CompTIA A+ Core 2 (Exam 220-1102)

Ace your homework & exams now with Quizwiz!

What type of account management policy can protect against password-guessing attacks?

A lockout policy disables the account after a number of incorrect sign-in attempts.

Ticketing System

Database software designed to implement a structured support process by identifying each case with a unique job ticket ID and with descriptive fields to record how the issue was resolved.

ifconfig

Deprecated Linux command tool used to gather information about the IP configuration of the network adapter or to configure the network adapter.

Python

High-level programming language that is widely used for automation.

Command and Control (C2 or C&C)

Infrastructure of hosts and services with which attackers direct, distribute, and control malware over botnets.

octal notation

Linux file-permission mode that uses numeric values to represent permissions.

A file is secured with the numeric permissions 0774. What rights does another user account have over the file?

Read-only.

Trusted Source

Installer package that can be verified by a digital signature or cryptographic hash.

top command

Interactive Linux command for monitoring process information.

cron

Scheduled task that is managed by the Linux cron daemon.

What feature of modern file systems assists recovery after power outages or OS crash events?

Journaling means that the file system keeps a log of updates that it can use to recover damaged data. The OS might also make use of snapshot capability to maintain a file-version history or perform continuous backups.

Another user calls to say he is trying to sign-on to his online banking service, but the browser reports that the certificate is invalid. Should the bank update its certificate, or do you suspect another cause?

It would be highly unlikely for a commercial bank to allow its website certificates to run out of date or otherwise be misconfigured. You should strongly suspect redirection by malware or a phishing/pharming scam.

Synthetic Full Backup

Job type that combines incremental backup jobs to synthesize a full backup job. Synthetic full backups have the advantage of being easy to restore from while also being easy on bandwidth across the network as only changes are transmitted.

Advanced malware can operate covertly with no easily detectable symptoms that can be obtained by scanning the device itself. What other type of symptom could provide evidence of compromise in this scenario?

Leaked data files or personal information such as passwords.

Control Panel

Legacy management interface for configuring user and system settings in Windows.

ls

Linux command for listing file system objects.

chmod command

Linux command for managing file permissions.

chown

Linux command for managing the account owner for files and directories.

ps command

Linux command for retrieving process information.

Backdoor

Mechanism for gaining access to a computer that bypasses or subverts the normal method of authentication.

Port triggering

Mechanism to configure access through a firewall for applications that require more than one port. Basically, when the firewall detects activity on outbound port A destined for a given external IP address, it opens inbound access for the external IP address on port B for a set period.

You are monitoring system performance and notice that a substantial number of page faults are occurring. Does this indicate that a memory module is faulty?

No—it shows the system is using the pagefile intensively and could benefit from more system RAM being installed.

Subnet Mask

Number of bits applied to an IP address to mask the network ID portion from the host/interface ID portion.

Recovery Partition

OEM recovery media enabling the user to reset the system to its factory configuration.

iOS

OS for Apple's iPhone smartphone and most iPad tablet models.

iPadOS

OS for some models of the Apple iPad tablet.

Group Policy Objects (GPOs)

On a Windows domain, a way to deploy per-user and per-computer settings such as password policy, account restrictions, firewall status, and so on

Power Users

One of the default Windows group accounts. Its use is deprecated, but it is still included with Windows to support legacy applications.

Risk Analysis

Process for qualifying or quantifying the likelihood and impact of a factor.

Port Forwarding

Process in which a router takes requests from the Internet for a particular application (such as HTTP) and sends them to a designated host on the LAN.

What type of cryptographic key is delivered in a digital certificate?

A digital certificate is a wrapper for a subject's public key. The public and private keys in an asymmetric cipher are paired. If one key is used to encrypt a message, only the other key can then decrypt it.

You are developing a Bash script to test whether a given host is up. Users will run the script in the following format: ./ping.sh 192.168.1.1 Within the code, what identifier can you use to refer to the IP address passed to the script as an argument?

$1 will refer to the first positional argument.

When might you need to consult MSDS documentation?

A material safety data sheet (MSDS) should be read when introducing a new product or substance to the workplace. Subsequently, you should consult it if there is an accident involving the substance and when you need to dispose of the substance.

You have a computer with two SATA disks. You want to evaluate the performance of the primary disk. How would you select this in Performance Monitor, and what might be appropriate counters to use?

Select the Physical Disk object, select the counter, and then select the 0 C: instance. Counters that are useful for evaluating performance include % Disk Time and Average Disk Queue Length.

Script

Series of simple or complex commands, parameters, variables, and other components stored in a text file and processed by a shell interpreter.

Proxy Server

Server that mediates the communications between a client and another server. It can filter and often modify communications as well as provide caching services to improve performance.

Domain Name System (DNS)

Service that maps fully qualified domain name labels to IP addresses on most TCP/IP networks, including the Internet.

Terminal Access Controller Access Control System Plus (TACACS+)

AAA protocol developed by Cisco that is often used to authenticate to administrator accounts for network appliance management.

Remote Authentication Dial-in User Service (RADIUS)

AAA protocol used to manage remote and wireless authentication infrastructures.

DMZ host

Home router implementation of DMZ where all ports with no existing forwarding rules are opened and directed to a single LAN host.

Digital Certificates

Identification and authentication information presented in the X.509 format and issued by a Certificate Authority (CA) as a guarantee that a key pair (as identified by the public key embedded in the certificate) is valid for a particular subject (user or host).

Quarantine

The process of isolating a file, computer system, or computer network to prevent the spread of a virus or another cybersecurity incident.

What are the prerequisites for joining a computer to a domain?

The computer must be running a supported edition of Windows (Pro, Enterprise, or Education). The PC must be configured with an appropriate IP address and have access to the domain DNS servers. An account with domain administrative credentials must be used to authorize the join operation.

A company must deploy custom browser software to employees' workstations. What method can be used to validate the download and installation of this custom software?

The package can be signed using a developer certificate issued by a trusted certificate authority. Alternatively, a cryptographic hash of the installer can be made, and this value can be given to each support technician. When installing the software, the technician can make his or her own hash of the downloaded installer and compare it to the reference hash.

While you are assigning privileges to the accounting department in your organization, Cindy, a human resource administrative assistant, insists that she needs access to the employee records database so that she can fulfill change of address requests from employees. After checking with her manager and referring to the organization's access control security policy, you discover that Cindy's job role does not fall into the authorized category for access to that database. What security concept are you practicing in this scenario?

The principle of least privilege.

Organizational Unit (OU)

Structural feature of a network directory that can be used to group objects that should share a common configuration or organizing principle, such as accounts within the same business department.

File System

Structure for file data indexing and storage created by a process of formatting a partition that allows an OS to make use of a mass storage device, such as an HDD, SSD, or thumb drive.

Bollards

Sturdy vertical post installed to control road traffic or designed to prevent ram-raiding and vehicle-ramming attacks

You are assisting with the development of end-user security awareness documentation. What is the difference between tailgating and shoulder surfing?

Tailgating means following someone else through a door or gateway to enter premises without authorization. Shoulder surfing means covertly observing someone type a PIN or password or other confidential data.

Computer Security Incident Response Team (CSIRT)

Team with responsibility for incident response. The CSIRT must have expertise across a number of business domains (IT, HR, legal, and marketing, for instance).

In AAA architecture, what type of device might a RADIUS client be?

AAA refers to Authentication, Authorization, and Accounting and the Remote Access Dial-in User Service (RADIUS) protocol is one way of implementing this architecture. The RADIUS server is positioned on the internal network and processes authentication and authorization requests. The RADIUS client is the access point, and it must be configured with the IP address of the server plus a shared secret passphrase. The access point forwards authentication traffic between the end-user device (a supplicant) and the RADIUS server but cannot inspect the traffic.

NTFS permissions

ACL that mediates local and network access to a file system object under Windows when the volume is formatted with NTFS.

Security Group

Access control feature that allows permissions to be allocated to multiple users more efficiently.

Security Groups

Access control feature that allows permissions to be allocated to multiple users more efficiently.

Social engineering

Activity where the goal is to use deception and trickery to convince unsuspecting users to provide sensitive data or to violate security guidelines.

Extensions

Add-on that uses the browser API to implement new functionality.

Whaling

An email-based or web-based form of phishing which targets senior executives or wealthy individuals.

What role do barcodes play in managing inventory?

An inventory is a list of assets stored as database records. You must be able to correlate each physical device with an asset record by labeling it. A barcode label is a good way of doing this.

Nearby Share

Android feature for simple file sharing via Bluetooth.

Time Machine

App facilitating backup operations in macOS.

Mission Control

App facilitating multiple desktops in macOS.

Secure Shell (SSH)

Application protocol supporting secure tunneling and remote terminal emulation and file copy. SSH runs over TCP port 22.

Startup

Apps and scripts set to run when the computer starts or when the user signs in. Startup items can be configured as shortcuts, registry entries, or Task Scheduler triggers.

Incident Report

An analysis of events that can provide insight into how to improve response and support processes in the future.

Distributed DoS (DDoS)

An attack that uses multiple compromised hosts (a botnet) to overwhelm a service with request or response traffic.

Badge Reader

Authentication mechanism that allows a user to present a smartcard to operate an entry system.

Single sign-On (SSO)

Authentication technology that enables a user to authenticate once and receive authorizations for multiple services.

Confidentiality and integrity are two important properties of information stored in a secure retrieval system. What is the third property?

Availability—information that is inaccessible is not of much use to authorized users. For example, a secure system must protect against denial of service (DoS) attacks.

Fuse

Circuit breaker designed to protect the device and users of the device from faulty wiring or supply of power (overcurrent protection).

Sandbox

Computing environment that is isolated from a host system to guarantee that the environment runs in a controlled, secure fashion. Communication links between the sandbox and the host are usually completely prohibited so that malware or faulty software can be analyzed in isolation and without risk to the host.

Certificate Manager console (certmgr.msc)

Console related to managing digital certificates for the current user and trusted root certification authority certificates.

End User License Agreement (EULA)

Contract governing the installation and use of software.

Devices and Printers

Control Panel app for using and configuring attached hardware.

Power Options

Control Panel app related to configuring power button/lid events and power-saving modes.

Indexing Options

Control Panel app related to search database maintenance.

File Explorer Options

Control Panel app related to view and browsing settings for File Explorer.

Programs and Features

Control Panel applet allowing management of Windows Features and third-party software.

Network and Sharing Center

Control Panel related to interface configuration, network profiles, and discovery/file sharing settings.

Cache

Cookies, site files, form data, passwords, and other information stored by a browser. Caching behavior can be enabled or disabled and data can be cleared manually.

Confidentiality, Integrity, and Availability (CIA triad)

Three principles of security control and management. Also known as the information security triad. Also referred to in reverse order as the AIC triad.

If a single physical disk is divided into three partitions in a non-Windows environment, how many different file systems can be supported?

Three—each partition can use a different file system.

What is the name of Apple's backup software for macOS?

Time Machine.

Healthcare Data

Data that can be used to identify an individual and includes information about past, present, or future health as well as related payments and data used in the operation of a healthcare business.

Personally Identifiable Information (PII)

Data that can be used to identify or contact an individual (or in the case of identity theft, to impersonate them).

You are assisting with the configuration of MDM software. One concern is to deny access to devices that might be able to run apps that could be used to circumvent the access controls enforced by MDM. What types of configurations are of concern?

