C.2.4 CompTIA A+ 220-1102 (Core 2) Domain 4: Operational Procedures
Which of the following is an important aspect of evidence gathering in response to a security incident?
> Back up all log files and audit trails. Explanation: When gathering evidence, it is important to make backup copies of all log files and audit trails. These files will help reconstruct the events leading up to the security violation. They often include important clues as to the identity of the attacker or intruder. Users should not be granted access to compromised systems while evidence gathering is taking place. Damaged data should not be restored, and transaction logs should not be purged while evidence gathering is taking place.
Which of the following are common tools used to physically clean the inside of a computer? (Select two.)
> Compressed air > Natural bristle brush Explanation: You can use a natural bristle brush and a can of compressed air to blow dust off of a motherboard and other circuit cards. Never use anything harsh on the inside of a computer, such as a wire brush or industrial degreasers. Rags are also discouraged because they easily snag on electrical leads and parts.
What is the technology that protects the intellectual property rights of publishers and restricts the use of copyrighted works to only those who have paid the necessary licensing fees?
> DRM Explanation: To protect the intellectual property rights of publishers, several Digital Rights Management, or DRM, technologies have been implemented over the years. The goal of these technologies is to restrict the use of copyrighted works to only those who have paid the necessary licensing fees.
Jason is a system administrator for a hospital. As part of his role, he helps to maintain all devices in the hospital that connect to the internet (IoT devices). Recently, the hospital has purchase some new heart-rate monitoring devices that are IoT-enabled. Jason needs to add the devices to the inventory management database. Which of the following is the asset management phase that Jason is currently involved with?
> Deployment Explanation: Deployment is the asset management phase where information about an asset is recorded in the inventory management database. Operations is the asset management phase where maintenance is performed on an asset. This phase comes after recording the asset in the database. Procurement is the asset management phase where decisions are made that impact the purchase of the asset. This phase comes before the Deployment phase. Priority is often related to ticketing systems to help determine when action should be taken on an issue. It is not an asset management phase.
To improve the safety of your location and comply with regulations regarding work environments with hazardous materials, you have been assigned to assemble Material Safety Data Sheets (MSDS) for all chemicals used in your shop. How should you obtain these documents?
> Download them from the chemical manufacturer's websites. Explanation: Material Safety Data Sheets (MSDS) are written and distributed by chemical manufacturers. You can download them from the manufacturer's website or request them from a company representative. MSDS sheets contain information that is only available from the manufacturer. Neither your manager or a workers' safety insurance office can provide MSDS documents. Attempting to write your own MSDS sheet can be dangerous, as you do not have all the critical information necessary that is available from the manufacturer.
Which type of contract are you typically required to accept when obtaining a proprietary software license?
> EULA Explanation: When obtaining a proprietary software license, you are typically required to agree to an End User License Agreement (EULA), which is a legal contract detailing the terms of use between a software application author or publisher and the end user of that application. GPL stands for the General Public License, which requires the source code of open-source software programs to be available to anyone for free. The PRD is the Product Requirements Document, which is basically a blueprint for designing a new software program that specifies exactly what the product will do. DMCA is the Digital Millennium Copyright Act, which is a copyright law that made it illegal to create or distribute technologies that can circumvent DRM programs or systems.
Aaron is a system administrator for a school district and has been assigned to maintain and decommission computer equipment throughout the district schools. He has been assigned to review all the workstations currently being used by the administrative staff at the district and school levels to determine if they need to be replaced or upgraded to meet current administrative requirements. He decides to replace the workstations with new equipment, decommission the existing computers, and sell them to the public as surplus. After selling several of the decommissioned computers, a local paper publishes an article about financial corruption in the school district with documentation to prove the accusations. Which of the following steps in the Decommissioning process did Aaron fail to do that might have BEST prevented this situation?
> Ensure that any sensitive or proprietary information was permanently removed from the workstations before selling them to the public. Explanation: Before selling the workstations to the public, Aaron should have made sure that any sensitive or proprietary information was thoroughly and permanently removed from any storage devices. Although the workstations could have been destroyed or disposed of properly in the trash, disposal does not ensure that the storage devices are wiped clean before disposal, leaving them available to someone who can retrieve data from them. Removing the workstations from the production network was accomplished before selling them to the public. This does not guarantee that sensitive data cannot be retrieved from any storage devices. Removing the workstations from the asset management database is a step in the Decommissioning phase, but this has nothing to do with preventing access to sensitive information.
