CompTIA A+ Core 2 Practice Exam Questions
Elizabeth was replacing a client's security device that protects their screened subnet. The client has an application that allows external users to access the application remotely. After replacing the devices, the external users cannot connect remotely to the application anymore. Which of the following devices was MOST likely misconfigured and is now causing a problem?
A firewall is an integral part of creating a screened subnet. If configured correctly, it can regulate exactly what traffic and users are allowed to access the server. This is different from a content filter because a content filter denies traffic to a user based on content, but not access to a server. If the firewall ruleset was not configured to allow external users to access the application remotely, the default condition is to "deny by default". Content filtering is the use of a program to screen and/or exclude access to web pages or emails deemed objectionable. The Dynamic Host Configuration Protocol (DHCP) uses port 67 and is a network management protocol used on Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to devices connected to the network using a client-server architecture. The Domain Name System (DNS) uses port 53 and is a hierarchical and decentralized naming system for computers, services, or other resources connected to the Internet or a private network.
What type of structure is "For Next" in scripting?
A loop deviates from the initial program path to some sort of logic condition. In a loop, the computer repeats the task until a condition is met. Often implemented with For, For Next, While, or Do While statements. For example, a short script like (For i=1 to 100, print I, next) would print the numbers from 1 to 100 to the screen. A constant is a specific identifier that contains a value that cannot be changed within the program. For example, the value to convert a number from F to C is always 5/9 because the formula is C = (F -32) * 5/9. A branch is used to control the flow within a computer program or script, usually based on some logic condition. Often, these are implemented with IF THEN ELSE statements. A variable is a placeholder in a script containing a number, character, or string of characters. Variables in scripts do not have to be declared (unlike in programming languages) but can be assigned a value. Then, the variable name is referenced throughout the script instead of the value itself.
You are renting space in another company's data center. To protect your server from being physically accessed when you are not in the building, what device should you use?
A server lock is a physical locking mechanism installed on a server cabinet to prevent unauthorized from accessing the servers. The server lock could be a cipher lock, biometric lock, or a simple keyed lock depending on the level of security needed. USB lock prevents unauthorized data transfer through USB ports, reducing the risk of data leakage, data theft, computer viruses, and malware by physically locking and blocking the USB Ports. A smart card, chip card, PIV card, or integrated circuit card is a physical, electronic authorization device used to control access to a resource. It is typically a plastic credit card-sized card with an embedded integrated circuit chip. In high-security environments, employee badges may contain a smart card embedded chip that must be inserted into a smart card reader to log in or access information on the system. An entry control roster is an administrative control used to log each person who enters or leaves a secure room.
A coworker is creating a file containing a script. You look over their shoulder and see "#!/bin/bash" as the first line in the file. Based on this, what type of file extension should this script use?
A shell script is a file that contains a list of commands to be read and executed by the shell in Linux and macOS. A .sh file is used for a shell script and its first line always begins with #!/bin/bash that designates the interpreter. This line instructs the operating system to execute the script. Shell scripts allow you to perform various functions. These functions include automation of commands and tasks of system administration and troubleshooting, creating simple applications, and manipulating text or files. Python is a general-purpose programming language that can develop many different kinds of applications. It is designed to be easy to read, and the programs use fewer lines of code compared to other programming languages. The code runs in an interpreter. Python is preinstalled on many Linux distributions and can be installed on Windows. Python scripts are saved using the .py extension. VBScript is a scripting language based on Microsoft's Visual Basic programming language. Network administrators often use VBScript to perform repetitive administrative tasks. With VBScript, you can run your scripts from either the command-line or the Windows graphical interface. Scripts that you write must be run within a host environment. Windows 10 provides Internet Explorer, IIS, and Windows Script Host (WSH) for this purpose. Batch scripts run on the Windows operating system and, in their simplest form, contain a list of several commands that are executed in a sequence. A .bat file is used for a batch script. You can run the file by calling its name from the command line or double-clicking the file in File Explorer. Generally, batch file scripts run from end to end and are limited in branching and user input.
A computer was recently infected with a piece of malware. Without any user intervention, the malware is now spreading throughout the corporate network and infecting other computers that it finds. Which type of malware MOST likely infected these computers?
