authentication but has heard that it is often not accurate. Which of the following is the most accurate form of biometrics? A. Retina scanner B. Palmprint scanning C. Fingerprint readers D. Badge reader
A. Retina scanner
A penetration tester looks to harvest credentials from users who log in locally. Where should the penetration tester look for users who authenticated locally? A. SAM B. Kerberos C. VPN D. Web portal
A. SAM
A coffee company sets up computer kiosks for customers. The company wants a hip trendy setting so they decide to use Mac computers. However, the person setting it up has no idea how to use Macs. What can they use to help them during setup? A. Spotlight Search B. Dock C. Terminal D. Mission control
A. Spotlight Search
A client administrator plans an upgrade from Windows 10 to Windows 11 in the environment but has to plan from a budgetary perspective. What type of hardware requirement will the administrator need to consider? A. TPM chip B. App compatibility C. Network protocol support D. User training
A. TPM Chip Windows 11 requires a central processing unit (CPU) or motherboard with support for the trusted platform module (TPM) version 2.
A new user requests that a few settings are configured to increase the comfortability while using a company computer. In particular, the user requests that the narration feature be enabled. Where does a support technician find this feature in the Ease of Use settings in Windows 10? A. Vision B. Hearing C. Interaction D. Audio
A. Vision
A network manager for a growing coffee company sets up wireless access points at cafe locations for users. The manager wants to set up access to allow anyone in the vicinity to join without a password but also make it as secure as possible. Which standard introduced this ability? A. WPA3 B. WPA2 C. WPA D. WEP
A. WPA3 WPA3 is encrypted but WPA2 is not
A server administrator wants to connect to a user's computer and push a file through Server Message Block (SMB). How should the administrator connect to the computer? A. \\userhost\C$ B. userhost C. comptia.com D. 192.168.14.25
A. \\userhost\C$
A helpdesk operator wants to use a set of tools that will help them during troubleshooting. What can help the operator customize their toolset? A. mmc B. gpedit.msc C. lusrmgr.msc D. tasksch.msc
A. mmc The mmc command allows the operator to perform MMC customization and create a console with a personal selection of snap-ins. The console can be saved to the Administrative Tools folder as a file with an MSC extension.
A user wants to learn and grow with different operating systems, so the user installs dual operating systems on their computer. The computer currently boots to Windows, but the user wants to change the default operating system (OS). What should the user utilize to do this? A. msconfig.exe B. resmon.exe C. tasksch.msc D. gpedit.msc
A. msconfig.exe The System Configuration Utility (msconfig.exe) modifies various settings and files that affect the way the computer boots and loads Windows. For example, users can change the default OS, add boot options (such as Safe Mode boot) with minimal drivers and services, and set the timeout value.
A security analyst is investigating a possible incident where an alert showed a possible indicator of malware. The malware has a tactic of replacing system files with its own version, which also runs the malware code. Which of the following commands has the best chance of helping the security analyst? A. sfc B. chkdsk C. winver D. shutdown
A. sfc The Windows Resource Protection mechanism prevents damage to, or malicious use, of system files and registry keys and files. In addition, the System File Checker utility (sfc) provides a manual interface for verifying system files and restoring them from the cache if found corrupt or damaged.
A user boots a Windows device into the basic input/output system (BIOS) but recognizes no bootable disks. What is most likely the problem? A. It is using MBR partitioning. B. It is using GPT partitioning. C. It is using APFS. D. It is using ext3.
B. It is using GPT partitioning.
A security manager reviews user roles and grants the minimum privileges necessary. What did the manager implement? A. Implicit deny B. Least privilege C. ACL D. Authentication
B. Least Privilege
A security company was asked to help set up physical security at a massive company to identify concealed weapons coming into the building. What should the company implement? A. Access control vestibule B. Magnetometer C. Bollard D. Fencing
B. Magnetometer type of metal detector often deployed at airports and in public buildings to identify concealed weapons or other items
A user is curious about the low-level data the system stored about their profile and wants to explore the file which contains it. In Windows, where does the user look? A. Molex B. NTUSER.DAT C. OneDrive D. File explorer
B. NTUSER.DAT Each user has a folder named after their user account. This subfolder contains NTUSER.DAT (registry data) plus subfolders for personal data files. It stores users' profile settings and data.