Devices that are jailbroken or rooted allow the owner account complete control. Devices that allow installation of apps from untrusted sources, such as by sideloading APK packages or via developer mode, could also have weakened permissions.

Internet of Things (IoT)

Devices that can report state and configuration data and be remotely managed over IP networks.

Splash Screen

Displaying terms of use or other restrictions before use of a computer or app is allowed.

Standard Operating Procedure (SOP)

Documentation of best practice and work instructions to use to perform a common administrative task.

Public Key

During asymmetric encryption, this key is freely distributed and can be used to perform the reverse encryption or decryption operation of the linked private key in the pair.

Task Scheduler (tasksch.msc)

Enables execution of an action (such as running a program or a script) automatically at a pre-set time or in response to some sort of trigger.

Regulated Data

Information that has storage- and handling-compliance requirements defined by national and state legislation and/or industry regulations.

Hives

File storing configuration data corresponding to a section of the Windows registry.

Distribution Method

Formats for provisioning application installation files, such as via optical discs, downloads, and image files.

Defragment and Optimize Drives tool (dfrgui.exe)

Fragmentation occurs when a data file is not saved to contiguous sectors on an HDD and reduces performance. The defragmenter mitigates this and can also perform optimization operations for SSDs.

Extensible Authentication Protocol (EAP)

Framework for negotiating authentication methods that enables systems to use hardware-based identifiers, such as fingerprint scanners or smart card readers, for authentication, and establish secure tunnels through which to submit credentials.

Hash

Function that converts an arbitrary length string input to a fixed length string output. A cryptographic hash function does this in a way that reduces the chance of collisions, where two different inputs produce the same output.

Branch

In scripting and programming, control statement that uses a condition to determine which code block to execute next.

You are documenting workstation backup and recovery methods and want to include the 3-2-1 backup rule. What is this rule?

It states that you should have three copies of your data across two media types, with one copy held offline and offsite. The production data counts as one copy.

Boot Sector Viruses

Malicious code inserted into the boot sector code or partition table of a storage device that attempts to execute when the device is attached.

On Site Backup Storage

Media rotation scheme that ensures at least one copy of data is held at a different location to mitigate the risk of a disaster that destroys all storage at a single site.

Digital Signature

Message digest encrypted using the sender's private key that is appended to a message to authenticate the sender and prove message integrity.

Electrostatic Discharge (ESD)

Metal and plastic surfaces can allow a charge to build up. This can discharge if a potential difference is formed between the charged object and an oppositely charged conductive object. This electrical discharge can damage silicon chips and computer components if they are exposed to it.

Angel brought in the new tablet he just purchased and tried to connect to the corporate network. He knows the SSID of the wireless network and the password used to access the wireless network. He was denied access, and a warning message was displayed that he must contact the IT Department immediately. What happened, and why did he receive the message?

Mobile device management (MDM) is being used to mediate network access. The device must be enrolled with the MDM software before it can join the network.

Screen Lock

Mobile device mechanism that locks the screen after a period of inactivity.

Swipe

Mobile gesture that unlocks the screen without requiring authentication.

iCloud

Mobile/cloud computing office-productivity and data-storage suite operated by Apple and closely integrated with macOS and iOS.

Globally Unique Identifier(GUID) Partition Table (GPT)

Modern disk partitioning system allowing large numbers of partitions and very large partition sizes.

Simultaneous Authentication of Equals (SAE)

Personal authentication mechanism for Wi-Fi networks introduced with WPA3 to address vulnerabilities in the WPA-PSK method.

Equipment Locks

Physical security device that restricts access to ports and internal components to key holders.

Acceptable Use Policy (AUP)

Policy that governs employees' use of company equipment and Internet services. ISPs may also apply AUPs to their customers.

Threats

Potential for an entity to exercise a vulnerability (that is, to breach security).

Sleep

Power-saving mode in Windows. On a laptop, this functions much like standby, but on a desktop, the system also creates a hibernation file before entering the standby state.

Fast Startup

Power-saving option allowing swift resume from sleep via an image of system memory contents saved to a hibernation file.

Hibernate

Power-saving state where the contents of memory are saved to hard disk (hiberfil.sys) and the computer is powered off. Restarting the computer restores the desktop.

Device Manager

Primary interface for configuring and managing hardware devices in Windows. Device Manager enables the administrator to disable and remove devices, view hardware properties and system resources, and update device drivers.

Administrators

Privileged user account that has been granted memberships of the Administrators security group. There is also an account named Administrator, but this is usually disabled by default.

Complexity Requirements

Rules designed to enforce best-practice password selection, such as minimum length and use of multiple character types.

Expiration Requirement

Rules designed to enforce best-practice password use by forcing regular selection of new passwords.

If you suspect improper handling during installation has caused damage to a RAM module, how could you test that suspicion?

Run a Memory Diagnostic. Because this tests each RAM cell, it should uncover any fault.

Recycle Bin

When files are deleted from a local hard disk, they are stored in the Recycle Bin. They can be recovered from here if so desired.

Time & Language Settings

Windows Settings pages allowing configuration of default data formats (date, currency, and so on), location information, and keyboard input locale.

Phone settings

Windows Settings pages for associating a smartphone with Windows.

A program is continually using 99-100% of processor time. What should you do?

Try to end the application or the process using Task Manager, and then contact the application vendor to find out why the problem is occurring.

Symmetric Encryption

Two-way encryption scheme in which encryption and decryption are both performed by the same key. Also known as shared-key encryption.

Dictionary

Type of password attack that compares encrypted passwords against a predetermined list of possible password values.

Brute Force

Type of password attack where an attacker uses an application to exhaustively try every possible alphanumeric combination to crack encrypted passwords.

Port Mapping

Type of port forwarding where the external port is forwarded to a different internal port on the LAN host.

Insider Threat

Type of threat actor who is assigned privileges on the system that cause an intentional or unintentional incident.

Hard Token

USB storage key or smart card with a cryptographic module that can hold authenticating encryption keys securely.

Local Account

User account that can be authenticated again and allocated permissions for the computer that hosts the account only.

Which three principal user security groups are created when Windows is installed?

Users, Administrators, and Guests. You might also include Power Users, though use of this group is deprecated. Going beyond the account types listed in the exam objectives, you might include groups such as Remote Desktop Users, Remote Management Users, or Backup Operators. There are also system groups, such as Everyone, but users cannot be assigned manually to these.

Secure Connection

Using HTTPS to browse a site where the host has presented a valid digital certificate issued by a CA that is trusted by the browser. A padlock icon is shown to indicate the secure status of the connection.

Erasing/Wiping

Using a third-party tool to fully erase storage media before recycling or repurposing, minimizing the risk of leaving persistent data remnants.

You have downloaded an installer for a third-party app from the vendor's website. hat should you do before proceeding with setup?

Verify the integrity of the download using a hash value or the vendor's digital certificate.

A user calls to say that he clicked Yes to a prompt to allow the browser to access the computer's location service while using a particular site and is now worried about personal information being tracked by other sites. How can the user adjust the app permission in Windows?

Via the App permissions section under Privacy settings. You might also note that most browser software can be configured to only allow location information on a per-site basis.

Rootkit

Class of malware that modifies system files, often at the kernel level, to conceal its presence.

Power Failure

Complete loss of building power.

You are working on the training documentation for help-desk agents. What should you include for dealing with difficult situations?

Do not argue with customers and/or be defensive. Avoid dismissing customer problems, and do not be judgmental. Try to calm the customer and move the support call toward positive troubleshooting diagnosis and activity, emphasizing a collaborative approach. Do not disclose experiences via social media outlets.

Definition/Pattern Updates

Information about new viruses and other malware used to update antivirus scanners.

Worms

Type of malware that replicates between processes in system memory and can spread over client/server network connections.

What primary indicator must be verified in the browser before using a web form?

That the browser address bar displays the lock icon to indicate that the site uses a trusted certificate. This validates the site identity and protects information submitted via the form from interception.

You are writing a tech note to guide new technicians on operational procedures for working with Active Directory. As part of this note, what is the difference between the gpupdate and gpresult commands?

gpupdate is used to refresh local policy settings with updates or changes from the policy template. gpresult is used to identify the Resultant Set of Policies (RSoP) for a given computer and/or user account.

Knowledge Base (KB)

Searchable database of product FAQs (Frequently Asked Questions), advice, and known troubleshooting issues. The Microsoft KB is found at support.microsoft.com.

Master Boot Record (MBR)

Sector on a mass storage device that holds information about partitions and the OS boot loader.

Access Control Vestibule

Secure entry system with two gateways, only one of which is open at any one time.

Asset

Thing of economic value. For accounting purposes, assets are classified in different ways, such as tangible and intangible or short term and long term. Asset management means identifying each asset and recording its location, attributes, and value in a database.

You take a support call where the user doesn't understand why a program runs at startup when the Startup folder is empty. What is the likely cause, and how could you verify this?

The program has added a registry entry to run at startup. You could check this (and optionally disable the program) by using Task Manager.

What command could you use to move a file names.doc from your current directory to the USB stick linked to folder /mnt/usb?

mv names.doc /mnt/usb

You are checking that a remote Windows workstation will be able to dial into a web conference with good quality audio/video. What is the best tool to use to measure latency between the workstation's network and the web conferencing server?

pathping measures latency over a longer period and so will return a more accurate measurement than the individual round trip time (RTT) values returned by ping or tracert.

How would you update an app purchased from the Mac App Store?

pen the Mac App Store and select the Updates button.

A DHCP server has been reconfigured to use a new network address scheme following a network problem. What command would you use to refresh the IP configuration on Windows client workstations?

ipconfig / renew

Which Linux command will display detailed information about all files and directories in the current directory, including system files?

ls -la

New Technology File System (NTFS)

64-bit default file system for Windows, with file-by-file compression and RAID support as well as advanced file attribute management tools, encryption, and disk quotas.

exFAT

64-bit version of the FAT file system with support for larger partition and file sizes.

Spoofing

Attack technique where the threat actor disguises their identity or impersonates another user or resource.

You are advising a customer with an older-model Android smartphone. The customer wants to update to the latest version of Android, but using the update option results in a "No updates available" message. What type of issue is this, and what advice can you provide?

This is an issue with update limitations. Android is quite a fragmented market, and customers must depend on the handset vendor to implement OS updates for a particular model. The customer can only check the handset vendor's website or helpline to find out if a version update will ever be supported for that model.

Which command produces the output shown in this screenshot?

This is output from netstat. The -n switch has been used to show ports in numeric format and the -o switch to show the PID of the process that opened the port.

nslookup command

Cross-platform command tool for querying DNS resource records.

ping command

Cross-platform command tool for testing IP packet transmission.

netstat command

Cross-platform command tool to show network information on a machine running TCP/IP, notably active connections, and the routing table.

Windows Recovery Environment (WinRE)

Windows troubleshooting feature that installs a command shell environment to a recovery partition to remediate boot issues.

Disk Clean-up (cleanmgr.exe)

Windows utility for removing temporary files to reclaim disk space.

You are supporting a user who has just replaced a wireless router. The user has joined the new wireless network successfully but can no longer find other computers on the network. What should you check first?