A worm is a standalone malware computer program that replicates itself to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. A worm can spread on its own, whereas a virus needs a host program or user interaction to propagate itself. A virus is malicious software designed to infect computer files or disks when it is activated. A virus may be programmed to carry out other malicious actions, such as deleting files or changing system settings. A trojan is a type of malware that looks legitimate but can take control of your computer. A Trojan is designed to damage, disrupt, steal, or in general, inflict some other harmful action on your data or network. The most common form of a trojan is a Remote Access Trojan (RAT), which allows an attacker to control a workstation or steal information remotely. To operate, a trojan will create numerous processes that run in the background of the system. Ransomware is a type of malware designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Once infected, a system or its files are encrypted, and then the decryption key is withheld from the victim unless payment is received.
A cybersecurity analyst from BigCorp contacts your company to notify them that several of your computers were seen attempting to create a denial of service condition against their servers. They believe your company has become infected with malware, and those machines were part of a larger botnet. Which of the following BEST describes your company's infected computers?
A zombie is a computer connected to the internet that has been compromised by a hacker, computer virus, or trojan horse program and can be used to perform malicious tasks of one sort or another under remote direction. Botnets of zombie computers are often used to spread email spam and launch denial-of-service attacks (DoS attacks). A zero-day attack happens once that flaw, or software/hardware vulnerability, is exploited, and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability, hence the term zero-day. A software bug is an error, flaw, or fault in an application. This error causes the application to produce an unintended or unexpected result, such as crashing or producing invalid results.
You are configuring a SOHO network and only allowing specific IP addresses to access the network while blocking any IP addresses that are not on the list. Which of the following should be implemented?
An allow list is a form of protection where only the items identified specifically on the list are allowed, whereas all others are denied. For example, if you create an access control list that relies on an allow list, it would block every IP address that is not found in the allow list. A blocklist contains every address or port that is blocked from accessing the network. MAC filtering is the application of an access control list to a switch or access point so that only clients with approved MAC addresses connect. Port forwarding allows a router to take requests from the Internet for a particular application and send them to a designated host on the LAN.
Your company recently downloaded and installed the latest audio card driver for all of its workstations. Now, several users have had their usernames and passwords for several websites compromised. You believe the two issues are related. If they are, which of the following was MOST likely contained in the audio card driver file that was installed?
Based on the events' description, it is likely that the video card driver contained a keylogger. Keyloggers actively attempt to steal confidential information by capturing a credit card number by recording keystrokes entered into a website. This question is based on a real event that occurred in 2017. HP released new audio card drivers for their Conexant audio chips, and it contained a keylogger as part of the driver. Flaws in Conexant's MicTray64.exe application created the keylogger. It's designed to monitor keystrokes and respond to user input, probably to respond to commands to mute or unmute the microphone or begin capturing information within an application. Unfortunately, it also writes out all keystroke data into a publicly accessible file located at C:\Users\Public\MicTray.log. If this log file does not exist, the keystrokes are passed to the OutputDebugString API, allowing any process to capture this information without being identified as a malicious program.
A customer brought in a computer that has been infected with a virus. Since the infection, the computer began redirecting all three of the system's web browsers to a series of malicious websites whenever a valid website is requested. You quarantined the system, disabled the system restore, and then perform the remediation to remove the malware. You have scanned the machine with several anti-virus and anti-malware programs and determined it is now cleaned of all malware. You attempt to test the web browsers again, but a small number of valid websites are still being redirected to a malicious website. Luckily, the updated anti-virus you installed blocked any new malware from infecting the system. Which of the following actions should you perform NEXT to fix the redirection issue with the browsers?
Browser redirection usually occurs if the browser's proxy is modified or the hosts.ini file is modified. If the redirection occurs only for a small number of sites or occurs in all web browsers on a system, it is most likely a maliciously modified hosts file. The hosts.ini file is a local file that allows a user to specify specific domain names to map to particular addresses. It works as an elementary DNS server and can redirect a system's internet connection. For example, if your children are overusing YouTube, you can change YouTube.com to resolve to YourSchool.edu for just your child's laptop.
Which of the following should you use to remove any usernames and passwords that you no longer wish to store in Windows 10?
