CompTIA A+ Core 2 - Practice Exam One
Which of the following Windows 10 system utilities would be used to test the functionality of the DirectX subsystem for video and sound-related problems?
dxdiag
Which version of Windows supports Virtual Desktops?
Windows 10
Power Options
Windows feature that enables better control over power use by customizing a balanced, power saver, or high-performance power plan.
pathping command
Windows utility for measuring latency and packet loss across an internetwork. The advantages of PathPing over ping and traceroute are that each node is pinged as the result of a single command and that the behavior of nodes is studied over an extended period, rather than the default ping sample of four messages or default traceroute single route trace.
What type of malicious application does not require user intervention or another application to act as a host to replicate?
Worm
Cross-Site Scripting (XSS)
XSS attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in a browser side script, to a different end-user.
You are troubleshooting a network connectivity issue and need to determine the packet's flow path from your system to the remote server. Which of the following tools would best help you identify the path between the two systems?
tracert
Which of the following backup rotation schemes requires backups to be stored to at least two different types of media?
3-2-1 Backup. Explanation: The 3-2-1 backup rule states that an organization should create (3) one primary backup and two copies of the data, (2) save the backups to two different types of media, and (1) keep at least one backup copy off-site.
How would you represent r-xrw-r-- in octal notation?
564 Explanation: OBJ 2.6 - R-X is 5, RW- is 6, and R-- is 4. In Linux, you can convert letter permissions to octal by giving 4 for each R, 2 for each W, and 1 for each X. R is for read-only, W is for write, and X is for execute.
Distributed Denial of Service (DDoS)
A DDoS attack occurs when multiple systems flood the bandwidth or resources of a targeted system, usually one or more web servers.
Line conditioner
A device that regulates, or conditions power, providing continuous voltage during brownouts and spikes. Much more expensive than a surge suppressor.
Peer-to-Peer Network
A direct connection between users. A workgroup is a Microsoft peer-to-peer network model in which computers are connected together for access to shared resources for organizational purposes.
Client/Server Network
A domain is a Microsoft client/server network model that groups computers together for security and to centralize administration. A network that uses centrally administered computers, known as servers, to enable resource sharing for and to facilitate communication between the other computers on the network.
Floating Point
A floating-point number stores a fractional or decimal number, such as 3.14, 45.5, or 333.33. Consumes 4 to 8 bytes of storage.
Proximity Card
A proximity card is a contactless card that usually utilizes RFID to communicate with the reader on a physical access system.
Evil Twin Attack
A rogue wireless access posing as a legitimate wireless service provider to intercept information that users transmit.
Thin Client
A thin client is a small device that can operate with or without an operating system installed on the client device.
taskschd (Task Scheduler)
A tool included with Windows that allows predefined actions to be automatically executed whenever a certain set of conditions is met. Example: You can schedule a task to run a backup script every night or send you an email whenever a certain system event occurs.
MMC (Microsoft Management Console)
A utility that uses snap-ins for various Windows tools such as disk management, computer management, performance monitor, print management, and others to perform operations on a local or networked computer.
Address Resolution Protocol (ARP)
ARP is the protocol used to associate the IP address to a MAC address.
A network administrator has set up a firewall and set up only three allow rules so that traffic can be sent over ports 21, 110, and 25. Next, they added a final rule of "deny any any" to the end of the ACL to minimize the attack surface and better secure the network. Unfortunately, now the administrator is receiving complaints from users that they cannot access any web pages using their URLs, such as DionTraining.com. Which of the following should the administrator do to correct this issue?
Add a rule to the ACL to allow traffic on ports 80 and 53. Explanation: HTTP uses port 80 and is an application layer protocol for distributed, collaborative, hypermedia information systems using unencrypted data transfer. DNS uses Port 53.
netuser command
Allows system administrators to manage user accounts on Windows PCs. You can use the command to display account information or make changes to user accounts. It can be used, among other things, to enable the inactive administrator account of a Windows system.
USB selective suspend
Allows the hub driver to suspend an individual port without affecting the operation of the other ports on the hub. Selective suspension of USB devices is helpful when using a laptop computer as it helps to conserve battery power by powering off USB ports that are not needed at the time.
RegEdit (Registry Editor)
Allows you to view and make changes to system files and programs that you wouldn't be able to access otherwise.