An intern is going to work for the Linux administration team. They need to use a file editor but are not familiar with Linux. Which of the following is the easiest to use coming from a non-Linux background? A. Vi B. Nano C. Cat D. Cp
B. Nano the nano text editor is often preferred by those coming from a windows environment
A security engineer investigates legacy applications and employees that are still using them. Which of the following user groups represent a security concern? A. Guest B. Power users C. Standard account D. Local users and groups
B. Power Users
A network administrator analyzes the physical placement of routers or network appliances to ensure a secure location. What is the administrator helping to prevent? A. Default password B. Power off C. Firmware update D. Evil twin
B. Power off
A user is experiencing what seems to be latency, which is affecting their ability to work. They decide to validate their theory with a ping test. What will indicate latency? A. ARP B. RTT C. APIPA D. DNS
B. RTT (Round Trip Time)
A server administrator needs to set up a Linux server but mainly deals with Windows servers. The administrator wants to use a subscription-based version to have support when needed. Which of the following should the server administrator use? A. Mint B. SUSE C. Fedora D. Arch
B. SUSE SUSE and Red Hat are both subscription based
A network administrator sets up a network access control solution throughout the enterprise which allows them to see ports with multiple devices connected into a switch port. The administrator uses this to help identify wireless access points throughout the enterprise, especially older ones which may have been forgotten. Which of the following legacy wireless encryption mechanisms is the administrator going to change? (Select all that apply.) A. WPA2 B. WPA C. WPA3 D. WEP
B. WPA D. WEP
A user brings in a laptop that does not boot. Based on the user's description, the assistant suggests running chkdsk. How can the user do this? A. System Restore B. WinRE C. UEFI D. BCD
B. WinRE
A server administrator is writing a script that will help administer their servers. However, instead of typing out the full path to the script in the command prompt, the administrator wants to change the directory to the desktop to make it easier. Which of the following commands should the server administrator use? A. dir C:\Users\user\Desktop B. cd C:\Users\user\Desktop C. Desktop: D. C:\Users\user\Desktop help
B. cd C:\Users\user\Desktop
A user starts experiencing a BSoD(Blue Screen of Death). What should the user check for changes when they are able to get back on their computer? A. WSL B. devmgmt.msc C. tasksch.msc D. services.msc
B. devmgmt.msc Most blue screens of death (BSoD), especially those that occur during startup, are caused by faulty hardware or hardware drivers. Device Manager (devmgmt.msc) allows users to view and edit the properties of installed hardware.
A computer technician wants to optimize the input/output operations performance of HDDs. What should the technician utilize? A. devmgmt.msc B. dfrgui.exe C. resmon.exe D. secpol.msc
B. dfrgui.exe The Defragment and Optimize Drives tool (dfrgui.exe) runs various operations to speed up the performance of hard disk drives (HDDs).
An incident handler is reviewing a possible cryptomining infection on one of the corporate servers. What should the handler use first to investigate? A. eventvwr.msc B. taskmgr.exe C. regedit.exe D. tasksch.msc
B. taskmgr.exe can monitor the PC's key resources. Cryptomining software will use resources heavily, so this would be the first place to look.