Credential Manager lets you view and delete your saved credentials for signing in to websites, connected applications, and networks. To open Credential Manager, type credential manager in the search box on the taskbar and select the Credential Manager Control panel. You can remove any credentials that you no longer want to store. Removing a credential may also resolve an authentication or service problem. You can view the plaintext of a web credential but not of a Windows credential. The Internet Options section of the Control Panel allows a technician to manage the Internet settings for their computers, including the security settings, access settings, and add-on control settings. Using Internet Options, a technician can set the homepage of the browser, set up the proxy server connection details, and change the trust and security settings used by the system. The Device Manager is used to view and control the hardware attached to the computer. The device manager will highlight a piece of hardware that is not working so that a technician can repair or replace it. Keychain is a macOS app for managing passwords cached by the OS and supported browser/web applications.
Jason has an old 2017 Dell Laptop that he uses to connect to his office network while traveling. The computer is slow and is running Windows 7. The laptop's screen was recently cracked and needs replacement. Jason brings the laptop to the computer store you work at and asks for your assistance. Which of the following do you recommend?
In this scenario, you should recommend that he purchase a new laptop. Since the laptop is 5-7 years old, it is unlikely to be worth the cost of repair since he could buy a new laptop for $200 to $500. This new laptop would be faster, more secure, and last longer than repairing this old laptop. As a technician, you should weigh the benefits and drawbacks of a particular repair and provide a good recommendation to your customer.
Which of the following MacOS features is used to manage passwords cached by the OS and is the equivalent of the Credential Manager in Windows?
Keychain is a macOS app for managing passwords cached by the OS and supported browser/web applications. This feature is also available as iCloud Keychain that uses the same passwords securely available across all macOS and iOS devices. The Keychain makes password management much easier, but occasionally problems can happen. If there are any problems, they will be identified by the Keychain Access app in the Utilities folder. Mission Control is an application for facilitating multiple desktops in the macOS environment. Spotlight is the file system search feature in the macOS environment. An Apple ID is a user account on an Apple device based on the sign-in email address that is used to sign in to the App Store, access iCloud, and other Apple features and functions.
Windows file servers commonly hold sensitive files, databases, passwords, and more. What common vulnerability is usually used against a Windows file server to expose sensitive files, databases, and passwords?
Missing patches are the most common vulnerability found on both Windows and Linux systems. When a security patch is released, attackers begin to reverse engineer the security patch to exploit the vulnerability. If your servers are not patched against the vulnerability, they can become victims of the exploit, and the server's data can become compromised. Cross-Site Scripting (XSS) attacks are a type of injection in which malicious scripts are injected into otherwise benign and trusted websites. Cross-site scripting focuses on exploiting a user's workstation, not a server. CRLF injection is a software application coding vulnerability that occurs when an attacker injects a CRLF character sequence where it is not expected. SQL injection is the placement of malicious code in SQL statements via web page input. SQL is commonly used against databases, but they are not useful when attacking file servers.
Dion Training uses DHCP to assign private Class C IP addresses to its Windows 10 workstations. Which of the following IP addresses is a Class C address?
Private IP addresses are any addresses in a specified range that are not allowed to be routed over the Internet. This allows companies to use these private IP addresses in their local area networks without having to purchase them from an internet registry. The class A private IP address range contains the addresses from 10.0.0.0 to 10.255.255.255.255. The class B private IP address range contains the addresses from 172.16.0.0 to 172.31.255.255. The class C private IP address range contains the addresses from 192.168.0.0 to 192.168.255.255. The APIPA/link-local autoconfiguration range is from 169.254.0.0 to 169.254.255.255.
What permissions would be represented by the octal 517?
R-X is 5, --X is 1, and RWX is 7. In Linux, you can convert letter permissions to octal by giving 4 for each R, 2 for each W, and 1 for each X. R is for read-only, W is for write, and X is for execute. The permissions strings are written to represent the owner's permissions, the group's permissions, and the other user's permissions.
You have just updated the graphics card's driver to the latest version. After installation, the Windows workstation crashes and reports an error code. You attempt to reboot the workstation, but it fails again. You decide to reboot the workstation into Safe Mode. What should you do NEXT?
Since the issue began once you installed the latest graphics driver, you should roll back the driver to the last stable version. This should resolve the issue and then allow you to reboot the system back to the normal Windows desktop. Every change should be accompanied by a rollback (or backout) plan so that the change can be reversed if it has harmful or unforeseen consequences. If you are experiencing problems with a device and you have recently updated the driver, Windows also provides a Roll Back Driver feature. A new driver may not work properly because it has not been fully tested or it may not work on your particular system. Driver rollback can recover a system speedily and easily where this has occurred. You can use Device Manager to revert to the previous driver. Right-click the device and select Properties. Click the Driver tab then click the Roll Back Driver button.
