1102 Flashcards

Question

A technician needs to recommend the best backup method that will mitigate ransomware attacks. Only a few files are regularly modified; however, storage space is a concern. Which of the following backup methods would BEST address these concerns? A. Full B. Differential C. Off-site D. Grandfather-father-son

Answer 1

B. Differential Explanation: A differential backup copies only the files that have changed since the last full backup. This method: Saves storage space, since it avoids copying unmodified files repeatedly Speeds up the backup process Allows faster recovery than incremental backups (which require multiple sets) It is especially useful in environments where only a few files are regularly modified, as stated in the question.

Answer 2

A. Avoid distractions Explanation: By ignoring the phone call and setting the phone to silent, the technician is demonstrating professionalism by choosing to avoid distractions and remain focused on the customer’s issue. This ensures quality service and shows respect for the customer’s time and concerns.

Answer 3

D. robocopy Explanation: robocopy (Robust File Copy) is a powerful command-line tool in Windows designed for reliable file transfers, especially over unreliable connections or during large file operations. It supports: Automatic resume if the transfer is interrupted Retry options for failed file copies Efficient copying of large numbers of files or large files Ability to preserve file attributes and timestamps

Answer 4

A. Full Explanation: The first backup in any backup system must be a full backup. A full backup captures all data selected for backup and serves as the baseline for any future incremental or differential backups. Without an initial full backup: Differential and incremental backups would have no reference point. Recovery would be incomplete or impossible.

Answer 5

D. Firewall Explanation: A firewall on a smartphone—especially an application-level firewall—can monitor and control network access for individual apps. With the right firewall in place, the user can: Receive alerts when an app attempts to access the internet Block or allow outgoing/incoming data traffic on a per-app basis Track data usage and identify which apps are communicating in the background This directly addresses the concern about hidden or excessive data transmission.

Answer 6

D. Disk encryption Explanation: Disk encryption (also known as full-disk encryption or FDE) is the most appropriate technology for securing a point-of-sale (POS) workstation in the event of theft. It encrypts the entire contents of the drive—including the operating system, applications, and all stored data—so that unauthorized users cannot access any information without the proper authentication key or password. This is especially important for a POS system, which processes credit card and loyalty card data, making it a high-value target for attackers.

Answer 7

D. .app Explanation: On macOS, software applications are typically distributed and installed using the .app file format. These are application bundles that macOS recognizes as executable programs. When you drag and drop a .app file into the Applications folder, you're effectively installing the software.

Answer 8

C. Close unnecessary applications E. Update the device's operating system Explanation: The symptoms — overheating, application crashes, and orientation issues — suggest the phone may be overloaded with running processes, or there may be bugs or performance issues in the current OS version. C. Close unnecessary applications Reduces CPU and memory usage, helping with overheating and stability. A quick fix that minimizes impact and requires no data loss. E. Update the device's operating system OS updates often include bug fixes and performance improvements that can resolve orientation issues, app crashes, and thermal inefficiency. Has a low impact when done correctly and improves long-term performance.

Answer 9

C. Check for any installed patches and roll them back one at a time until the issue is resolved Explanation: Since the issue started after a reboot that occurred in the middle of the night, it's likely that Windows automatically installed updates or patches during that time. These updates can sometimes cause compatibility issues or unintended side effects like applications failing to load.

Answer 10

C. Badge reader Explanation: A badge reader is a secure physical access control device used to restrict entry to sensitive areas such as a data center. It typically scans an employee’s ID badge or access card, and only allows access to authorized personnel. Badge readers are commonly part of access control systems (ACS) that also log entry attempts for auditing purposes.

Answer 11

A. Enable multifactor authentication for each support account F. Enforce account lockouts after five bad password attempts Explanation: The threat described involves brute-force attacks against remote-access tools. The two most effective ways to mitigate this risk are: A. Enable multifactor authentication (MFA) MFA adds a second layer of security beyond passwords. Even if a password is brute-forced, the attacker still needs the second factor (e.g., a code from an app or token), making access extremely difficult. This is a best practice for all remote access scenarios, especially in sensitive environments like banks. F. Enforce account lockouts after five bad password attempts Brute-force attacks depend on unlimited or high-volume login attempts. Locking out an account after a small number of failed attempts effectively stops brute-force attacks in their tracks. This should be part of a broader account protection policy.