Which of the following is a software license that allows 100 or more activations?
> Enterprise license Explanation: An enterprise license (also known as a volume license or a corporate use license) is designed to allow a large volume of activations for a lower cost per activation than purchasing personal use licenses. Personal licenses typically only allow one to three activations per license. The General Public License protects open-source software program from proprietary actions, meaning that open-source software programs are required to allow anyone access to the source code and the program for free. A public domain license is also designed to keep open-source software source code freely available to anyone. This code can be modified without restriction. There are no activations needed, as it is freely available.
You are removing screws within a computer, but several have fallen into places you can't reach. Which tool would help retrieve the small screws?
> Extension magnet Explanation: An extension magnet is a small magnet on a collapsible rod that's used to retrieve screws that have fallen into a computer case or other areas you cannot reach. A punch down tool is used to secure cable wiring to a punch-down block or a patch panel, not to retrieve screws that have fallen into a computer case or other areas you cannot reach. Unless the lost parts are in an easily accessible location, a combination ratchet/screwdriver would be unlikely to help you retrieve the screws. A network tap is used to collect data on traffic traveling across a network, not for retrieval of hardware parts.
You want to adopt a rotation scheme for your Windows systems that works by keeping data for 30 days and then has the data from the 31st day overwrite the data from the first day. Which of the following is the rotation backup type you should use?
> FIFO Explanation: The FIFO (first in, first out) rotation type keeps data for a specific period of time (such as 30 days) and then saves over the oldest data once the time has elapsed (such as replacing the first-day backup with the 31st-day data). The 3-2-1 backup rule involves maintaining three copies of your data. Two are kept onsite on two different types of devices, and the third copy is kept offsite. The data is not rotated through and replaced based on a specific period of time. The GFS (grandfather-father-son) backup rotation keeps backup copies of the data as full backups (grandfather, father) and an incremental backup (son) on a preset schedule. However, this rotation type does not allow for existing data to be overwritten on a daily schedule set by the user. Full refers to a full backup of a hard disk. It is not a rotation type.
You are a PC technician for a company. An employee needs you to install some software on his computer over his lunch break. When you log on to the computer, you notice the employee's desktop has so many shortcuts and files that you can hardly see the desktop background. Which of the following actions should you take?
> Install the software and leave the employee's computer exactly how you found it. Explanation: The best thing to do in this situation is to leave the computer exactly as it is. Even if you think the desktop is unorganized and cluttered, you need to respect others' workspace. Do not delete, move, or change the items on the employee's desktop. You should never look at the files on an employee's computer unless it directly pertains to what you have been asked to do
Where could a company employee find out how to reset a password or change their voicemail message?
> Knowledge base Explanation: A knowledge base is a web-based collection of articles and documents related to frequently asked questions, such as how to reset a password or change a voicemail message. While security policies, AUPs, and BYODs are valuable references, their primary purpose is not to provide tutorials or answers to frequently asked questions.
To prevent ESD when replacing internal computer components, you attach an anti-static wrist strap to your wrist. Where should the other end be fastened? (Select two.)
> Metal area on the computer case > Anti-static mat Explanation: When using an anti-static wrist strap, you should connect the wrist strap to yourself and the other end to a ground such as the clip on the anti-static mat, or to an area on the computer case so that you and the computer are at the same electrical potential. Never connect the wrist strap to a power outlet, power supply, or ground on a power source.
Which of the following are common uses for scripting? (Select three.)
> Network drive remapping > System updates > Automated backups Explanation: Common uses for scripting include: Network drive remapping Automated backups System updates While automating email mass mailings, creating scripts, managing files, and managing bookmark lists could all be impacted by scripting, there are other methods and utilities available that are more efficient and commonly used for these tasks.
Which of the following are included in a network topology diagram? (Select two.)
> The location and IP addresses of hubs, switches, routers, and firewalls. > The relationship between remote locations and the WAN links that connect them. Explanation: A network diagram provides a visual representation of the logical and physical layout of your network. A single diagram or a collection of diagrams can include the location and IP addresses of hubs, switches, routers, and firewalls. It can also show the relationship between remote locations and the WAN links that connect them. A floor plan provides a layout of all electrical, plumbing, HVAC, and wiring components. For example, a server room's floor plan would include information on server racks, cooling, air circulation, and fire suppression systems.
Which of the following is true of Remote Assistance?