You are trying to copy a 4.7 GB file from your Windows laptop to an external hard drive using USB 3. The external hard drive is formatted with FAT32. Every time you attempt this copy, you receive an error. What is MOST likely the issue?
Since this file is 4.7 GB in size, it cannot be stored as a single file on the FAT32 hard drive. The file allocation table 32-bit (FAT32) is the 32-bit file system supported by Windows, macOS, and Linux computers. FAT32 can support maximum volume sizes of up to 2 TB and maximum file sizes of up to 4 GB. The Apple file system (APFS) is the default file system for Mac computers using macOS 10.13 or later and features strong encryption, space sharing, snapshots, fast directory sizing, and improved file system fundamentals.
Which of the following types of attacks are usually used as part of an on-path attack?
Spoofing is often used to inject the attacker into the conversation path between the two parties. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. An on-path attack is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other. The attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection. The attacker will intercept all relevant messages passing between the two victims and inject new ones. A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. Tailgating is a social engineering technique to gain access to a building by following someone unaware of their presence. A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly.
Which of the following types of backups generates the recovered files from a complete copy of a file created at some point in time and one or more partial backups created at later times to merge them into the recovered data?
Synthetic backup is the process of generating a file from a complete copy of a file created at some past time and one or more incremental copies created at later times. The expression synthetic in this context refers to the fact that the assembled file is not a direct copy of any single current or previously created file. Instead, a synthetic file is merged or synthesized by a specialized application program from the original file and one or more modifications to it. A full backup creates a copy of all the selected data regardless of when it was previously backed up. It takes the most time to complete a backup but is the fastest when conducting a restoral of all the data on a hard drive. A differential backup only creates a copy of the selected data that has been modified since the last full backup. It is a good compromise in speed between a full backup (which takes the longest to backup and the least to restore) and an incremental backup (which takes the least to backup and the longest to restore). An incremental backup only creates a copy of new files and files modified since the last full, incremental, or differential backup. Therefore, it takes the least amount of time to complete a backup. Unfortunately, it also takes the most time to restore since you have to first restore the full backup, then any differential and incremental backups until all your data is restored.
Which of the following backup rotation schemes requires at least one monthly full backup to be stored safely off-site?
The 3-2-1 backup rule states that an organization should create (3) one primary backup and two copies of the data, (2) save the backups to two different types of media, and (1) keep at least one backup copy off-site. . Most often, the GFS is paired with the 3-2-1 rule to create a backup system with the best of both techniques. For example, the grandfather can be a full backup that is stored off-site once per month, the father is a full backup that is conducted weekly, and the son is an incremental or differential backup conducted each day. For example, each Monday a full backup can be conducted which becomes the father. Then, each day of the week a son is created by performing an incremental or differential backup. Once per month, a full backup is conducted to become the grandfather and could be moved off-site. The Tower of Hanoi is a backup rotation scheme that rotates backup media sets throughout the backup process to minimize wear and failure of tape backup media. For example, when using this method with four backup tapes labeled A, B, C, and D, a total of 16 days of backups can be maintained with just 4 tapes. Tape A is used every odd-numbered day for 16 days. Tape B is used on days 2, 6, 10, and 14. Tape C is used on days 4 and 12. Tape D is used on days 8 and 16. This allows Tape A to be overwritten every other day, while Tape B is overwritten every four days and Tapes C and D are overwritten every 8 days. The First In First Out (FIFO) backup scheme uses a set number of tapes and overwrites the oldest tape with the newest information. For example, if there are 7 tapes in use, every evening a new backup is conducted over the previous week's daily backup. To have a longer amount of days of backups, a technician simply needs to increase the number of tapes from 7 to 14 or 21.
Which of the following file system formatting types should be used with older recordable optical discs?