Answer 12

D. Resource Monitor Explanation: Resource Monitor is the best tool to diagnose performance issues on a slow-running computer. It provides real-time data on: CPU usage Memory consumption Disk activity Network utilization Specific processes causing high resource use This allows the technician to pinpoint the bottleneck—whether it's an overloaded CPU, insufficient RAM, or a background process using too many resources.

Answer 13

C. Hash verification Explanation: The string 59d15a16ce90c8ee97fa7c211b7673a8 is a hash value—most likely an MD5 or SHA-1/SHA-256 hash. When downloading an ISO or other software file, publishers often provide a hash value so users can verify: The file's integrity (it wasn’t corrupted during download) The file hasn’t been tampered with (to detect malware or unauthorized changes) To perform the verification, the administrator generates a hash from the downloaded file and compares it to the provided hash. If the values match, the file is safe and unaltered.

Answer 14

A. Prevent a device root E. Block third-party application installation Explanation: After removing malicious apps and installing Mobile Device Management (MDM) software, the administrator should focus on securing the device against future compromise by limiting risky behaviors and unauthorized installations. A. Prevent a device root Rooted devices bypass manufacturer and OS-level security, allowing apps to access system files and settings. Preventing root access helps ensure malware cannot gain elevated privileges, which is crucial for maintaining device integrity. E. Block third-party application installation Malicious apps often come from third-party (unofficial) app stores. Restricting app installations to verified sources (e.g., Google Play Store or Apple App Store) reduces the risk of malware.

Answer 15

B. The laptop has Windows 10 Home installed Explanation: Windows 10 Home edition cannot join Active Directory domains—this feature is only available in Windows 10 Pro, Enterprise, or Education editions. If a technician is trying to join a laptop running Windows 10 Home to a domain, it will fail every time, regardless of network connectivity or updates.

Answer 16

B. Chrome OS Explanation: Chrome OS is a lightweight, cloud-centric operating system developed by Google. It is designed primarily for: Workstations and users who need a simple, browser-based interface Running web applications via the Chrome browser Devices with low hardware requirements, such as Chromebooks Chrome OS is ideal for environments like schools, call centers, or remote workers who need fast boot times, minimal local storage use, and cloud integration.

Answer 17

B. Navigate to the Windows 10 Settings menu, select the Accounts submenu, select Sign-in options, select Windows Hello Fingerprint, and have the user place a fingerprint on the fingerprint reader repeatedly until Windows indicates setup is complete. Explanation: The correct way to set up Windows Hello Fingerprint on a Windows 10 device is through the Settings > Accounts > Sign-in options path. Here, users can enroll a fingerprint by following the on-screen instructions and placing their finger on the scanner multiple times until setup is complete. This method is: User-friendly Fully integrated with Windows Hello Compatible with domain-joined systems where Group Policy allows Windows Hello

Answer 18

C. Network utilization will be significantly increased due to the size of CAD files. Explanation: CAD files are typically large and resource-intensive, especially when used in professional environments like architecture firms. If the new version of the software automatically backs up files to the cloud, it will result in heavy network traffic, particularly during saves and backups.

Answer 19

C. Vishing Explanation: Vishing (voice phishing) is a type of social engineering attack where a malicious actor uses the telephone to trick individuals into revealing sensitive information, such as login credentials, personal data, or financial details. In this case, someone calling and pretending to be from a reputable bank fits the definition of vishing exactly.

Answer 20

B. Account lockout Explanation: A dictionary attack involves systematically trying many possible passwords (usually common words) to guess a user’s login credentials. If the system allowed 500 attempts, that indicates a lack of account lockout policies.