Use Network & Internet to check the network profile type. When the network changed, the user probably selected the wrong option at the prompt to allow the PC to be discoverable, and the profile is probably set to Public. Change the type Private.

PowerShell (PS)

Command shell and scripting language built on the .NET Framework that use cmdlets for Windows automation.

What is the purpose of a KB?

A knowledge base (KB) is a reference to assist with installing, configuring, and troubleshooting hardware and software. KBs might be created by vendors to support their products. A company might also create an internal KB, populated with guidelines, procedures, information from service tickets, and answers to frequently asked questions (FAQs).

ipconfig command

Command tool used to gather information about the IP configuration of a Windows host.

find command

Command-line Linux tool used to search the file system.

xcopy command

Command-line directory and file copy utility offering improved functionality compared to the basic copy command.

Nano

Command-line text editor operated by CTRL key combinations.

cp

Command-line tool for copying files in Linux.

Piggybacking

Allowing a threat actor to enter a site or controlled location without authorization.

copy command

Command-line tool for copying files.

md command

Command-line tool for creating directories.

move command

Command-line tool for moving files.

chkdsk

Command-line tool that verifies the integrity of a disk's file system.

cd command

Command-line tool used to navigate the directory structure.

gpupdate

Command-line tools to apply and analyze group policies. Group policies are a means of configuring registry settings.

df and du commands

Command-line tools used to report storage usage in Linux.

format command

Command-line utility for creating a file system on a partition.

System File Checker

Command-line utility that checks the integrity of system and device driver files.

dir command

Command-line utility that displays information about the contents of the current directory.

diskpart

Command-line utility used to configure disk partitions.

X:

Command-line utility used to select the working drive.

Asset Tag

Practice of assigning an ID to assets to associate them with entries in an inventory database.

Member Server

Any application server computer that has joined a domain but does not maintain a copy of the Active Directory database.

Password

Any attack where the attacker tries to gain unauthorized access to and use of passwords.

Facial Recognition

Biometric authentication mechanism that uses an infrared camera to verify that the user's face matches a 3D model recorded at enrollment.

Palmprint Scanner

Biometric camera-based scanner that uses unique features of a palm shown by visible and infrared light.

A computer is caught in a reboot loop. It starts, shows a BSoD, and then reboots. What should you do?

Boot using a recovery tool, such as the product disc, and attempt startup repair and/or repair of the Windows installation using sfc or Windows reset.

Ad Blockers

Browser feature or add-in that prevents third-party content from being displayed when visiting a site.

Pop-up Blockers

Browser feature or extension that prevents sites from creating new browser windows.

Certificate Warnings

Browser indication that a site connection is not secure because the certificate is invalid or the issuing CA is not trusted.

login script

Code that performs a series of tasks automatically when a user account is authenticated.

How do you activate Spotlight Search using the keyboard?

COMMAND+SPACEBAR.

Service Set ID (SSID)

Character string that identifies a particular wireless LAN (WLAN).

Asymmetric Encryption Cipher

Cipher that uses public and private keys. The keys are mathematically linked, using either Rivel, Shamir, Adleman (RSA) or elliptic curve cryptography (ECC) alogrithms, but the private key is not derivable from the public one. An asymmetric key cannot reverse the operation it performs, so the public key cannot decrypt what it has encrypted, for example.

Locator Application

Cloud app that uses mobile device location service to identify its current position on a map and enable security features to mitigate theft or loss.

Users working from home need to be able to access a PC on the corporate network via RDP. What technology will enable this without having to open the RDP port to Internet access?

Configure a virtual private network (VPN) so that remote users can connect to the corporate LAN and then launch the remote desktop protocol (RDP) client to connect to the office PC.

Redirection

Consequence of malware infection where DNS and/or search results are corrupted to redirect requests from legitimate site hosts to spoofed sites or ads.

Physical Placement

Considerations for installation location for PC and network devices to ensure reliable and secure operation.

Magnetometer

Hand-held or walkthrough metal detector designed to detect concealed weapons.

You are updating a deployment checklist for installing new workstation PCs. What are the principal environmental hazards to consider when choosing a location?

Heat and direct sunlight, excessive dust and liquids, and very low or high humidity. Equipment should also be installed so as not to pose a topple or trip hazard.

Network Topology Diagram

Documentation showing how network nodes are connected by cabling or how they are logically identified and connected, such as in IP networks.

Process

Software program that has been executed and is running in system memory.

.PY

Extension for a script written in the Python programming language.

What two types of biometric authentication mechanism are supported on smartphones?

Fingerprint recognition and facial recognition.

Botnet

Group of hosts or devices that have been infected by a control program called a bot that enables attackers to exploit the hosts to mount attacks.

Linux

Open-source OS packaged in distributions supported by a wide range of hardware and software vendors.

Feature Updates

Release paradigm introduced for Windows 10 where significant changes and new features are distributed via Windows Update on a semiannual schedule.

JavaScript

Scripting language used to add interactivity to web pages and HTML-format email.

Impersonation

Social engineering attack where an attacker pretends to be someone they are not.

Vishing

Social engineering attack where the threat actor extracts information while speaking over the phone or leveraging IP-based voice messaging services (VoIP).

Shoulder Surfing

Social engineering tactic to obtain someone's password or PIN by observing him or her as he or she types it in.

Pretexting

Social engineering tactic where a team will communicate, whether directly or indirectly, a lie or half-truth in order to get someone to believe a falsehood.

In terms of system hardware, what is the main advantage of a 64-bit version of Windows?

Support for more than 4 GB RAM.

When you set NTFS permissions on a folder, what happens to the files and subfolders by default?

They inherit the parent folder's permissions.

Why might you run the shutdown command with the /t switch?

To specify a delay between running the command and shutdown starting. You might do this to give users a chance to save work or to ensure that a computer is restarted overnight.

Registry Editor (regedit.exe)

Tool for making direct edits to the registry database, such as adding or modifying keys or values. The Registry Editor can be used to make backups of the registry.

Startup Repair

Troubleshooting boot options that allow use of tools such as safe mode and recovery discs.

Safe Mode

Troubleshooting startup mode that loads a limited selection of drivers and services.

Lunchtime Attack

Where a threat actor exploits an unlocked and unattended desktop or mobile device to gain unauthorized access.

AirDrop

iOS feature for simple file sharing via Bluetooth.

What command would allow you to delete the contents of the folder /home/jaime/junk and all its subdirectories?

rm -r /home/jaime/junk

fixboot

Windows command in Windows allowing for the repair (or attempted repair) of the boot manager and boot loader.

FAT32

32-bit file system used principally for system partitions and removable media.

Windows Defender Firewall

Built-in, host-based filtering of network connections.

.JS

Extension for the JavaScript file format.

Wireless Wide Area Network (WWAN)

Network covering a large area using wireless technologies, such as a cellular radio data network or line-of-sight microwave transmission.

End of Life (EOL)

Product life-cycle phase where mainstream vendor support is no longer available.

Bootleg App

Software that illegally copies or imitates a commercial product or brand.

Windows Security

Touch-enabled app for configuring features such as firewall and antivirus.

Windows Settings

Touch-enabled interface for managing user and system settings in Windows.

Magic Mouse

Touch-enabled mouse and trackpad hardware for Apple computers.

winver command

Command-line tool for reporting Windows version information.

Run as administrator

Windows feature that requires a task to be explicitly launched with elevated privileges and consented to via UAC.

Reset this PC

Windows feature to attempt system recovery by reinstalling Windows from source.

Network Discovery

Windows firewall configuration that makes a host visible to network browsers.

File Sharing

Windows firewall configuration that opens the network ports required to operate as a file/print server.

Run dialog

Windows interface for executing commands.

shutdown command

Command-line tool for shutting down or restarting the computer. The command is supported by Windows and Linux, though with different syntax.

Windows Editions

Feature restrictions applied to Windows to distinguish different markets, pricing, and licensing models, such as home versus professional versus enterprise.

Windows Hello

Feature that supports passwordless sign-in for Windows.

Active Directory (AD)

Network directory service for Microsoft Windows domain networks that facilitates authentication and authorization of user and computer accounts.

Force Quit

macOS tool for halting a process; equivalent to the process management functionality in Task Manager.

Remote Disc

macOS tool for sharing an optical drive over the network.

Accessibility prefpane

macOS utility related to desktop and input/output device accessibility configuration.

You are auditing a file system for the presence of any unauthorized Windows shell script files. Which three extensions should you scan for?

.PS1 for PowerShell scripts, .VBS for VBScript, .BAT for cmd batch files.

You are trying to troubleshoot a problem over the phone and need to get advice from your manager. How should you handle this with the customer?

Advise the customer that you will put him or her on hold while you speak to someone else, or arrange to call the customer back.

Motion Sensors

Alarm system triggered by movement as detected by microwave radio reflection or passive infrared sensors.

VBScript

A command shell and scripting language built on the .NET Framework, which allows the administrator to automate and manage computing tasks.

The building will house a number of servers contained within a secure room and network racks. You have recommended that the provisioning requirement includes key-operated chassis faceplates. What threats will this mitigate?

A lockable faceplate controls who can access the power button, external ports, and internal components. This mitigates the risk of someone gaining access to the server room via social engineering. It also mitigates risks from insider threat by rogue administrators, though to a lesser extent (each request for a chassis key would need to be approved and logged).

A threat actor crafts an email addressed to a senior support technician inviting him to register for free football coaching advice. The website contains password-stealing malware. What is the name of this type of attack?

A phishing attack tries to make users authenticate with a fake resource, such as a website. Phishing emails are often sent in mass as spam. This is a variant of phishing called spear phishing because it is specifically targeted at a single person, using personal information known about the subject (his or her football-coaching volunteer work).

What backup issue does the synthetic job type address?

A synthetic full backup reduces data transfer requirements and, therefore, backup job time by synthesizing a full backup from previous incremental backups rather than directly from the source data.

Network Interface Card (NIC)

Adapter card that provides one or more Ethernet ports for connecting hosts to a network so that they can exchange data over a link.

.APK

Android app package format used when sideloading software from a source other than a trusted store.

Key exchange

Any method by which cryptographic keys are transferred among users, thus enabling the use of a cryptographic algorithm.

Denial of Service (DoS)

Any type of physical, application, or network attack that affects the availability of a managed resource.

Remote Desktop Protocol (RDP)

Application protocol for operating remote connections to a host using a graphical interface. The protocol sends screen data from the remote host to the client and transfers mouse and keyboard input from the client to the remote host. It uses TCP port 3389.

How do you perform a scan to identify file system errors in read-only mode?

At a command prompt, run chkdsk without any switches. Note that sfc is not the correct answer as this verifies the integrity of protected system files rather than checks the file system on a drive.

SQL Injection

Attack that injects a database query into the input data directed at a server by accessing the client side of the application.

On-Path

Attack where the threat actor makes an independent connection between two victims and is able to read and possibly modify traffic.

2-step Verification

Authentication mechanism that uses a separate channel to authorize a sign-on attempt or to transmit an additional credential. This can use a registered email account or a contact phone number for an SMS or voice call.

Multifactor Authentication (MFA)

Authentication scheme that requires the user to present at least two different factors as credentials; for example, something you know, something you have, something you are, something you do, and somewhere you are. Specifying two factors is known as 2FA.

Least Privilege

Basic principle of security stating that something should be allocated the minimum necessary rights, privileges, or information to perform its role.