The CD File System (CDFS or ISO 9660) is a legacy file system used for CD optical disc media (CD-ROM and CD-R). CDFS supports two main data writing modes: mode 1 has better error correction, whereas mode 2 allows more data to be written to the disc. Joliet is an extension to CDFS that enables long filename support and Unicode characters in file names. The universal disk format (UDF or ISO 13346) is an updated file system for optical media supporting multisession writing. It is the standard used by Windows, referred to as the Live File System, for CD and DVD recordable and rewritable discs. There are several different versions of UDF, with 2.01 being the default in Windows. Blu-ray reading and writing requires version 2.5 and third-party software. The NT file system (NTFS) is a Windows file system that supports a 64-bit address space and can provide extra features such as file-by-file compression and RAID support as well as advanced file attribute management tools, encryption, and disk quotas. NTFS can support a maximum volume size of up to 8 PB. The file allocation table 32-bit (FAT32) is the 32-bit file system supported by Windows, macOS, and Linux computers. FAT32 can support maximum volume sizes of up to 2 TB and maximum file sizes of up to 4 GB.
Which of the following Control Panel sections would a technician use to configure a Windows 10 computer to use Narrator mode to read aloud the list of files that appear on the screen to the user?
The Ease of Access section of the Control Panel brings together the functionality for the accessibility features in Windows, including visual, tactile input, and speech recognition settings to assist those with disabilities. For example, the Ease of Access section can be used to turn on the Narrator function which will read any text on the screen aloud to a user who is visually impaired. The File Explorer Options section of the Control Panel allows technicians to customize the display of files and folders. For example, the File Explorer Options can enable or disable the ability to show hidden files, hide file extensions, and more. The Indexing Options is used to configure the method used by Windows when searching for content within the storage devices. When indexing is properly configured, the system will catalog the information on the computer using the words within the files and their metadata to more easily find the content when requested by a user. The Sound section of the Control Panel allows technicians to configure settings for the playback, recording, and sound effects on the computer.
Another technician tells you that they are PXE booting a computer. What is the technician MOST likely doing with the computer?
The Preboot eXecution Environment (PXE) specification describes a standardized client-server environment that boots a software assembly, retrieved from a network, on PXE-enabled clients. It allows a workstation to boot from a server on a network before booting the local hard drive's operating system. It is usually used to install an image on the computer over the network. An in-place upgrade is a means of installing an operating system on top of an existing version of the operating system. Applications, user settings, and data files are retained when conducting an in-place upgrade. A repair is used to check and replace any modified system files within the operating system. A multi-boot configuration allows multiple operating systems to be set up on the same computer and the user can choose which to boot up when starting up the computer.
Which of the following should be used to uniquely identify every piece of hardware installed on the corporate network, including servers, desktops, laptops, printers, and monitors?
The asset ID should be used to uniquely identify each piece of hardware tracked in an asset management database. An asset management database can be configured to store as much or as little information as is deemed necessary. Typical data would be type, model, serial number, asset ID, location, user(s), value, and service information. Tangible assets can be identified using an identification number, barcode label, or Radio Frequency ID (RFID) tag attached to the device. An RFID tag is a chip programmed with asset data. When in range of a scanner, the chip powers up and signals the scanner. The scanner alerts management software to update the device's location. As well as asset tracking, this allows the management software to track the device's location, making theft more difficult. An IP address is a logical identifier, but it is frequently changed when using a network with DHCP and cannot be used to reliably identify a piece of hardware. The location of a device is not a unique way of identifying an asset since many pieces of hardware may be located in the space location. Additionally, virtual machines cannot easily be tracked using their physical location. This MAC address is used to identify every device on the local area network uniquely if an Asset ID is not available, but would not be useful when trying to identify monitors since they do not use a MAC address.
Which command-line tool is used on a Windows system to move upward in a directory within the system's directory structure?
The cd command is used to change the directory. If used with the "cd .." option, it will move up one directory in the file system's directory structure. If used with the "cd ." option, it will remain in the current directory. The cd command can be used to move directly to another directory or path if entered as "cd (some other directory or path)" into the command line. The dir command is used to list a directory's files and subdirectories. The ls command is used on a Linux system to list a directory's files and subdirectories. The ls command only works on a Windows system when you are using PowerShell, not the command line.
You have submitted an RFC to install a security patch on some of your company's Windows 2019 servers during the weekly maintenance window. Which of the following change request documents would describe which servers will receive the patch during this maintenance window?