Answer 21

C. dfrgui.exe Explanation: The tool dfrgui.exe launches the Disk Defragmenter GUI in Windows, which is used to analyze and defragment traditional hard disk drives (HDDs). If a drive is heavily fragmented, it can slow down file access times. Defragmenting reorganizes the data so that related parts of files are stored contiguously, improving performance.

Answer 22

B. Degaussing Explanation: Degaussing uses a strong magnetic field to disrupt the magnetic domains on a hard drive, effectively destroying all data stored on it. It is considered one of the most secure and irreversible methods of data destruction—especially for drives that contain Personally Identifiable Information (PII) and must comply with privacy regulations like HIPAA, GDPR, or PCI DSS.

Answer 23

D. Pro Explanation: Windows 10 Pro is the most cost-effective version of Windows 10 that includes support for Remote Desktop (RDP) host access, allowing users to connect to the machine remotely using the built-in Remote Desktop feature.

Answer 24

C. File Explorer Explanation: To hide a file and make it less visible to others (such as preventing accidental deletion), the technician should use File Explorer.

Answer 25

C. Default passwords Explanation: When setting up a SOHO (Small Office/Home Office) Wi-Fi router, the first and most critical step is to change the default administrative username and password. Default credentials are widely known and commonly targeted by attackers. Leaving them unchanged poses a major security risk, allowing unauthorized users to access and configure the router.

Answer 26

D. Escalate the ticket Explanation: When a technician has spent a significant amount of time on an unresolved issue—especially for a high-priority user like the CEO—the appropriate next step is to escalate the ticket.

Answer 27

B. Chain of custody Explanation: The chain of custody is the most critical element to maintain throughout the forensic evidence life cycle. It is a documented process that tracks: Who collected the evidence When and where it was collected How it was handled, stored, and transferred Who had access to it at all times Maintaining an unbroken chain of custody is essential to ensure the integrity and admissibility of the evidence in legal or investigative contexts.

Answer 28

A. DHCP reservation Explanation: When a company prohibits static IP addresses, but still needs a device (like a server) to consistently use the same IP address, the correct solution is to configure a DHCP reservation. DHCP reservation ensures that the DHCP server always assigns the same IP address to a device based on its MAC address, while still complying with dynamic address assignment policies.

Answer 29

D. A rollback plan can be implemented in case the software breaks an application. Explanation: The primary purpose of the change management process is to ensure that any changes to the IT environment are: Planned Documented Tested Approved Reversible (if necessary) In this scenario, although the software was previously installed, reinstalling security software on all servers can still cause compatibility issues or disrupt services. A rollback plan ensures the organization can quickly revert to a stable state if problems arise after reinstallation.

Answer 30

B. Install and run Linux and the required application as a virtual machine installed under the Windows OS Explanation: Running Linux as a virtual machine (VM) on top of Windows is the most efficient solution in this case because it allows: Parallel execution of both Linux and Windows applications at the same time No rebooting or drive swapping required Local execution, which avoids consuming limited bandwidth (unlike a cloud solution) This setup is ideal for occasional Linux use without disrupting the user’s primary Windows workflow.

Answer 31

D. Within the Power Options of the Control Panel utility, select the option Choose What Closing the Lid Does and select When I Close the Lid under the Plugged In category to Do Nothing. Explanation: When a user closes their laptop while it's docked, Windows typically puts the system into sleep mode unless otherwise specified. To prevent this and allow the laptop to remain running (especially while using external monitors), you must configure the "lid close action" in the Power Options. By choosing "Do Nothing" under the Plugged In category, the laptop will continue to operate with the lid closed, allowing use of external peripherals like monitors, keyboard, and mouse.

Answer 32

C. Ransomware Explanation: The sudden inability to access files—paired with a message indicating they are encrypted—is a classic symptom of a ransomware infection. Ransomware is a type of malicious software that: Encrypts the user's files or system Demands a ransom payment to restore access Often spreads through phishing emails, malicious downloads, or vulnerable systems The fact that the files were previously accessible and no internal changes occurred further supports ransomware as the cause.