Implicit Deny

Basic principle of security stating that unless something has explicitly been granted access, it should be denied access.

cmd.exe

Basic shell interpreter for Windows.

Uninterruptible Power Supply (UPS)

Battery-powered device that supplies AC power that an electronic device can use in the event of power failure.

Hardware Compatibility List (HCL)

Before installing an OS, it is vital to check that all the PC components have been tested for compatibility with the OS (that they are on the Hardware Compatibility List [HCL] or Windows Logo'd Product List). Incompatible hardware may not work or may even prevent the installation from completing successfully.

3-2-1 Backup Rule

Best practice maxim stating that at any given time there should be at least three copies of data stored on two media types, with one copy held off site.

Katie works in a high-security government facility. When she comes to work in the morning, she places her hand on a scanning device installed at a turnstile in the building lobby. The scanner reads her palmprint and compares it to a master record of her palmprint in a database to verify her identity. What type of security control is this?

Biometric authentication deployed as part of a building's entry-control system.

Fingerprint

Biometric authentication device that can produce a template signature of a user's fingerprint and then subsequently compare the template to the digit submitted for authentication.

Retina Scanner

Biometric scanner based on analysis of the unique pattern of blood vessels at the back of the eye.

Private/Incognito Browsing Mode

Browser mode in which all session data and cache is discarded and tracking protection features are enabled by default.

A threat actor recovers some documents via dumpster diving and learns that the system policy causes passwords to be configured with a random mix of different characters that are only five characters in length. To what type of password cracking attack is this vulnerable?

Brute force attacks are effective against short passwords. Dictionary attacks depend on users choosing ordinary words or phrases in a password.

Remote Monitoring and Management (RMM)

Category of support software designed for outsourced management of client networks by MSPs.

Android

Cell phone/smartphone/tablet OS developed by the Open Handset Alliance (primarily driven by Google). Unlike iOS, it is an open-source OS, based on Linux.

You have selected a secure location for a new home router, changed the default password, and verified the WAN IP address and Internet link. What next step should you perform before configuring wireless settings?

Check for a firmware update. Using the latest firmware is important to mitigate risks from software vulnerabilities.

You are troubleshooting a user device that keeps powering off unexpectedly. You run hardware diagnostics and confirm there is no component fault or overheating issue. What should your next troubleshooting step be?

Check that the device has sufficient spare storage, and check for updates. If you can't identify a device-wide fault, test to see whether the issue is associated with use of a single app.

You are writing some work instructions to assist technicians with deploying new user desktops via cloning. What type of installation and boot method is this process most likely to use, and what are the boot requirements?

Cloning refers to the image deployment installation method. An image is a copy of an existing installation saved as a single file. Image deployment could use USB boot media (or even optical discs), but network boot is more likely. Network boot requires a PXE-compatible network adapter and motherboard in the computer and the boot device priority set to network/PXE. The network requires a Dynamic Host Configuration Protocol (DHCP) server plus a remote network installation server to run unattended setup and apply the image.

OneDrive

Cloud storage service operated by Microsoft and closely integrated with Windows.

Microsoft account

Cloud-based SSO service allowing users to synchronize settings between multiple Windows devices.

Apple ID

Cloud-based service allowing users to synchronize settings and manage apps, file sharing, and backups between multiple Apple devices.

access control list (ACL)

Collection of access control entries (ACEs) that determines which subjects (user accounts, host IP addresses, and so on) are allowed or denied access to the object and the privileges given (read-only, read/write, and so on).

Bash

Command interpreter and scripting language for Unix-like systems.

robocopy command

Command-line file copy utility recommended for use over the older xcopy.

vi or vim

Command-line text editor that extends the original vi software. Vim uses a command mode for file operations and an insert mode for editing.

rmdir

Command-line tool for deleting directories. The /s switch enables the deletion of non-empty directories.

rm command

Command-line tool for deleting file system objects in Linux.

Active Listening

Communication technique to ensure that you capture all the information that the other person is "transmitting," including nonverbal cues such as tone of voice or gestures. There are various active-listening techniques for ensuring that you are "getting the right message," such as summarizing, reflecting (matching the speaker's communication style), interpreting, and verbal attends (such as "Uh-huh." or "I see.").

Why is DNS configuration a step in the malware remediation process?

Compromising domain-name resolution is a very effective means of redirecting users to malicious websites. Following malware infection, it is important to ensure that DNS is being performed by valid servers.

Roaming Profiles

Configuring a network share to hold user profile data. The data is copied to and from the share at logon and logoff.

Compatibility Concerns

Considerations that must be made when using an app in an environment with multiple device and OS platforms.

Potential Impacts

Considerations that should be made when planning the installation or upgrade of new apps.

Local Users and Groups (lusrmgr.msc)

Console for creating and managing user and group accounts with the authentication and permissions scope of the local system.

Resource Monitor (resmon.exe)

Console for live monitoring of resource utilization data for the CPU and GPU, system memory, disk/file system, and network.

Performance Monitor (perfmon.msc)

Console for reporting and recording resource utilization via counter data for object instances.

Group Policy Editor (gpedit.msc)

Console related to configuring detailed user and system registry settings via policies.

Disk Management (diskmgmt.msc)

Console related to initializing, partitioning, and formatting disk drives.

User Accounts Applet

Control Panel app relating to user account creation and maintenance.

Internet Options

Control Panel applet allowing configuration of the Internet Explorer web browser.

Mail applet

Control Panel applet related to configuration of Microsoft Outlook email accounts and storage files.

Sound applet

Control Panel applet related to speaker and microphone configuration plus Windows sound events and notifications.

Digital Rights Management (DRM)

Copyright protection technologies for digital media. DRM solutions usually try to restrict the number of devices allowed for playback of a licensed digital file, such as a music track or ebook.

A company wants to minimize the number of devices and mobile OS versions that it must support but allow use of a device by employees for personal email and social networking. What mobile deployment model is the best fit for these requirements?

Corporate owned, personally enabled (COPE) will allow standardization to a single device and OS. As the requirement does not specify a single device and OS, choose your own device (CYOD) would also fit.

Reservation (DHCP)

DHCP configuration that assigns either a pre-reserved or persistent IP address to a given host, based on its hardware address or other ID.

Prohibited Content

Data found on a computer system that is not permitted by policy or that is not compliant with relevant legislation or regulations.

Personal Government-Issued Information

Data related to identity documents issued by governments, such as passports, social security IDs, and driving licenses, that is liable to be subject to strict legal and regulatory compliance requirements.

You are completing a checklist of security features for workstation deployments. Following the CompTIA A+ objectives, what additional item should you add to the following list, and what recommendation for a built-in Windows feature or features can you recommend be used to implement it? Password best practices End-user best practices Account management Change default administrator's user account/password Disable AutoRun/AutoPlay Enable Windows Update, Windows Defender Antivirus, and Windows Defender Firewall

Data-at-rest encryption. In Windows, this can be configured at file level via the Encrypting File System (EFS) or at disk level via BitLocker.

.APP

Default extension for a macOS app subdirectory when installed to the Applications folder.

Apple File System (APFS)

Default file system for macOS-based computers and laptops.

Home Folder

Default local or network folder for users to save data files to.

When you arrive at a customer location to service a network printer, the user is upset because the printer is not working and therefore he cannot submit his reports on time. How should you approach this user?

Demonstrate empathy with the customer's situation, use active listening skills to show that you understand the importance of the issue, and make the customer confident that you can help. Then use closed-questioning techniques to start to diagnose the problem.

Image Deployment

Deployment method where the target disk is written with an image of the new OS.

Consoles

Device that implements input and output for a command shell. In Linux, multiple virtual consoles support use of a single host by multiple user sessions simultaneously.

Surge Suppressor

Device that protects electrical devices against the damaging effects of a power surge or spike.

Boot Method

Device used to start the setup program and hold source files for installing or upgrading an OS.

tracert command

Diagnostic utilities that trace the route taken by a packet as it "hops" to the destination host on a remote network. tracert is the Windows implementation, while traceroute runs on Linux.

Why are the actions of a first responder critical in the context of a forensic investigation?

Digital evidence is difficult to capture in a form that demonstrates that it has not been tampered with. Documentation of the scene and proper procedures are crucial.

You are reviewing a secure deployment checklist for home router wireless configuration. Following the CompTIA A+ objectives, what additional setting should be considered along with the following four settings? Changing the service set identifier (SSID) Disabling SSID broadcast Encryption settings Changing channels

Disabling guest access. It might be appropriate to allow a guest network depending on the circumstances, but the general principle is that services and access methods that are not required should be disabled.

In which atmospheric conditions is the risk of ESD highest?

During cool, dry conditions when humidity is low. When humidity is high, the static electricity can dissipate through the moisture present in the air.

Upgrade Path

Earlier versions of an OS that support an in-place upgrade to a newer version, retaining settings, third-party apps, and user data files.

Soft Token

Either an additional code to use for 2-step verification, such as a one-time password, or authorization data that can be presented as evidence of authentication in an SSO system.

A command has generated a large amount of data on the screen. What could you add to the command to make the output more readable?

Either | more or | less.

Spear phishing

Email-based or web-based form of phishing which targets specific individuals.

Phishing

Email-based social engineering attack, in which the attacker sends email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.

Counter Mode with Cipher Block Chaining Message Authentication Code Protocol (CCMP)

Encryption protocol used for wireless LANs that addresses the vulnerabilities of the WEP protocol.

Desktop Management or Unified Endpoint Management (UEM)

Enterprise software for controlling device settings, apps, and corporate data storage on all types of fixed, mobile, and IoT computing devices.

Finder

File management app in macOS.

Inheritance

File system access-control-concept where child objects are automatically assigned the same permissions as their parent object.

This PC

File system object representing a Windows computer and the disk drives installed to it.

Directory

File system object used to organize other file system objects into containers.

Administrative Tools

Folder in Control Panel containing default Microsoft management consoles used to configure the local system.

Internet Protocol (IP)

Format for logical host and network addressing. In IPv4, a 32-bit binary address is expressed in dotted decimal notation, such as 192.168.1.1. In IPv6, addresses are 128-bit expressed as hexadecimal (for example, 2001:db8::0bcd:abcd:ef12:1234).

A user is assigned Read NTFS permissions to a resource via his user account and Full Control via membership of a group. What effective NTFS permissions does the user have for the resource?

Full control—the most effective permissions are applied.

Root Access

Gaining superuser level access over an Android-based mobile device.

True or false? An organization should rely on automatic screen savers to prevent lunchtime attacks.

False. A lunchtime attack is where a threat actor gains access to a signed-in user account because the desktop has not locked. While an automatic screensaver lock provides some protection, there may still be a window of opportunity for a threat actor between the user leaving the workstation unattended and the screensaver activating. Users must lock the workstation manually when leaving it unattended.

True or false? The level of risk from zero-day attacks is only significant with respect to EOL systems.

False. A zero-day is a vulnerability that is unknown to the product vendor and means that no patch is available to mitigate it. This can affect currently supported as well as unsupported end-of-life (EOL) systems. The main difference is that there is a good chance of a patch being developed if the system is still supported, but almost no chance if it is EOL.

True or false? Updates are not necessary for iOS devices because the OS is closed source.

False. Closed source just means that the vendor controls development of the OS. It is still subject to updates to fix problems and introduce new features.