The change's scope defines the area, number, size, or scale of a particular change. The change request documentation should define the exact scope of the change. In this example, only some of the Windows 2019 servers will receive the patch. If 50% of them are listed by their asset tracking number will receive the patch, this would clearly define this change's scope. The plan of the change defines how the change or installation will occur. The change request documentation should define the 5 W's (who, what, when, where, why, and how), with the plan documentation covering how the change is implemented. For example, the plan might say that the installation will be performed manually or through an automated patching process. It may also dictate that all servers will receive the update simultaneously or that five servers will receive it first, then another ten, then the remaining twenty. The risk analysis portion of the change request documentation provides the risk levels of carrying out the change, or not performing the requested change at this time. Risk is the likelihood and impact (or consequence) of a given action. It is important to understand the risk involved with a change before deciding to proceed with implementing the change. The purpose of the change defines why the change or installation will occur. The change request documentation should define the 5 W's (who, what, when, where, why, and how) to define the why behind the change. For example, the purpose might be "to remediate several category one vulnerabilities so that our security is improved."
You have been asked to install a new hard drive in a Windows 10 system. You have already installed the hard drive and booted the system up. Which tool should you use to create the new partitions on the hard drive?
The disk management tool is used to display the drive status, mount the drive, initialize the drive, and create/split/extend/shrink drive partitions. The DxDiag (DirectX Diagnostic) utility is used to collect info about devices to help troubleshoot problems with DirectX sound and video. It is a diagnostics tool used to test DirectX functionality and troubleshoot video-related or sound-related hardware problems. DirectX Diagnostic can save text files with the scan results. The disk defragmenter utility is used to rearrange fragmented data so that disks and drives can operate more efficiently. Disk defragmenter runs on a schedule, but can also analyze and defragment disks and drives manually. The dd command is a Linux utility that is used to copy and convert raw data from one source to another such as a hard disk to an image file.
You are troubleshooting a user's laptop that is unable to print a document. You have verified the printer is working and properly connected to the workstation by USB. Which log in Windows 10 would you review to determine if the print spooler service is causing this issue?
The event viewer shows a log of application and system messages, including errors, information messages, and warnings. It's a useful tool for troubleshooting all kinds of different Windows problems. The system log contains information about service load failures, hardware conflicts, driver load failures, and more. The file (system.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The security log contains information regarding audit data and security on a system. For example, the security log contains a list of every successful and failed login attempt. The file (security.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The application log contains information regarding application errors. The file (application.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer. The setup log contains a record of the events generated during the Windows installation or upgrade process. The file (setup.evtx) is stored in the %System Root%\System32\Winevt\Logs\ folder and can be opened using the Event Viewer.
Which of the following backup rotation schemes uses a three-tiered approach to ensure at least one monthly full backup is conducted? Grandfather-father-son
The grandfather-father-son (GFS) backup rotation scheme is widely used to combine full and incremental backups to reduce backup time and enhance storage security. The grandfather is a full backup that is stored off-site once per month. The father is a weekly full backup that is conducted. The son is an incremental or differential backup conducted each day. For example, each Monday a full backup can be conducted which becomes the father. Then, each day of the week a son is created by performing an incremental or differential backup. Once per month, a full backup is conducted to become the grandfather. The 3-2-1 backup rule states that an organization should create (3) one primary backup and two copies of the data, (2) save the backups to two different types of media, and (1) keep at least one backup copy off-site. The Tower of Hanoi is a backup rotation scheme that rotates backup media sets throughout the backup process to minimize wear and failure of tape backup media. For example, when using this method with four backup tapes labeled A, B, C, and D, a total of 16 days of backups can be maintained with just 4 tapes. Tape A is used every odd-numbered day for 16 days. Tape B is used on days 2, 6, 10, and 14. Tape C is used on days 4 and 12. Tape D is used on days 8 and 16. This allows Tape A to be overwritten every other day, while Tapes B is overwritten every four days and Tapes C and D are overwritten every 8 days. The First In First Out (FIFO) backup scheme uses a set number of tapes and overwrites the oldest tape with the newest information. For example, if there are 7 tapes in use, every evening a new backup is conducted over the previous week's daily backup. To have a longer amount of days of backups, a technician simply needs to increase the number of tapes from 7 to 14 or 21.
You are troubleshooting a user's workstation that is operating extremely slowly. You open the Task Manager and see that only Microsoft Word is currently running, but the CPU and network utilization is consistently running between 95-100%. Which of the following is MOST likely causing this issue?