APFS
Apple File System (APFS) is the default file system for Mac computers using macOS 10.13 or later and features strong encryption, space sharing, snapshots, fast directory sizing, and improved file system fundamentals.
Which of the following components presents the largest risk of electrical shock to a technician?
CRT Monitor. Explanation: A CRT monitor is an older-style computer monitor that contains large capacitors which retain high levels of electricity even after being disconnected. A CRT should be disposed of carefully. A technician should never open a CRT monitor or stick anything into its interior for fear of electrocution. Hard drives, LCD monitors, and laptop batteries do not contain high voltage levels.
Which of the following types of attacks is conducted by injecting malicious programming language statements into otherwise trustworthy websites to attack the user's web browser?
Cross-site scripting
The network administrator noticed that the border router has high network capacity loading during non-working hours. This excessive load is causing outages for the company's web servers. Which of the following is the MOST likely cause of the issue?
Distributed DoS (DDoS) Attack
exFAT
Extended File Allocation Table (exFAT) is a file system optimized for external flash memory storage devices such as USB flash drives and SD cards. Maximum volume size is 128PB.
FAT32
File Allocation Table (FAT32) is the 32-bit file system supported by Windows, macOS, and Linux computers. FAT32 can support maximum volume sizes of up to 2 TB and maximum file sizes of up to 4 GB.
File Explorer Options
File Explorer Options section of the Control Panel allows technicians to customize the display of files and folders.
Sleep / Standby Mode
Sleep or standby mode is used to save the current session to memory and put the computer into a minimal power state to save battery life when the system is not being used.
Windows 10 x86 (32-Bit) Memory Requirements
For the Windows 10 (32-bit) operating system, the minimum requirements are a 1 GHz processor, 1 GB of RAM, and at least 32 GB of hard drive space. Note: Keywords being "Windows 10."
Windows 10 x64 (64-Bit) Memory Requirements
For the Windows 10 (64-bit) operating system, the minimum requirements are a 1 GHz processor, 2 GB of RAM, and at least 32 GB of hard drive space. Note: Keywords being "Windows 10."
Windows 11 x64 (64-Bit) Memory Requirements
For the Windows 11 (64-bit) operating system, the minimum requirements are a dual-core 1 GHz processor, 4 GB of RAM, and at least 64 GB of hard drive space. Note: Keywords being "Windows 11."
On-Path Attack
Formerly known as man in the middle where the attacker redirects the victims traffic without there knowledge. An on-path attack is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
Zero-Day Attack
Happens once a flaw, or software/hardware vulnerability, is exploited, and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability, hence the term zero-day.
Hibernate Mode
Hibernate mode is used to save the current session to disk before powering off the computer to save battery life when the system is not being used. The computer takes longer to start up again from hibernate mode than it does from the sleep or standby mode.
Which version of Windows 10 does not support BitLocker for full disk encryption?
Home Explanation: Windows 10 has support for BitLocker in every version except the Windows 10 Home edition.
During the reconnaissance phase of a penetration test, you have determined that your client's employees all use iPhones that connect back to the corporate network over a secure VPN connection. Which of the following methods would MOST likely be the best method for exploiting these?
Identify a jailbroken device for easy exploitation Explanation: If the user has jailbroken their phone, they can sideload apps and other malware. After identifying a jailbroken device, you can use social engineering to trick the user into installing your malicious code and then take control of their device.
The Chief Financial Officer has asked Maria for a recommendation on how the company could reduce its software licensing costs while still maintaining the ability to access its application server remotely. Which of the following should Maria recommend?
Install and deploy thin clients without an operating system for each user Explanation: A thin client is a small device that can operate with or without an operating system installed on the client device. Instead, it can boot directly from a network-based operating system on a common server and access applications on the company's application server. This type of architecture can drastically reduce the need for operating system licenses and reduce deployment costs. A thin client runs from resources stored on a central server instead of a localized hard drive.
Statement of Work / Scope of Work (SOW)
Is a document that outlines all the work that is to be performed, as well as the agreed-upon deliverables and timelines.
Fast Startup Mode
Is a mode in between a full shutdown and a hibernation mode. With a fast startup, the computer will log out of the computer close all of its open files when being shut down. Before the system powers off, though, a small hibernation file is created to help speed up the bootup process when the computer is powered on again.