Answer 33

A. Utilizing an ESD strap B. Disconnecting the computer from the power source Explanation: When replacing sensitive components like a processor, it’s important to follow safety procedures to prevent electrostatic discharge (ESD) and electrical hazards. The two best practices in this scenario are: A. Utilizing an ESD strap Prevents electrostatic discharge, which can damage sensitive internal components like CPUs, RAM, and motherboards. Worn on the wrist and clipped to a grounded surface, it equalizes the electrical potential between the technician and the computer. B. Disconnecting the computer from the power source Prevents electrical shock or damage to components from live electricity. Essential before opening the case or working on internal hardware.

Answer 34

D. Ease of Access Explanation: In Windows, speech recognition is part of the accessibility features, and it can be enabled and configured through the Ease of Access settings. This tool is designed to assist users with various disabilities or preferences, including: Speech recognition Text-to-speech Keyboard and visual accessibility options From Settings > Ease of Access > Speech, users can set up and train the system to recognize their voice for dictation and voice commands.

Answer 35

B. Investigate what the interface is and what triggered it to pop up. Explanation: Since the technician does not recognize the antivirus interface, it may be a fake antivirus (rogue security software)—a common tactic used in scareware and phishing attacks. These interfaces are designed to trick users into believing their system is infected to coerce them into downloading malware or calling fake support lines. The next step is to: Investigate the legitimacy of the interface Check running processes, installed programs, and browser behavior Determine whether it's a legitimate antivirus alert or malicious software mimicking one

Answer 36

D. AUP (Acceptable Use Policy) Explanation: The Acceptable Use Policy (AUP) defines what employees are and are not permitted to do with company resources, such as computers, networks, and internet access. Since mining cryptocurrency on a work desktop violates company guidelines, the AUP should be updated to: Clearly state that using company systems for personal profit or unauthorized computing tasks (e.g., mining crypto) is prohibited Help ensure consistent enforcement and awareness among employees Serve as a reference for disciplinary actions

Answer 37

B. VNC (Virtual Network Computing) Explanation: VNC (Virtual Network Computing) is a remote desktop sharing technology that allows a technician to view and control a user's screen in real time. It’s especially useful when: Both the technician and user need to see what's happening on the screen simultaneously Troubleshooting remote desktops or walking users through technical issues visually VNC is cross-platform and widely used in help desk and support environments for interactive support.

Answer 38

A. Biometric lock F. Access control vestibule Explanation: To secure physical access to a data center server room, the focus should be on preventing unauthorized entry and ensuring that only authorized personnel can physically access sensitive systems. The best options from the list are: A. Biometric lock Uses unique physical traits (e.g., fingerprints, retina scans) for identity verification. Very difficult to forge, providing strong authentication for physical access. F. Access control vestibule (Also known as a mantrap) A small space with two doors: one must close and lock before the other opens. Helps prevent tailgating and ensures only one authorized person can enter at a time.

Answer 39

A. WPA3 Explanation: WPA3 (Wi-Fi Protected Access 3) is currently the most secure Wi-Fi protocol. It offers significant improvements over previous standards, including: Stronger encryption with SAE (Simultaneous Authentication of Equals) instead of the older PSK method Protection against brute-force attacks, even if a weak password is used Forward secrecy, ensuring past traffic cannot be decrypted if the password is later compromised Mandatory 192-bit security for enterprise networks

Answer 40

C. RAM Explanation: Upgrading from a 32-bit to a 64-bit Windows operating system will allow the system to fully utilize more than 4GB of RAM. A 32-bit OS can only address up to 4GB of memory, regardless of how much physical RAM is installed. By upgrading to a 64-bit OS, the system can address much more memory (up to terabytes, depending on the OS edition), making it possible to fully use the 6GB of RAM required by the application.