The workstation has most likely become a zombie. A zombie is any workstation running unauthorized software that directs the device to participate in a DDoS attack as part of a larger botnet. A botnet is a network of computers that have been compromised by a Trojan, rootkit, or worm malware. This workstation would then attempt to flood the victim's computer with requests over the network. These requests would require CPU and network resources to make, causing the utilization to rise to 95-100% resource utilization. Since Microsoft Word can run macros, it is possible it has become infected and is now part of a larger botnet.
You are a member of a project team contracted to install twenty new wireless access points (WAPs) for a college campus. Your team has already determined the locations for the new WAPs and notated them in the physical and logical network diagrams. Your team is still finalizing the change request documents for the installation. The project cannot move forward with the installation until the change request is finalized and approved. Which of the following is the MOST important thing to add to the scope of work and change request before its approval?
This is a difficult question because all of these items should be included in a Request for Change (RFC), but the most important is a proper backout plan. A rollback plan is an IT governance integration approach that specifies the processes required to restore a system to its original or earlier state in the event of failed or aborted implementation. Every change should be accompanied by a rollback plan so that the change can be reversed if it has harmful or unforeseen consequences. Changes should also be scheduled sensitively if they are likely to cause system downtime or other negative impacts on the workflow of the business units that depend on the IT system being modified. Most organizations have a scheduled maintenance window period for authorized downtime. By following this guidance, the team can back out and restore service on the legacy/previous system if something goes wrong with the installation. End-user acceptance is the process of verifying a change was successfully implemented and turned over to the end-user for future operation. A plan for change is the documented method for installing or modifying the asset as documented in the change request. While this is important, the most important thing is still a backout plan since many changes are routine changes that do not require a detailed plan of change. A risk analysis determines the severity level of a change and is used to help the change approval board (CAB) make an informed approval decision.
A salesperson uses their smartphone as a hotspot while traveling. The first week of their trip, their smartphone could download files at 24 Mbps and stream online videos without any problems. Unfortunately, this week their smartphone is only operating at 256 Kbps when they attempt to download a file. Additionally, they are having difficulty watching online videos due to excessive buffering. Which of the following is MOST likely the problem?
Throttling occurs when an internet service provider purposely slows down a user's data transmission. If a device is getting lower speeds without any corresponding device issues, it is likely a result of throttling by the service provider. Most smartphone plans come with a limited amount of full-speed bandwidth, after which the connection is throttled to a slower speed until the next month's plan begins.
Which of the following macOS features is used to backup and restore files to an external hard disk?
Time Machine is the built-in backup feature of the macOS operating system. The Time Machine utility enables data to be backed up to an external drive. By default, Time Machine keeps hourly backups for the past 24 hours, daily backups for a month, and weekly backups for all previous months. When the drive used to store backups becomes full, Time Machine removes older backups to free up space. Time Machine automatically backs up all of the system's files, including apps, music, photos, email, documents, and system files. Once a user has a valid backup in Time Machine, they can restore files from the backup if the original files are ever corrupted or deleted on their Mac or if the hard disk (or SSD) is erased or replaced. Remote disc is a feature in macOS that enables a user to access a CD/DVD on another Mac or Windows computer. This was created because Apple's Mac computers have not been sold with an internal optical drive since 2016. Boot Camp is used to allow dual booting on a Macintosh computer. It allows the user to boot into either macOS (OS X) or Windows as the computer is rebooted. Boot Camp is only supported on Intel-based macOS systems, though. A snapshot is used to backup virtual machines by creating a state of the disk at a particular point in time. Snapshots allow a technician to roll back any changes made to a VM during a session if needed.
A network administrator needs to allow employees to upload files to a remote server securely. What port must be allowed through the firewall?
To securely upload a file, the employees could use SFTP (Secure FTP) or SCP (Secure Copy). Both SFTP and SCP operate over port 22, therefore port 22 must be opened by the firewall so that the employees can reach the file servers. Port 21 is used by the File Transfer Protocol, but it is not a secure method of sending files. There is a more secure version of FTP known as FTPS, but that uses port 990. Port 25 is reserved for the simple mail transfer protocol (SMTP), which is an internet standard communication protocol for electronic mail transmission. Port 161 is reserved for simple network management protocol (SNMP), which is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks.
A user is having an issue with an application on their Android device. Whenever the user attempts to launch the application, the app fails and generates an error message. When asked, other users say they are not having the same issue. Which of the following should the technician attempt FIRST to solve this issue?