A developer needs a laptop that will run MySQL locally for their development project. The minimum memory required is 16GB of RAM. Which architecture should the developer use? A. x86 B. x64 C. Either x86 or x64 will work D. ARM
B. x64 The 64-bit(x64) version is needed because the 32-bit(x86) only supports 4 GB of system memory.
A security conscientious administrator wants to make computer authentication more secure. Which of the following would be the optimal method? A.Device token B.Facial recognition C.MFA D.UAC
C. Multifactor Authentication
A startup company wants to sell laptops and desktops with operating systems that are ready to use for customers. What type of license is most applicable in this situation? A. Home B. Enterprise C. OEM D. Education
C. OEM An original equipment manufacturer (OEM) license means that the OS is pre-installed to a PC or laptop and is valid for that device only. The computer vendor is responsible for support.
A server administrator discovers that a server service account for a File Transfer Protocol (FTP) server was compromised. Which of the following exploits or vulnerabilities did the malicious actor use? A. XSS B. SQL injection C. Plaintext D. DoS
C. Plaintext A plaintext password can be captured by obtaining a password file or by sniffing unencrypted traffic on the network.
A security-conscious user limits what usage data Windows permits to collect and what device functions it enables and for which apps. Where does the user accomplish this? A. User accounts B. Instant Search C. Privacy settings D. VESA
C. Privacy settings
A jewelry chain has just discovered how to make a new form of jewels that has never been created before. They want to set up some sort of alarm if the jewels are taken out of their designated area. What type of alarm should the jewelry chain set up specific to the jewels? A. Motion sensors B. Circuit C. RFID D. Duress
C. RFID Radio Frequency ID can be used to track the movements of tagged objects within an area
A server administrator wants to keep up with security patches and points their machines to pull updates. What should the administrator point towards? A. Distribution B. apt-get C. Repositories D. Yum
C. Repositories
A student is interning for a security team at a major company and wants to practice on their home network. They want to make sure devices are easily identified when traffic is examined. Which of the following will help them accomplish this? A. Port forward B. UPnP C. Reservation D. Port triggering
C. Reservation
A vulnerability manager is ramping up the vulnerability management program at their company. Which of the following is the most important consideration for prioritizing patching? A. Actor B. Threat C. Risk D. MFA
C. Risk likelihood and impact (or consequence) of a threat actor exercising a vulnerability. This is the most important aspect of the prioritization of patches.
A network professional sets up the ability to authenticate over Extensible Authentication Protocol over Wireless (EAPoW). Which of the following will the professional need to configure? A. Active directory B. WPA3 C. TACACS+ D. MFA
C. TACACS+
A client systems administrator for Mac computers wants to ensure users' data is backed up locally. What should the administrator enable? A. Recovery B. Disk Utility C. Time Machine D. App store
C. Time Machine the Time Machine prefpane enables data to be backed up to an external drive or partition formatted using either the apple file system (APFS) or macOS's older extended file system
A user calls in about an invalid boot disk error. What is the most common cause of this issue? A. Floppy disk left in the drive on a restart B. OS loader not found C. USB set as the primary boot method D. Driver corruption
C. USB set as the primary boot method
A user wants to optimize their computer. The user pokes around in the system settings applet on their computer. What can the user NOT configure in the system settings applet? A. Visual effects B. Paging C. User accounts D. Power
C. User accounts User accounts are controlled through the user account settings
A server administrator tests an application migration from a 32-bit server to a 64-bit server, but the application is still 32-bit. Where will Windows run the application? A. PXE B. SED C. WOW D. OEM
C. WOW
A penetration tester is asked to perform an assessment on the new Mac laptops a company brought into the environment. After loading a shell on a user's computer, the tester needs to find the passwords. Where should the tester look? A. FileVault B. Security & Privacy C. Apple ID D. Keychain
D. Keychain used to help manage passwords and is also available as iCloud Keychain
The human resources department requires employees to complete training via a website. However, a user keeps getting errors when visiting the site. Which of the following will help administrators most likely fix the issue? A. resmon.exe B. tasksch.msc C. certmgr.msc D. gpedit.msc
C. certmgr.msc The Certificate Manager console (certmgr.msc) shows which certificates have been installed and provides a mechanism for requesting and importing new certificates. The error is most likely an untrusted certificate error.