True or false? TKIP represents the best available wireless encryption and should be configured in place of AES if supported.

False. False. Advanced Encryption Standard (AES) provides stronger encryption and is enabled by selecting Wi-Fi Protected Access (WPA) version 2 with AES/CCMP or WPA3 encryption mode. The Temporal Key Integrity Protocol (TKIP) attempts to fix problems with the older RC4 cipher used by the first version of WPA. TKIP and WPA1 are now deprecated..

True or false? Using a browser's incognito mode will prevent sites from recording the user's IP address.

False. Incognito mode can prevent the use of cookies but cannot conceal the user's source IP address. You do not need to include this in your answer, but the main way to conceal the source IP address is to connect to sites via a virtual private network (VPN).

True or false? Windows Defender Firewall cannot be disabled.

False. It is not usually a good idea to do so, but it can be disabled via Security Center or the Control Panel applet.

True or false? A factory reset preserves the user's personal data.

False. Restoring to factory settings means removing all user data and settings.

True or False? You should fit an antistatic wrist strap over your clothing as this is most likely to retain a charge.

False. The conductive path will occur through your fingers as you touch electronic components. The stud in the wrist strap must make contact with your skin to drain the charge.

True or false? Under default settings, the user account added during setup is not affected by User Account Control.

False. User Account Control (UAC) is designed to prevent misuse of accounts with administrative privileges. Use of such privileges requires the user to approve a consent dialog or to enter the credentials of an administrator account. This system can be disabled via UAC settings, but it is enabled by default.

Instant Secure Erase (ISE)

Media sanitization command built into HDDs and SSDs that are self-encrypting that works by erasing the encryption key, leaving remnants unrecoverable.

True or false? The dfrgui.exe utility should be disabled if Windows is installed to an SSD.

False. While solid state drives (SSDs) and hard disk drives (HDDs) have different mechanical and performance characteristics, it is still necessary to run the Defragment and Optimize Drives (dfrgui.exe) periodically to optimize performance.

BitLocker

Feature of Windows allowing for encryption of NTFS-formatted drives. The encryption key can be stored in a TPM chip on the computer or on a USB drive.

Preboot eXecution Environment (PXE)

Feature of a network adapter that allows the computer to boot by contacting a suitably configured server over the network.

Fileless Malware

Exploit techniques that use the host's scripting environment to create malicious processes.

What two factors must a user present to authenticate to a wireless network secured using EAP-TLS?

Extensible Authentication Protocol (EAP) allows for different types of mechanisms and credentials. The Transport Layer Security (TLS) method uses digital certificates installed on both the server and the wireless station. The station must use its private key and its certificate to perform a handshake with the server. This is one factor. The user must authenticate to the device to allow use of this private key. This device authentication—via a password, PIN, or bio gesture—is the second factor.

.SH

Extension for a Linux shell script file format. The shebang in the first line of the script identifies the shell type (Bash, for instance).

.PS1

Extension for the PowerShell script format.

.VBS

Extension for the Visual Basic Script file format.

.BAT

Extension for the batch file format that is used to execute a series of Windows CMD shell commands.

Desktop

Graphical OS interface that allows programs to run within window containers. Desktop styles include tools for launching apps, such as the Windows Start Menu, and managing apps, such as the Windows taskbar. Changes to the desktop style over the course of version and feature updates can be confusing for users.

Domain

Group of hosts that is within the same namespace and administered by the same authorit

workgroup

Group of network hosts that shares resources in a peer-to-peer fashion. No one computer provides a centralized directory.

Variable

Identifier for a value that can change during program execution. Variables are usually declared with a particular data type.

You receive a support call from a user who is "stuck" on a web page. She is trying to use the Back button to return to her search results, but the page just displays again with a pop-up message. Is her computer infected with malware?

If it only occurs on certain sites, it is probably part of the site design. A script running on the site can prevent use of the Back button. It could also be a sign of adware or spyware though, so it would be safest to scan the computer using up-to-date anti-malware software.

Why might a PC infected with malware display no obvious symptoms?

If the malware is used with the intent to steal information or record behavior, it will not try to make its presence obvious. A rootkit may be very hard to detect even when a rigorous investigation is made.

Original Equipment Manufacturer (OEM)

In PC terms, companies that sell Windows co-branded under their own logo. OEM Windows licenses are valid only on the system that the software was installed on, and the OEM must provide support.

Folder Redirection

In Windows, redirecting an individual user profile folder, such as Documents or Pictures, to a network share.

Private Key

In asymmetric encryption, the private key is known only to the holder and is linked to, but not derivable from, a public key distributed to those with which the holder wants to communicate securely. A private key can be used to encrypt data that can be decrypted by the linked public key or vice versa.

Loop

In scripting and programming, control statement that executes code repeatedly based on a condition.

While troubleshooting an issue with a graphics card in Windows 10, you discover that the driver version is not up to date. What first step could you perform to install the latest driver?

In the Settings app, select Update & Security. Under Windows Update, select "View optional updates." If a graphics driver update is not listed here, check the vendor's site for driver installation software.

Where would you look for the option to view and configure wireless adapter status in macOS?

In the Status menu on the Menu bar, in the top-right of the screen, or in the Network prefpane.

Registry

In the Windows registry, a key is analogous to a folder on the file system. Keys are used to group like settings together in a hierarchy that is logical to navigate.

Escalation

In the context of support procedures, incident response, and breach-reporting, escalation is the process of involving expert and senior staff to assist in problem management.

Material Safety Data Sheet (MSDS)

Information sheet accompanying hazardous products or substances that explains the proper procedures for handling and disposal.

Untrusted Source

Installer package whose authenticity and integrity cannot be verified.

Early in the day, a user called the help desk saying that his computer is running slowly and freezing up. Shortly after this user called, other help desk technicians who overheard your call also received calls from users who report similar symptoms. Is this likely to be a malware infection?

It is certainly possible. Software updates are often applied when a computer is started in the morning, so that is another potential cause, but you should investigate and log a warning so that all support staff are alerted. It is very difficult to categorize malware when the only symptom is performance issues. However, performance issues could be a result of a badly written Trojan, or a Trojan/backdoor application might be using resources maliciously (for DDoS, Bitcoin mining, spam, and so on).

Differential

Job type in which all selected files that have changed since the last full backup are backed up.

Incremental Backups

Job type in which all selected files that have changed since the last full or incremental backup (whichever was most recent) are backed up.

Full Backup

Job type in which all selected files, regardless of prior state, are backed up.

Open-Source

Licensing model that grants permissive rights to end-users, such as to install, use, modify, and distribute a software product and its source code, as long as redistribution permits the same rights.

Risk

Likelihood and impact (or consequence) of a threat actor exercising a vulnerability.

grep

Linux command for searching and filtering input. This can be used as a file search tool when combined with ls.

pwd

Linux command for showing the current directory ("Print Working Directory").

cat

Linux command to view and combine (concatenate) files.

ip command

Linux command tool used to gather information about the IP configuration of the network adapter or to configure the network adapter.

su

Linux commands allowing a user to use the root account or execute commands restricted to privileged users.

sudo

Linux commands allowing a user to use the root account or execute commands restricted to privileged users.

Samba

Linux software package that implements Server Message Block (SMB) file/print sharing, primarily to support integration with Windows hosts.

Viruses

Malicious code inserted into an executable file image. The malicious code is executed when the file is run and can deliver a payload, such as attempting to infect other files.

Cross-Site Scripting (XSS)

Malicious script hosted on the attacker's site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser's security model of trusted zones.

Keylogger

Malicious software or hardware that can record user keystrokes.

Trojans

Malicious software program hidden within an innocuous-seeming piece of software. Usually, the Trojan is used to try to compromise the security of the target computer.

Remote Access Trojan (RAT)

Malware that creates a backdoor remote administration channel to allow a threat actor to access and control the infected host.

Cryptominer

Malware that hijacks computer resources to create cryptocurrency.

Ransomware

Malware that tries to extort money from the victim by blocking normal operation of a computer and/or encrypting the victim's files and demanding payment.

Temporal Key Integrity Protocol (TKIP)

Mechanism used in the first version of WPA to improve the security of wireless encryption mechanisms, compared to the flawed WEP standard.

Grandfather-Father-Son (GFS)

Media rotation scheme that labels tapes/devices used for backup jobs in generations, with the youngest generation having a shorter retention period than the oldest.

Secure Erase (SE)

Method of sanitizing a drive using the ATA command set.

Application Programming Interface (API)

Methods exposed by a script or program that allow other scripts or programs to use it. For example, an API enables software developers to access functions of the TCP/IP network stack under a particular operating system.

Blue Screen of Death (BSOD)

Microsoft status screen that indicates an error from which the system cannot recover (also called a stop error). Blue screens are usually caused by bad driver software or hardware faults (memory or disk). Other operating systems use similar crash indicators, such as Apple's pinwheel and Linux's kernel panic message.

Encrypting File System (EFS)

Microsoft's file-level encryption feature available for use on NTFS.

System Requirements

Minimum specifications for CPU speed, memory, and disk capacity for installing an OS or app

Failed Login Attempts

Mobile device authentication mechanism that progressively delays or blocks unlock attempts after multiple failures.

Facial Recognition

Mobile device bio gesture authentication mechanism that requires the user to scan their face to unlock the device.

Pattern

Mobile device bio gesture authentication mechanism that requires the user to scan their face to unlock the device.

Fingerprint

Mobile device bio gesture authentication mechanism that requires the user to scan their fingerprint to unlock the device.

Developer Mode

Mobile device feature designed for testing apps during development that may weaken corporate security protections if misused.

A security consultant has recommended blocking end-user access to the chrome://flags browser page. Does this prevent a user from changing any browser settings?

No. The chrome://flags page is for advanced configuration settings. General user, security, and privacy settings are configured via chrome://settings.

You are pinging a host at 192.168.0.99 from a host at 192.168.0.200. The response is "Reply from 192.168.0.200: Destination host unreachable." The hosts use the subnet mask 255.255.255.0. Does the ping output indicate a problem with the default gateway

No. The hosts are on the same IP network (192.168.0.0/24). This means that 192.168.0.200 does not try to use a router (the gateway) to send the probes. 192.168.0.200 uses address resolution protocol (ARP) to find the host with the IP 192.168.0.99. The host unreachable message indicates that there was no response, but the problem will be an issue such as the host being disconnected from the network or configured to block discovery rather than a gateway issue.

An employee has a private license for a graphics editing application that was bundled with the purchase of a digital camera. The employee needs to use this temporarily for a project and installs it on her computer at work. Is this a valid use of the license?

No. The license is likely to permit installation to only one computer at a time. It might or might not prohibit commercial use, but regardless of the license terms, any installation of software must be managed by the IT department.

You are supporting a home user with upgrading a computer from Windows 10 to Windows 11. You have run Microsoft's PC Health Check tool, and it verifies that the computer meets the hardware requirements. Should you now proceed with the in-place upgrade?

No. You must backup user data and settings first. A backup is essential as a security precaution.

Guest

Non-privileged account that is permitted to access the computer/network without authenticating.

Standard Account

Non-privileged user account in Windows that typically has membership of the Users security group only.

Personal identification number (PIN)

Number used in conjunction with authentication devices such as smart cards; as the PIN should be known only to the user, loss of the smart card should not represent a security risk.