To solve an issue with a mobile application, you should normally attempt the following steps. First, clear the application cache since this locally stored information can become glitchy and cause an app to crash. If you have two of the same smartphones having the same issue, it is unlikely to be the application cache causing the issue but in this case, only one user is having the issue. In this case, the technician would then attempt to update the OS of the smartphones. Updating the operating system can minimize compatibility issues and fix crashing applications. Third, you can try reinstalling the application if the other two options don't work.
Which of the following must be enabled to allow a video game console or VoIP handset to configure your firewall automatically by opening the IP addresses and ports needed for the device to function?
Universal plug-and-play (UPnP) is a protocol framework allowing network devices to autoconfigure services, such as allowing a games console to request appropriate settings from a firewall. UPnP is associated with several security vulnerabilities and is best disabled if not required. You should ensure that the router does not accept UPnP configuration requests from the external (internet) interface. If using UPnP, keep up-to-date with any security advisories or firmware updates from the router manufacturer. A mobile device management (MDM) software suite is used to manage smartphones and tablets within an enterprise. The dynamic host control protocol (DHCP) is a protocol used to allocate IP addresses to a host when it joins a network. DHCP utilizes UDP ports 67 and 68. Network address translation (NAT) is a network service provided by the router or proxy server to map private local addresses to one or more publicly accessible IP addresses. NAT can use static mappings but is commonly implemented as network port address translation (PAT) or NAT overloading, where a few public IP addresses are mapped to multiple LAN hosts using port allocations.
Which of the following file types are commonly used by network administrators to perform repetitive tasks using a Microsoft proprietary programming language?
VBScript is a scripting language based on Microsoft's Visual Basic programming language. Network administrators often use VBScript to perform repetitive administrative tasks. With VBScript, you can run your scripts from either the command-line or the Windows graphical interface. Scripts that you write must be run within a host environment. Windows 10 provides Internet Explorer, IIS, and Windows Script Host (WSH) for this purpose. A shell script is a file that contains a list of commands to be read and executed by the shell in Linux and macOS. A .sh file is used for a shell script and its first line always begins with #!/bin/bash that designates the interpreter. This line instructs the operating system to execute the script. Shell scripts allow you to perform various functions. These functions include automation of commands and tasks of system administration and troubleshooting, creating simple applications, and manipulating text or files. Python is a general-purpose programming language that can develop many different kinds of applications. It is designed to be easy to read, and the programs use fewer lines of code compared to other programming languages. The code runs in an interpreter. Python is preinstalled on many Linux distributions and can be installed on Windows. Python scripts are saved using the .py extension. JavaScript is a scripting language that is designed to create interactive web-based content and web apps. The scripts are executed automatically by placing the script in the HTML code for a web page so that when the HTML code for the page loads, the script is run. JavaScript is stored in a .js file or as part of an HTML file.
Which of the following types of attacks occurs when an attacker specifically targets the CEO, CFO, CIO, and other board members during their attack?
Whaling is an email-based or web-based form of phishing that targets senior executives or wealthy individuals. Spear phishing is the fraudulent practice of sending emails from a seemingly known or trusted sender to induce targeted individuals to reveal confidential information. A spear phishing attack is focused on a targeted set of people, not just an indiscriminate large group of random people. Phishing is an email-based social engineering attack in which the attacker sends an email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim. Vishing is a social-engineering attack where the attacker extracts information while speaking over the phone or leveraging IP-based voice messaging services (VoIP).
During the reconnaissance phase of a penetration test, you have determined that your client's employees all use Android smartphones that connect back to the corporate network over a secure VPN connection. Which of the following methods would MOST likely be the best method for exploiting these?
When targeting mobile devices, you must first determine if the company uses iPhones or Android-based devices. If they are using Android-based devices, you can use social engineering to trick a user into installing a malicious APK. As a penetration tester, you can create a malicious APK using msfvenom in the Metasploit framework. The user can install it directly from your website instead of the Google Play store.
Peter is attempting to print to his office printer, but nothing comes out. Yesterday, his printer was working just fine. Peter does not notice any errors on the taskbar's printer icon. Which of the following actions should Peter try FIRST to solve this issue?
When this issue occurs, it is often because the system properly sent the print job to the print queue, but the print queue has become stuck. If no error is shown in the taskbar's printer icon, the user should open the print queue to determine if the print job has become stuck. If it is, then the print queue can be emptied or reset.