Uniterruptible Power Supply (UPS)
Is an electrical apparatus that provides emergency power to a load when the input power source becomes too low or the main power fails. Uses a battery backup.
Your company recently downloaded and installed the latest audio card driver for all of its workstations. Now, several users have had their usernames and passwords for several websites compromised. You believe the two issues are related. If they are, which of the following was MOST likely contained in the audio card driver file that was installed?
Keylogger
You are setting up the Remote Desktop Services on a Windows 2019 server. To increase the security of the server, which of the following actions should you take?
Logically place the Windows 2019 server into the network's screened subnet. Explanation: To best secure the server, you should logically place the Windows 2019 server into the network's screen subnet and block all unused ports on the switch, router, and firewall. Since the server will allow remote connections from across the internet to access the server directly, the server must be placed into the screened subnet of the network and not in the internal trusted portion of the network.
Memorandum of Understanding (MOU)
MOU is a preliminary or exploratory agreement to express an intent to work together that is not legally binding and does not involve monetary exchange.
msconfig (System Configuration utility)
MSConfig is a system utility to troubleshoot the Microsoft Windows startup processes. MSConfig is used to disable or re-enable software, device drivers, and Windows services that run at startup, or to change boot parameters.
VBScript (.vbs)
Network administrators often use VBScript to perform repetitive administrative tasks.
You are installing a new firewall for Dion Training's corporate network. Which of the following documents should you update FIRST?
Network topology diagrams
NTFS
New Technology File System (NTFS) is a Windows file system that organizes, stores, and finds files on the hard disk. It provides a 64-bit addressing scheme, allowing for large volumes and file sizes. Developed exclusively for Windows.
What kind of attack is an example of IP spoofing?
On-path attack
Michael, a salesman, is on a business trip and is trying to access his corporate email over the hotel's Wi-Fi network. Michael's laptop appears to be connected to the hotel's wireless network, but his email client cannot download any new messages and states, "Network Offline." Michael contacts the help desk for assistance. What action should the help desk technician tell Michael to perform to solve this issue?
Open a web browser, enter google.com, and see if a redirect page is displayed. (This is because many hotels use a captive portal with a redirect page with their wireless networks. When users connect to the wireless network, they have to open a web browser and are then redirected to the hotel's Acceptable Use Policy page).
Jason wants to configure his Windows 10 laptop to suspend individual USB ports when not in use. Which of the following Control Panel sections should he use to set the USB selective suspend feature?
Power Options
One of your Windows services is failing to start when you boot up your laptop. You have checked the service in the Windows Services tool and verified it is set to Automatic. What should you attempt to do NEXT to get the service to startup?
Reboot into Safe Mode and see if the service starts Explanation: For the Windows operating system to run smoothly, Windows Services must start when required. Many times, non-Microsoft services or Drivers can interfere with the proper functioning of System Services. If you boot into Safe Mode, this will load the operating system with the most basic set of drivers, and this could identify if there is a conflict causing the service start failure.
Your company wants to ensure that users cannot access USB mass storage devices. You have conducted some research online and found that if you modify the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\UsbStor key, it will prevent USB storage devices from being used. Which of the following tools should you use to modify this key?
RegEdit
A system administrator is assigned an approved change request with a change window of 120 minutes. After 90 minutes, the change is stuck on step five of a five-step change. The server manager decides to initiate a rollback. Which describes what the system administrator should do next?
Return the system to the original state before the change. Explanation: By performing a rollback, the administrator will change everything back to the last known good configuration before the change is started.
Rogue Antivirus Attack
Rogue antivirus is a particularly popular way to disguise a Trojan. In the early versions of this attack, a website would display a pop-up disguised as a normal Windows dialog box with a fake security alert, warning the user that viruses have been detected.
You have just updated the graphics card's driver to the latest version. After installation, the Windows workstation crashes and reports an error code. You attempt to reboot the workstation, but it fails again. You decide to reboot the workstation into Safe Mode. What should you do NEXT?