In-place upgrade

OS installation method where the setup program is launched from an existing OS. This can typically retain user data files, settings, and third-party apps.

Clean install

OS setup method where the target disk is repartitioned and formatted, removing any existing OS and/or data files.

apt-get

One of the package management tools available in Linux for installing and updating software.

You are supporting a user who has installed a vendor keyboard driver. The keyboard no longer functions correctly. Under Windows 10, what are the steps to revert to the previous driver?

Open Device Manager from the WinX menu, Instant Search, or the Computer Management console. Expand Keyboards, then right-click the device and select Properties. On the Driver tab, select Roll Back Driver.

You are attempting to run a command but receive the message "The requested operation requires elevation." What must you do to run the command?

Open a new command prompt window with sufficient privileges. You can right-click the Command Prompt icon and select Run as administrator or press CTRL+SHIFT+ENTER to execute the icon or cmd.exe command.

You are assisting a user over the phone and need to identify the edition of Windows that is installed. What step instructions must you give for the user to report this information to you?

Open the Settings app, and then select System. Select the About section, and read the text next to Edition under the Windows specifications heading.

Recovery

Operation to recover system functionality and/or data integrity using backup media.

yum

Package manager for installing, maintaining, inventorying, and removing software from the Red Hat family of Linux distributions.

Basic Input/Output System (BIOS)

Passwords set in system firmware to prevent unauthorized booting of a computer (user password) or changes to system setup (supervisor password).

Threat Actor

Person or entity responsible for an event that has been identified as a security incident or as a risk.

You are updating data handling guidance to help employees recognize different types of regulated data. What examples could you add to help identify healthcare data?

Personal healthcare data is medical records, insurance forms, hospital/laboratory test results, and so on. Healthcare information is also present in de-identified or anonymized data sets.

Footprinting

Phase in an attack or penetration test in which the attacker or tester gathers information about the target before attacking it.

Alarm System

Physical intrusion detection and warning that can use circuit, motion, proximity, and duress triggers.

Video Surveillance

Physical security control that uses cameras and recording devices to visually monitor the activity in a certain area.

Lighting

Physical security mechanisms that ensure a site is sufficiently illuminated for employees and guests to feel safe and for camera-based surveillance systems to work well.

Standby

Power-saving mode where power to all compatible components except system memory is cut. Note that systems on standby still consume some electricity.

A different user wants to configure a multiplayer game server by using the DMZ feature of the router. Is this the best configuration option?

Probably not. Using a home router's "demilitarized zone" or DMZ host option forwards traffic for all ports not covered by specific port-forwarding rules to the host. It is possible to achieve a secure configuration with this option by blocking unauthorized ports and protecting the host using a personal firewall, but using specific port-forwarding/mapping rules is better practice. The most secure solution is to isolate the game server in a screened subnet so that is separated from other LAN hosts, but this typically requires multiple router/firewalls.

You are monitoring CPU Usage and notice that it often jumps to 100% and then falls back. Does this indicate a problem?

Probably not—CPU Usage usually peaks and falls. If it stays over 80-90%, the system could require a faster CPU, or if it spikes continually, there could be a faulty application.

Incident Response Plan (IRP)

Procedures and guidelines covering appropriate priorities, actions, and responsibilities in the event of security incidents, divided into preparation, detection/analysis, containment, eradication/recovery, and post-incident stages.

Retention

Process an organization uses to maintain the existence of and control over certain data in order to comply with business policies and/or applicable laws and regulations.

Mobile Device Management (MDM)

Process and supporting technologies for tracking, controlling, and securing the organization's mobile infrastructure.

Execution Control

Process of determining what additional software may be installed on a client or server beyond its baseline to prevent the use of unauthorized software.

Digital Forensics

Process of gathering and submitting computer evidence to trial. Digital evidence is latent, meaning that it must be interpreted. This means that great care must be taken to prove that the evidence has not been tampered with or falsified.

Sanitization

Process of thoroughly and completely removing data from a storage medium so that file remnants cannot be recovered.

Configuration Management

Process through which an organization's information systems components are kept in a controlled state that meets the organization's requirements, including those for security and compliance.

Change management

Process through which changes to the configuration of information systems are implemented as part of the organization's overall configuration management efforts.

32-bit (x86) or 64-bit (x64)

Processing modes referring to the size of each instruction processed by the CPU. 32-bit CPUs replaced earlier 16-bit CPUs and were used through the 1990s to the present day, though most PC and laptop CPUs now work in 64-bit mode. The main 64-bit platform is called AMD64 or EM64T (by Intel). Software can be compiled as 32-bit or 64-bit. 64-bit CPUs can run most 32-bit software, but a 32-bit CPU cannot execute 64-bit software.

Update Limitations

Product life cycle and procurement consideration where a device or product no longer receives a full range of updates or support from its vendor

Operators

Programming object that can resolve the truth value of a condition, such as whether one variable is equal to another.

macOS

Proprietary OS designed by Apple for their range of iMac computers, Mac workstations, and MacBook portables.

Chrome OS

Proprietary OS developed by Google to run on specific laptop (chromebooks) and PC (chromeboxes) hardware.

Cybersecurity

Protection of computer systems and digital information resources from unauthorized access, attack, theft, or data damage.

Universal Plug-and-Play (UPnP)

Protocol framework allowing network devices to autoconfigure services, such as allowing a games console to request appropriate settings from a firewall.

Dynamic Host Configuration Protocol (DHCP)

Protocol used to automatically assign IP addressing information to hosts that have not been configured manually.

A user calls saying that their screen occasionally goes blue, and the system shuts down. What should you advise the user to do?

Record as much information from the user's blue screen as possible, especially the STOP error number, so that you can research the error.

Chain of Custody

Record of evidence-handling from collection to presentation in court to disposal.

Credit Card Transactions

Regulated data related to processing financial transactions.

Virtual Network Computing (VNC)

Remote access tool and protocol. VNC is the basis of macOS screen-sharing.

You are joining a new startup business that will perform outsourced IT management for client firms. You have been asked to identify an appropriate software solution for off-site support and to ensure that service level agreement (SLA) metrics for downtime incidents are adhered to. What general class of remote access technology will be most suitable?

Remote monitoring and management (RMM) tools are principally designed for use by managed service providers (MSPs). As well as remote access and monitoring, this class of tools supports management of multiple client accounts and billing/reporting.

Device Wipe

Remote-initiated factory reset of a mobile device that removes all user data and settings.

Enterprise Wipe

Remote-initiated wipe of a mobile device that removes corporate apps and data only.

Jailbreak

Removes the protective seal and any OS specific restrictions to give users greater control over the device.

Identify how to open the tool shown in this exhibit. What single word command can you use to open the tool shown in the exhibit? How can this tool assist with troubleshooting?

Run the System Information tool using the msinfo32 command (Msinfo32.exe). This tool produces a comprehensive hardware and software inventory report. This configuration and version information will be useful for many troubleshooting tasks.

You are troubleshooting a print problem, which turned out to be caused by user error. The user is not confident that the problem is solved and wants more reassurance. You have already explained what the user was doing wrong in some detail. What should you do?

Run through the print process step-by-step to show that it works. It is very important to get a customer's acceptance that a problem is closed.

Home Router

SOHO device providing Internet routing via a full fiber, DSL, cable, or satellite link. These appliances also provide a 4-port LAN switch and Wi-Fi plus a firewall.

Virtual Private Network (VPN)

Secure tunnel created between two endpoints connected via an unsecure transport network (typically the Internet).

Fencing

Security barrier designed to prevent unauthorized access to a site perimeter.

Authentication, Authorization, and Accounting (AAA)

Security concept where a centralized platform verifies subject identification, ensures the subject is assigned relevant permissions, and then logs these actions to create an audit trail.

Backups

Security copy of production data made to removable media, typically according to a regular schedule. Different backup types (full, incremental, or differential) balance media capacity, time required to backup, and time required to restore.

Smart Card

Security device similar to a credit card that can store authentication information, such as a user's private key, on an embedded cryptoprocessor.

Bring Your Own Device (BYOD)

Security framework and tools to facilitate use of personally-owned devices to access corporate networks and data.

Content Filtering

Security measure performed on email and Internet traffic to identify and block suspicious, malicious and/or inappropriate content in accordance with an organization's policies.

Screensavers

Security mechanism that locks the desktop after a period of inactivity and requires user to authenticate to resume.

Windows Defender Antivirus

Security scanner installed and enabled by default in Windows that provides protection against general malware types.

Screened Subnet

Segment isolated from the rest of a private network by one or more firewalls that accepts connections from the Internet over designated ports.

Backup Chain

Sequence of jobs starting with a full backup and followed by either incremental or differential backups to implement a media rotation scheme.

Kerberos

Single sign-on authentication and authorization service that is based on a time-sensitive, ticket-granting system.

Drifting Out of Sync

Situation where hosts on a network are not closely synchronized to the same date/time source.

Tailgating

Social engineering technique to gain access to a building by following someone who is unaware of their presence.

Endpoint Detection and Response (EDR)

Software agent that collects system data and logs for analysis by a monitoring system to provide early detection of threats.

Antivirus Scan

Software capable of detecting and removing virus infections and (in most cases) other types of malware, such as worms, Trojans, rootkits, adware, spyware, password crackers, network mappers, DoS tools, and so on.

Plug-ins

Software installed to a web browser to handle multimedia objects embedded in web pages. Use of most plug-in types is now deprecated.

Firmware

Software instructions embedded on a hardware device such as a computer motherboard. Modern types of firmware are stored in flash memory and can be updated more easily than legacy programmable read-only memory (ROM) types.

Authenticator Applications

Software that allows a smartphone to operate as a second authentication factor or as a trusted channel for 2-step verification.

Screen-Sharing

Software that allows clients to view and control the desktop over a network or the Internet.

Remote Wipe

Software that allows deletion of data and settings on a mobile device to be initiated from a remote server.

Video-Conferencing

Software that allows users to configure virtual meeting rooms, with options for voice, video, instant messaging, and screen-sharing.

Terminal

Software that implements input and output for a command shell.

Spyware

Software that records information about a PC and its users, often installed without the user's consent.

Exploit

Specific method by which malware code infects a target host, often via some vulnerability in a software process.

Platform Module (TPM)

Specification for secure hardware-based storage of encryption keys, hashed passwords, and other user- and platform-identification information.

Rogue Antivirus

Spoofed desktop notifications and browser ads designed to alarm users and promote installation of Trojan malware.

ext3

Standard Linux file system that includes journaling and has since been replaced with ext4

802.1X

Standard for encapsulating EAP communications over a LAN (EAPoL) or WLAN (EAPoW) to implement port-based authentication.

Factory Reset

Standard routine created by manufacturer that can be invoked to restore an appliance to its shipped state, clearing any user customization, configuration, or modification.

Wi-Fi Protected Access (WPA)

Standards for authenticating and encrypting access to Wi-Fi networks.

WinX menu

Start button shortcut menu with quick access to principal configuration and management utilities.

You are writing work instructions for third-party app deployments using the CompTIA A+ objectives to guide you. In the section on system requirements for applications, you have covered the following topics: 32-bit- vs. 64-bit-dependent application requirements Dedicated graphics card vs. integrated (VRAM requirements) RAM requirements CPU requirements External hardware tokens What additional topic should you include, if any?