A user experiences issues with large files and wants to run diagnostics to help figure out what might be the issue. Which of the following commands should the user try? A.format B.diskpart C.chkdsk D.winver
C. chkdsk scans the file system and/or disk sectors for faults and attempts to repair any problems detected.
Two IT friends are best friends and want to map each other's root shares. Which of the following commands will accomplish this? A. net view M: \\BestFriend\C$ B. net view M: \\BestFriend\ADMIN$ C. net use M: \\BestFriend\C$ D. net use M: \\BestFriend\ADMIN$
C. net use M: \\BestFriend\C$
A network administrator responds to users calling in about a slow network. Which command should the administrator use to diagnose the chokepoint? A. ipconfig B. hostname C. pathping D. msconfig
C. pathping
A Windows server administrator wants to use a scheduled local script to move logs from that server to a central security incident and event monitoring platform. Copying the logs over and ingesting them locally saves on the licensing. Which command should the script use? A. ftp Source [Destination] [Switches] B. md Source [Destination] [Switches] C. robocopy Source [Destination] [Switches] D. rmdir Source [Destination] [Switches]
C. robocopy Source [Destination] [Switches] The robocopy command (or "robust copy") is another file copy utility. Microsoft now recommends using robocopy rather than xcopy. For example, robocopy works better with long file names and New Technology File System (NTFS) attributes.
A vulnerability manager has significantly improved patching in the environment and now wants to focus on system security. The use of which of the following options will directly support the managers intent of making the system more secure? A. msinfo32.exe B. resmon.exe C. services.msc D. dfrgui.exe
C. services.msc From Task Manager, the Open Services button links to the Services (services.msc) console. This can disable nonessential services to improve performance or security.
A graphics artist is starting to get into 3D animation and wants to ensure their computer can adequately handle the work. What should the graphics artist use? A. Hardware token B. LPL C. Integrated graphics D. Dedicated graphics
D. Dedicated graphics
A hotel manager notices that a wireless access point with the same service set identifier (SSID) is broadcasting with higher power. What attack could this indicate? A. Whaling B. Phishing C. Footprinting D. Evil twin
D. Evil twin similar to phishing but instead of an email, the attacker uses a rogue wireless access point to try to harvest credentials
A server administrator manages client images throughout their environment using a Windows Deployment Server. However, the security team asks for a specific test box that cannot be joined to the domain to test malware. Which of the following licenses could the administrator use? A. Education B. OEM C. Enterprise D. Home
D. Home The Windows Home edition cannot be joined to a domain. It's designed for domestic users and SOHO's
A user calls in to support complaining that they can not seem to reach anything on the network. The user was able to receive an IP address of 169.254.15.83 though. What is most likely the problem? A. No internet access. B. The computer does not receive a DNS entry. C. It cannot find the wireless SSID. D. No DHCP server found.
D. No DHCP server found
A Windows administrator wants to divide a domain up into different administrative realms to delegate responsibility for administering company departments. What should the administrator use to do this? A. Security groups B. Member server C. Group policy D. OU
D. OU (Organizational Unit)
A PC user is looking at the Wireless Network Connection settings on their Windows computer. Which of the following is the most important setting to verify in order to ensure the PC is capable of connecting to an existing network? A. Power transmission B. SSID C. Automatic connection D. Protocol support
D. Protocol Support
A server administrator's profile is set up to copy the whole profile from a share at logon and copy the updated profile back at logoff. This allows the administrator to hop on to any of the company's computers. What technique was set up? A.Folder redirection B.Home folder C.Group policy D.Roaming profile
D. Roaming Profile
A server administrator for a corporation with an enterprise network was tasked with setting up a website hosted on-premise. How should the administrator set it up? A. Content filtering B. UPnP C. Port forward D. Screened subnet
D. Screened subnet