Rollback the graphics driver
Session Hijacking (Sidejacking)
Session hijacking, also known as TCP session hijacking, is a method of taking over a web user session by surreptitiously obtaining the session ID and masquerading as the authorized user.
eventvwr (Event Viewer)
Shows a log of application and system messages, including errors, information messages, and warnings. It's a useful tool for troubleshooting all kinds of different Windows problems. Example: If you use the Event Viewer, you can identify what was occurring at or around 2:35 am each day before the server crashed and use this to troubleshoot the problem
Integer
Stores a whole number that can be a positive or negative. Usually consumes 8 bytes of storage.
You just installed a flat panel television in a conference room in your office building. The facilities manager is concerned that a lightning strike could damage it. The company is not worried about the threat of power outages because the conference room is only used a few times per week. Which of the following should be installed to BEST mitigate the facilities manager's concerns without spending too much money?
Surge Suppressor Explanation: Since they will only be using the conference room every once in a while, and a line conditioner is far more expensive, but does the same as the surge suppressor, you will use the surge suppressor since it is the least expensive option and you do not need to use the conference room very often.
Which of the following open-source remote access tools allows users to connect to their desktop remotely, see what is on their screen, and control it with their mouse and keyboard?
VNC
Which of the following authentication protocols was developed by Cisco to provide authentication, authorization, and accounting services?
TACACS+
dxdiag (DirectX Diagnostics Tool)
The DxDiag (DirectX diagnostic) utility is used to collect info about devices to help troubleshoot problems with DirectX sound and video.
Indexing Options
The Indexing Options is used to configure the method used by Windows when searching for content within the storage devices. When indexing is properly configured, the system will catalog the information on the computer using the words within the files and their metadata to more easily find the content when requested by a user.
You are cleaning out the closet in your office and find several bottles of cleaner that need to be disposed of. Which of the following should you consult to determine the proper method of disposal?
The Material Safety Data Sheet (MSDS)
A user calls the service desk and states that their workstation has a virus. The user states that they were browsing their favorite website when the antivirus displayed a full-screen message stating, "1532 file infected on this computer - Click to remove infected files NOW!" The user states that when they click the button, a message from the company's content filter states it is blocked, and they need your assistance to remove the infected files. Which of the following has MOST likely occurred?
The user is the victim of a rogue antivirus attack
You recently moved 1.5 TB of data from your office's file server to a new 16 TB NAS and decommissioned the old file server. You verified all users had been given the same permissions to the new file shares on the NAS as they had on the old server. The users are receiving an error stating, "Windows cannot access \\server10\shared\" every time they click the Share drive icon on their desktop. What is MOST likely the source of this error?
The users are still mapped to the old share drive
winver command
The winver command is a Windows command-line tool that is used to display the name, version, and build of the operating system on a workstation. Example: You want to know which version of Windows you have.
To Get a Change Approval
To get a change approved, a technician must submit a request form that lists the purpose of the change, the scope of the change, affected systems and impact of the change, the risk analysis and resulting risk level of the change, and the proposed date/time of the change.
ARP Poisoning / ARP Spoofing Attack
Type of cyber attack carried out over a Local Area Network (LAN) that involves sending malicious ARP packets to a default gateway on a LAN to change the pairings in its IP to MAC address table.
Universal Plug and Play (UPnP)
UPnP is a protocol framework allowing network devices to autoconfigure services, such as allowing a games console to request appropriate settings from a firewall.
Which of the following Windows 10 power options will turn off individual devices connected to a laptop to save energy?
USB selective suspend
Whaling Attack
Whaling is an email-based or web-based form of phishing that targets senior executives or wealthy individuals (CEOs, CFOs, etc.).
Which of the following Linux command-line options would shut down a Linux server 11 minutes from now?
shutdown +11 Explanation: The command-line option of "shutdown +11" will shut down the server 11 minutes from now. The option of "shutdown 11:00" would shut down the server at 11:00 am. The option of "shutdown now" would immediately shut down the server. The option of "shutdown @11" is not a valid use of the shutdown command.
You are working as a service desk analyst. This morning, you have received multiple calls from users reporting that they cannot access websites from their work computers. You decide to troubleshoot the issue by opening up your command prompt on your Windows machine and running a program to determine where the network connectivity outage is occurring. This tool tests the end-to-end connection and reports on each hop found in the connection. Which tool should you use to determine if the issue is on the intranet portion of your corporate network or if it is occurring due to a problem with your ISP?
tracert