Storage requirements. Each app takes up a certain amount of space when installed to the fixed disk. Also, you must plan for user-generated file storage, temp files, log files, and other data generated through use of the app.

Advanced Encryption Standard (AES)

Symmetric 128-, 192-, or 256-bit block cipher used for bulk encryption in modern security standards, such as WPA2, WPA3, and TLS.

Symbolic

Syntax for setting Linux permissions that uses characters to represent permissions values.

Shell

System component providing a command interpreter by which the user can use a kernel interface and operate the OS.

Short Message Service (SMS)

System for sending text messages between cell phones.

Everyone

System security group that represents any account, including unauthenticated users.

Unprotected System

System where one or more required security controls (antivirus or firewall, for example) is missing or misconfigured.

Non-compliant System

System whose configuration is different from its secure baseline.

A security consultant has recommended more frequent monitoring of the antivirus software on workstations. What sort of checks should this monitoring perform?

That the antivirus is enabled, is up to date with scan engine components and definitions, and has only authorized exclusions configured.

Your company is replacing its Windows desktops with Mac workstations, and you need to assist users with the transition. What is the equivalent of File Explorer in macOS?

The Finder.

You are assisting another user who is trying to configure a static IP on a Windows workstation. The user says that 255.255.255.0 is not being accepted in the prefix length box. Should the user open a different dialog to complete the configuration or enter a different value?

The Network & Interface settings Edit IP settings dialog can be used. 255.255.255.0 is the subnet mask in dotted decimal format. The dialog just requires the number of mask bits. Each "255" in a dotted decimal mask represents 8 bits, so the user should enter 24.

You are repurposing an old computer. You perform a clean OS install using optical media. During setup, you configured the partition manager to apply GPT style. After the file copy stage, the new installation fails to boot. What is the likely cause?

The PC is set to boot using the legacy BIOS method. This is not compatible with GPT-style partitioning. If supported by system firmware setup, switch to UEFI boot. If the firmware is BIOS only, change the boot method back to optical disc, run setup again, and choose MBR partitioning.

What are the requirements for configuring fingerprint authentication via Windows Hello?

The computer must have a fingerprint reader and a trusted platform module (TPM). Windows Hello must first be configured with a personal identification number (PIN) as a backup method.

You are troubleshooting an issue with a wireless adapter. When you open Device Manager, you find the device's icon is shown with a down arrow superimposed. What does this mean, and why might this configuration have been imposed?

The icon indicates that the device has been disabled. It could be that there was a fault, or there may be a network configuration or security reason for disabling the adapter. In this sort of situation, use incident logs and device documentation to establish the reason behind the configuration change.

A customer asks whether an iOS app that your company developed will also work on her Apple macOS computer. What issue does this raise, and what answer might you give?

The issue here is compatibility between different operating systems. Even though both are produced by Apple, iOS and macOS use different environments, so the iOS app cannot necessarily be installed directly. Your company might make a macOS version. However (do not worry if you did not include this in your answer), with the latest versions of macOS, there is support for native iOS apps, so this might be something you can offer.

For which backup/restore issue is a cloud-based backup service an effective solution?

The issue of provisioning an off-site copy of a backup. Cloud storage can also provide extra capacity.

What care should you take when lifting a heavy object?

The main concern is damaging your back. Lift slowly and use your legs for power, not your back muscles.

Apart from Windows and macOS, what operating system options are there for client PCs installed to a local network?

The other main choice is one of the distributions of Linux. A company might also use some sort of UNIX. Finally, Chrome OS is installed on Chromebox PCs. These are often used by educational institutions and businesses that rely primarily on web applications rather than locally installed desktop software.

Which Windows command is probably best suited for scripting file backup operations?

The robocopy command offers more options than those offered by the xcopy command, so it will usually be the better choice. The copy command is quite basic and probably not suitable.

What is the significance of a $ symbol at the end of a share name?

The share is hidden from the file browser. It can be accessed by typing a UNC. The default administrative shares are all configured as hidden.

Dumpster Diving

The social engineering technique of discovering things about an organization (or person) based on what it throws away.

In Windows, what is the difference between the boot partition and the system partition?

The system partition contains the boot files; the boot partition contains the system root (OS files). The boot partition is normally assigned the drive letter C. The system partition is not normally assigned a drive letter.

You receive a call from a user trying to save a file and receiving an "Access Denied" error. Assuming a normal configuration with no underlying file corruption, encryption, or malware issue, what is the cause and what do you suggest?

The user does not have "Write" or "Modify" permission to that folder. If there is no configuration issue, you should advise the user about the storage locations permitted for user-generated files. If there were a configuration issue, you would investigate why the user had not been granted the correct permissions for the target folder.

Assuming default Explorer view settings are configured, what steps should the user take to get better context of files?

The user must first show file extensions, using the View tab in the File Explorer Options applet (you might also note that this can be done via a check box on the View menu ribbon of File Explorer).

You are assisting a user whose application is in the state shown in the exhibit. How would you troubleshoot this problem?

The user will be concerned about losing any unsaved work. Ask the user to describe what he or she was doing at the time of the crash to try to diagnose what might have caused it. Give the program a few minutes to finish processing—check Task Manager for ongoing disk activity. If the application does not start responding, check autosave and temp folders for a recent copy of the file data. Use Task Manager to end the process. Restart the application, and try to open any file data you might have recovered. Check the log files and online resources to try to diagnose the cause of the crash. If the problem persists, consider solutions such as disabling add-ons or reinstalling. Demonstrate to the user how to set up autosave (if it is not already configured) and how to save regularly.

You are assisting a user with configuring a static IP address. The user has entered the following configuration values and now cannot access the Internet. Is there a configuration issue or a different problem? IP: 192.168.1.1 Mask: 255.255.255.0 Gateway: 192.168.1.0 DNS: 192.168.1.0

There is a configuration problem. 192.168.1.0 is not a host address. With the subnet mask 255.255.255.0, it identifies the network range as 192.168.1.0/24. The gateway is usually configured as the first available host address in this range: 192.168.1.1. The DNS server should also be set to 192.168.1.1.

You are assisting with the design of a new campus building for a multinational firm. On the recommendation of a security consultant, the architect has added closely spaced sculpted stone posts with reinforced steel cores that surround the area between the building entrance and the street. At the most recent client meeting, the building owner has queried the cost of these. Can you explain their purpose?

These bollards are designed to prevent vehicles from crashing into the building lobby as part of a terrorist or criminal attack. The security consultant should only recommend the control if the risk of this type of attack justifies the expense.

What are the principal characteristics of a surge protector?

This is a circuit designed to protect connected devices from the effect of sudden increases or spikes in the supply voltage and/or current. Surge protectors are rated by clamping voltage (low values are better), joules rating (higher values are better), and amperage (the maximum current that can be carried).

You discover that a threat actor has been able to harvest credentials from some visitors connecting to the company's wireless network from the lobby. The visitors had connected to a network named "Internet" and were presented with a web page requesting an email address and password to enable guest access. The company's access point had been disconnected from the cabled network. What type of attack has been perpetrated?

This is an evil twin attack where the threat actor uses social engineering techniques to persuade users to connect to an access point that spoofs a legitimate guest network service.

A computer cannot connect to the network. The machine is configured to obtain a TCP/IP configuration automatically. You use ipconfig to determine the IP address and it returns 0.0.0.0. What does this tell you?

This is an irregular state for a Windows PC. If a DHCP server cannot be contacted, the machine should default to using an APIPA address (169.254.x.y). As it has not done this, something is wrong with the networking software installed on the machine. The best option is probably to perform a network reset via the Settings > Network & Internet > Status page.

A user reports that a new device is not sustaining a battery charge for more than a couple of hours. What type of malware could this be a symptom of?

This is most characteristic of cryptomining malware as that explicitly hijacks the compute resources of a device to perform the intensive calculations required to mint blockchain currency.

You are writing a proposal to improve a company's current support procedures with a ticketing system. You have identified the following requirements for information that each ticket should capture. Following the CompTIA A+ objectives, what additional field or data point should be captured? User information Device information Problem description/Progress notes/Problem resolution Categories Escalation levels

This list contains no means of recording the severity of the ticket. This field is important for prioritizing issues.

You are writing guidance for departmental managers to request new software installs. You want each manager to consider impacts to the business, operation, network, and devices as part of their request. In terms of impacts to business, you have written guidance to consider support and training requirements. What other topic should you include?

To consider licensing requirements, such as number of users or devices. There also needs to be a system for monitoring license compliance and ensuring there are no unauthorized installs.

True or false? If you want the same policy to apply to a number of computers within a domain, you could add the computers to the same Organizational Unit (OU) and apply the policy to the OU.

True.

True or false? You can configure a web server running on Linux to accept remote terminal connections from clients without using passwords.

True. This can be configured using public key authentication with the Secure Shell (SSH) protocol. The server can be installed with the public keys of authorized users.

True or false? WPA3 personal mode is configured by selecting a passphrase shared between all users who are permitted to connect to the network.

True. WPA3-Personal uses group authentication via a shared passphrase. The simultaneous authentication of equals (SAE) mechanism by which this passphrase is used to generate network encryption keys is improved compared to the older WPA2 protocol, however.

UNIX

UNIX is a family of more than 20 related operating systems that are produced by various companies. It can run on a wide variety of platforms. UNIX offers a multitude of file systems in addition to its native system. UNIX remains widely deployed in enterprise data centers to run mission-critical applications and infrastructure.

You are developing a script to ensure that the M: drive is mapped consistently to the same network folder on all client workstations. What type of construct might you use to ensure the script runs without errors?

Use a conditional block (If statement) to check for an existing mapping, and remove it before applying the correct mapping.

You are updating an internal support knowledge base with advice for troubleshooting mobile devices. What is the first step to take if a user reports that an app will not start?

Use force stop if available and/or reboot the device.

Automation

Use of scripts to perform configuration steps without requiring manual intervention.

A Windows user is trying to join a video conference and cannot hear any sound from her headset. Which tool can you suggest using to try to remedy the fault?

Use the Sound settings app or Control Panel applet to check the volume setting and that the headset is configured as the input and output device. If the headset is not listed, check the USB or Bluetooth connection.

Standard Formatting

Using a vendor tool to delete the file system and/or partition table on storage media before recycling or repurposing. This method carries the greatest risk of leaving persistent data remnants.

Low Level Format

Using a vendor tool to fully erase storage media before recycling or repurposing, minimizing the risk of leaving persistent data remnants.

Physical Destruction

Using drilling, shredding, incineration, or degaussing of storage media before recycling or repurposing to minimize the risk of leaving persistent data remnants.

Your organization is donating workstations to a local college. The workstations have a mix of HDD and SSD fixed disks. There is a proposal to use a Windows boot disk to delete the partition information for each disk. What factors must be considered before proceeding with this method?

Using standard formatting tools will leave data remnants that could be recovered in some circumstances. This might not be considered high risk, but it would be safer to use a vendor low-level format tool with support for Secure Erase or Crypto Erase.

Microsoft Management Console (MMC)

Utility allowing Windows administrative tools to be added as snap-ins to a single interface.

System Configuration Utility (msconfig.exe)

Utility for configuring Windows startup settings.