> The user initiates the session. Explanation: With Remote Assistance, the user initiates the session. Remote Assistance allows both the user and the remote user to be logged in at the same time. Remote Desktop only allows one user (such as the remote user) to be logged in at a time. Remote Assistance is designed to provide or receive remote help. Remote Desktop is designed for user productivity.
Why should you store backup media offsite?
> To prevent the same disaster from affecting both the system and its associated backup media. Explanation: Backup media should be stored offsite to prevent the same disaster from affecting both the system itself as well as its associated backup media. For example, if your primary facility is destroyed by flood or fire, your data remains protected at an offsite location. Offsite storage does not significantly reduce the possibility of media theft because it can be stolen while in transit and while at the remote storage location. Offsite storage is not mandated by government regulation in the USA. Offsite storage does not improve the efficiency of the restoration process because additional time will be spent maintaining the backup media at the remote location.
Which of the following is one way that developers and organizations who produce open-source software can generate revenue from the software?
> Training contracts Explanation: Open-source software must allow its source code to be freely available to anyone without licensing fees or agreements, but developers can offer training contracts to teach users how to use the software and generate revenue from the training contracts. Persistent and one-time activation license are for proprietary software. Enterprise licenses are also for proprietary software.
Your organization has 20 employees who need an accounting software update installed. Due to a miscommunication, the purchaser only paid to update 10 licenses. The software company issued a paper license and a single key for updating 10 users. Since this is an enterprise paper license, there is no mechanism that enforces a limit to the number of times the key can be used, so you decide to go ahead and update all 20 users. What are the possible consequences of this decision? (Select two.)
> You expose your company to litigation by violating the software license agreement. > You risk losing your job. Explanation: Circumventing license agreements exposes your company to litigation and puts your job at risk. Even without a mechanism for tracking the number of users that are using the software, the enterprise agreement limits the number of licenses that you are legally entitled to use. Using more licenses than you are entitled to is an act of theft. Your best course of action is to pay for 10 more licenses. The software company is likely to learn of the violation. One way they can learn of violations like this is when your users have to register their copies of the software to receive support, patches, and bug fixes. Since there is no mechanism that enforces a limit to the number of times the key can be used, the software will probably continue to function. The one to three activations per user usually pertains to the personal software licensing model or is meant to be used when users have more than one computer on which they need to install the software. These activations are not meant to be shared with other users.
You work for a company that provides payroll automation software to its clients. You are creating a program that will automate payroll tasks for small businesses with few employees. You are on track to meet your deadline for the project, and you anticipate having a lot of money leftover in the project budget. Mid-project, you receive a call from the human resources manager at MakeStuff, a company that will use the small-business payroll software. The manager informs you that MakeStuff has decided to offer its employees a 401k investment option and asks whether the small-business payroll program can automatically manage 401k investments. Currently, the project plan does not include that function, but you believe making the addition would be valuable to your business. You are worried about requesting permission to add this functionality for two reasons. First, the deadline for this project is very close, and it cannot be moved. Second, you have created software that automates flexible savings account management, but you haven't automated 401k investments before, and you know they are more complicated. You must fill out a change order form to request this change. Select the best option for each portion of the form.
Purpose of Change > To provide every client using the software the functionality to automate 401k management. Scope of Change > Add 401k management to the payroll software. Plan for Change > Request to hire contractors to implement 401k management. Risk Analysis > Using contractors could result in going over budget if there are problems with the project. Backout Plan > Back up the program and data before adding the new feature. Explanation: Given this scenario, the best course of action is to request to add an automated 401k management function to the program you are developing for small businesses. It would be best to hire a contractor for three reasons: your deadline is close, it cannot be moved, and you have a lot of extra money in your budget. You can afford to pay a contractor, and that will help you both create the new feature and meet your deadline. This course of action minimizes risk because you already know that you are creating a feature your customer wants, you already know you have extra money to pay the contractor, and a contractor working outside the office will have little impact on relationships or morale within the company. However, the main risk is that using up the extra budget could result in going over budget if there are problems with the project. It is a best practice to regularly save copies and backup copies of all data. A backout plan could be reverting to the version of the software if there are major problems adding the 401k management feature. Adding flexible savings account management is an easier option, but it doesn't give MakeStuff the functionality they requested, so this course of action doesn't produce much value. This scenario gives no indication that all clients desire 401k management, so trying to provide that function to all clients is outside the scope of the solutions necessary to meet MakeStuff's requireme