System Information (msinfo32.exe)

Utility that provides a report of the PC's hardware and software configuration.

dig

Utility to query a DNS server and return information about a particular domain name or resource record.

Certificate of Destruction

Validation from an outsourcing provider of recycling/repurposing services that media has been destroyed or sanitized to the agreed standard.

You are updating a procedure that lists security considerations for remote access technologies. One of the precautions is to check that remote access ports have not been opened on the firewall without authorization. Which default port for VNC needs to be monitored?

Virtual Network Computing (VNC) uses TCP port 5900 by default.

Zero-Day

Vulnerability in software that is unpatched by the developer or an attack that exploits such a vulnerability.

Vulnerability

Weakness that could be triggered accidentally or exploited intentionally to cause a security breach.

A user works on a document and leaves the file open for lunch. Upon the user's return, the computer is in power-saving mode. How do you reassure the user and advise on the status of the file?

When a computer goes into a power-saving mode, it will either maintain a small amount of power to the memory modules or write the contents of memory to a hibernation file on disk. Consequently, the user should be able to start the laptop again, and the desktop will resume with the open file still there. You should advise the customer to save changes to files regularly, however.

Under-Voltage Event

When the power that is supplied by the electrical wall socket is insufficient to allow the computer to function correctly. Under-voltage events are long sags in power output that are often caused by overloaded or faulty grid distribution circuits or by a failure in the supply route from electrical power station to a building.

You are developing a script to scan server hosts to discover which ports are open and to identify which server software is operating the port. What considerations should you make before deploying this script?

While the risk is low, scanning activity could cause problems with the target and possibly even crash it. Test the script in a sandbox environment before deploying it. Security software might block the operation of this script, and there is some risk from the script or its output being misused. Make sure that use of the script and its output are subject to access controls and that any system reconfiguration is properly change-managed.

What does chain-of-custody documentation prove?

Who has had access to evidence collected from a crime scene and where and how it has been stored.

You are advising a business that needs to provision video-editing workstations with 4-way multiprocessing. Which retail Windows edition will allow them to make full use of this hardware?

Windows Pro for Workstations supports 4-way multiprocessing (four CPUs installed to separate sockets) and up to 6 TB RAM. Windows Enterprise has the same hardware limits but is not available via a retail channel.

Devices settings

Windows Settings pages for using and configuring attached hardware.

Update & Security Settings

Windows Settings pages related to configuring automatic patching, deploying feature updates, and managing security features.

Personalization Settings

Windows Settings pages related to customizing the appearance of the desktop using themes.

Ease of Access

Windows Settings pages related to desktop and input/output device accessibility configuration.

Gaming settings

Windows Settings pages related to game mode settings and Xbox integration.

Network & Internet

Windows Settings pages related to interface configuration, network profiles, and proxy configuration.

Privacy Settings

Windows Settings pages related to personal data collection and use.

System Settings

Windows Settings pages relating to basic and advanced system settings.

Apps

Windows Settings pages relating to configuration of Windows Features and third-party software apps.

Account Settings

Windows Settings pages relating to user account creation and maintenance.

System Restore

Windows System Protection feature that allows the configuration to be reverted to a restore point.

Event Viewer (eventvwr.msc)

Windows console related to viewing and exporting events in the Windows logging file format.

Instant Search

Windows feature allowing rapid search of apps, data folders, messages, and the web.

User Account Control (UAC)

Windows feature designed to mitigate abuse of administrative accounts by requiring explicit consent to use privileges.

File History

Windows feature for backing up user data.

Storage Spaces

Windows feature for creating a single storage resource from multiple devices. Data can be protected against device failure by RAID-like mirroring or parity.

Metered

Windows feature for indicating that network data transfer is billable and for setting warnings and caps to avoid unexpected charges from the provider.

Network Location Awareness (NLA)

Windows feature that categorizes network profile as public or private. Each profile can have a different firewall configuration, with public network types being more restricted, by default.

Services (services.msc)

Windows machines run services to provide functions; for example, Plug-and-Play, the print spooler, DHCP client, and so on. These services can be viewed, configured, and started/stopped via the Services console. You can also configure which services run at startup using msconfig. You can view background services (as well as applications) using the Processes tab in Task Manager.

Mapped Drive

Windows mechanism for navigating shared network folders by assigning them with drive letters.

AutoPlay

Windows mechanisms for automatic actions to occur when a peripheral storage device is attached.

Microsoft Remote Assistance (MSRA)

Windows remote-support feature allowing a user to invite a technical support professional to provide assistance over a network using chat. The user can also grant the support professional control over his or her desktop. Remote Assistance uses the same RDP protocol as Remote Desktop.

Windows

Windows started as version 3.1 for 16-bit computers. A workgroup version provided rudimentary network facilities. Windows NT 4 workstations and servers (introduced in 1993) provided reliable 32-bit operation and secure network facilities, based around domains. The Windows 9x clients (Windows 95, 98, and Me) had far-lower reliability and support only for workgroups but were still hugely popular as home and business machines. Windows 2000 and Windows XP workstations married the hardware flexibility and user interface of Windows 9x to the reliability and security of Windows NT, while the server versions saw the introduction of Active Directory for managing network objects. The subsequent client releases of Windows (Vista/7/8/8.1) feature a substantially different interface (Aero) with 3D features as well as security improvements. The latest client versions—Windows 10 and Windows 11—are designed for use with touch-screen devices.

Quick Assist

Windows support feature allowing remote screen-sharing over the Internet.

Roll Back Driver

Windows troubleshooting feature that allows removal of an update or reversion to a previous driver version.

pathping command

Windows utility for measuring latency and packet loss across an internetwork.

Task Manager (taskmgr.exe)

Windows utility used to monitor and manage process execution, resource utilization, user sessions, startup settings, and service configuration.

Grounded

Wire that provides a return path for electrical current as a safety feature; if an electrical connection short circuits into the metal chassis, a ground wire ensures that the current flows to ground rather than electrocuting someone handling the faulty device.

Evil Twin

Wireless access point that deceives users into believing that it is a legitimate network access point.

Pre-Shared Key (PSK)

Wireless network authentication mode where a passphrase-based mechanism is used to allow group authentication to a wireless network. The passphrase is used to derive an encryption key.

You are advising a customer whose business is expanding. The business owner needs to provision an additional 30 desktop computers, some of which will be installed at a second office location. The business is currently run with a workgroup network of five Windows 7 Home Premium desktop computers and one file server. Why might you suggest licenses for an edition of Windows 10 that supports corporate needs for the new computers and has upgrades for the old computers? Which specific edition(s) could you recommend?

Without a domain, accounts must be configured on each computer individually. With more than 30 computers to manage at two locations, this would be a substantial task, so switching to a domain network, where the accounts can be configured on the server, is likely to save costs in the long term. You can suggest either Windows 10 Pro or Windows 10 Enterprise for use on a domain.

If a user obtains Read permissions from a share and Deny Write from NTFS permissions, can the user view files in the folder over the network?

Yes (but he or she cannot create files).

Is the command format d: /fs:exfat /q valid? If so, what is its effect, and what precaution might you need to take before running it?

Yes, it is valid. It formats drive D with the exFAT file system by using a quick format (does not scan for bad sectors). This will delete the file table on the drive so existing data files can be overwritten—the formatted drive will appear to be empty in Explorer. If there are existing files that need to be preserved, they should be backed up before running the format command.

You are assisting a home user who wants her spouse to be able to sign in to a new Windows laptop using a Microsoft account. Is this possible, and if so, which management interface is used?

Yes, this can be done via the Accounts settings app. The legacy User Accounts applet in Control Panel can no longer be used to add accounts.

The marketing department has refitted a kitchen area and provisioned several smart appliances for employee use. Should the IT department have been consulted first?

Yes. Uncontrolled deployment of network-enabled devices is referred as shadow IT. The devices could increase the network attack surface and expose it to vulnerabilities. The devices must be deployed in a secure configuration and monitored for security advisories and updates.

You are assisting a user with setting up Internet access to a web server on a home network. You want to configure a DHCP reservation to set the web server's IP address, allow external clients to connect to the secure port TCP/443, but configure the web server to listen on port TCP/8080. Is this configuration possible on a typical home router?

Yes. You need to configure a port-mapping rule so that the router takes requests arriving at its WAN IP for TCP/443 and forwards them to the server's IP address on TCP/8080. Using a known IP address for the server by configuring a Dynamic Host Configuration Protocol (DHCP) reservation simplifies this configuration. The home router's DHCP server must be configured with the media access control (MAC) address or hardware identifier of the web server.

What tool would you use to add a user to a local security group?

You can change the account type between Standard and Administrator via Control Panel, but the Local Users and Groups management console is the tool to use for a custom security group. You could also use the net localgroup command.

What are the two main types of network topology diagrams?

You can create diagrams to show the physical topology or the logical topology. The physical topology shows how nodes are connected by cabling. The logical topology shows IP addresses and subnets/VLANs. There are lots of other types of network topology diagrams, of course, but physical and logical are the two basic distinctions you can make. It is best practice not to try to create a diagram that shows both as this is likely to reduce clarity.

What frequent tests should you perform to ensure the integrity of backup settings and media?

You can perform a test restore and validate the files. You can run an integrity check on the media by using, for example, chkdsk on a hard drive used for backup. Backup software can often be configured to perform an integrity check on each file during a backup operation. You can also perform an audit of files included in a backup against a list of source files to ensure that everything has been included.

You want to execute a block of statements based on the contents of an inventory list. What type of code construct is best suited to this task?

You can use any type of loop to iterate through the items in a list or collection, but a For loop is probably the simplest.

Why might you need to use a virus encyclopedia?

You might need to verify symptoms of infection. Also, if a virus cannot be removed automatically, you might want to find a manual removal method. You might also want to identify the consequences of infection—whether the virus might have stolen passwords, and so on.

You need to set up a VPN connection on a user's Windows laptop. The VPN type is IKEv2. What other information, if any, do you need to configure the connection?

You must also input the fully qualified domain name (FQDN) or IP address of the remote access VPN server.

The contract ended recently for several workers who were hired for a specific project. The IT department has not yet removed those employees' login accounts. It appears that one of the accounts has been used to access the network, and a rootkit was installed on a server. You immediately contact the agency the employee was hired through and learn that the employee is out of the country, so it is unlikely that this person caused the problem. What actions do you need to take?

You need to create an incident report, remove or disable the login accounts, isolate the infected server and possibly any user computers that communicate with the server, and remove the rootkit from the server. In terms of wider security policies, investigate why the temporary accounts were not disabled on completion of the project.

keychain

macOS app for managing passwords cached by the OS and supported browser/web applications.

System Preferences

macOS control panel hosting multiple prefpane configuration utilities.

FileVault

macOS disk encryption product.

dock

macOS feature for managing applications from the desktop; similar to the Windows taskbar.

Spotlight Search

macOS file system search tool.

Spinning Wait Cursor

macOS indicator that a process is busy and is not able to accept input.

DMG

macOS installer format that can be copied directly to the Applications folder.

PKG

macOS installer format that supports complex setup tasks.

Disk Utility

macOS tool for disk and file system support tasks.

Which Linux command allows a user to run a specific command or program with superuser/root privileges?

sudo


Related study sets

Macronutrient Metabolism-Proteins

View Set

Business Dynamics - Chapter 6: Business Formation

View Set