Answer 41

A. Time drift Explanation: In a domain environment, if a computer's system clock drifts too far from the domain controller's time (typically more than 5 minutes), it can prevent domain authentication due to Kerberos protocol restrictions. Kerberos relies on time synchronization for secure token generation, and a time mismatch will result in failed login attempts and inability to access secure intranet resources. The fact that: The laptop works fine on the same network The desktop can't log in to the domain but can access a local account The desktop also can’t reach secure internal resources All point to a time-related issue preventing domain-based services from functioning correctly.

Answer 42

C. Rebuild the user’s profile Explanation: Since: Only one user is experiencing sluggish performance on a shared workstation Other users are not reporting any issues The system itself is functioning normally (as confirmed by the systems administrator) …the problem is most likely isolated to the individual user's profile, which could be corrupted or misconfigured. Rebuilding the user’s profile (by backing up their data and creating a new profile) is the most targeted and effective solution. It avoids unnecessary hardware upgrades and system-wide changes, and directly addresses the user's specific experience.

Answer 43

Correct Answer: A. Configure the network as private Explanation: To allow a desktop computer to access shared files on another desktop within a small office network, the technician should configure the network as "Private" in Windows. A Private network profile: Enables network discovery, allowing the computer to see and access other devices Allows file and printer sharing, which is typically blocked on public networks Is intended for trusted environments like home or small office setups This ensures the system can connect to shared drives and browse the local network securely.

Answer 44

TACACS+ (Terminal Access Controller Access-Control System Plus) is a proprietary Cisco AAA protocol used for: Authentication Authorization Accounting TACACS+ provides granular control over user access and is commonly used in enterprise networks to manage access to network devices (e.g., routers, switches). It separates the AAA functions and encrypts the entire payload, unlike RADIUS, which only encrypts the password.

Answer 45

B. Disk Utility Explanation: On macOS, the correct tool to resize partitions on internal or external storage drives is Disk Utility. Disk Utility allows the technician to: Create, delete, and resize partitions Format disks Repair disk permissions and errors Manage APFS and HFS+ volumes It provides a graphical interface for managing disks, making it user-friendly and suitable for most macOS maintenance tasks involving storage.

Answer 46

C. Clean install Explanation: A clean install is the best method for preparing a laptop for a new employee. It involves: Wiping the existing system Reinstalling a fresh copy of Windows 10 Ensuring no leftover data, settings, or applications from the previous user remain Allowing IT to apply standard configurations, policies, and software required for the new hire This method ensures optimal performance, security, and compliance with company standards.

Answer 47

B. Cryptominer Explanation: A cryptominer is a type of malware that hijacks a computer's CPU and/or GPU resources to mine cryptocurrency without the user's knowledge. The symptoms described—slow performance and unusually high GPU temperatures despite normal CPU, disk, and memory usage—strongly suggest a cryptominer infection, as it would push the GPU to its limits.

Answer 48

B. Reimaging the workstation Explanation: If malware persists even after multiple system rollbacks (such as using System Restore), it's likely the infection is deeply embedded or reinfections are occurring. The most effective solution in this case is to: Reimage the workstation, which means wiping the system and reinstalling a clean, pre-configured image of the operating system and applications. This ensures all malware is removed, restoring the system to a known good state.

Answer 49

C. Rollback plan Explanation: The change advisory board (CAB) rejected the change request due to the absence of alternative actions if implementation failed. This specifically points to the lack of a rollback plan, which is a critical part of change management. A rollback plan outlines: How to revert the system to its previous stable state if the change causes problems Steps and procedures to follow in case the change must be undone Ensures business continuity and minimizes downtime or risk Updating and including a clear, tested rollback plan would directly address the CAB's concern and increase the likelihood of approval on resubmission.

Answer 50

A. UEFI password Explanation: To prevent users from enabling virtualization technology, such as Intel VT-x or AMD-V, the technician should set a UEFI (BIOS) password. Virtualization settings are typically found in the UEFI/BIOS firmware, and setting a password: Prevents unauthorized access to firmware settings Ensures users cannot enable or modify hardware virtualization support Enforces compliance with the company's security policy

Answer 51

A. Set AirDrop so that transfers are only accepted from known contacts. Explanation: The executive is likely experiencing unsolicited AirDrop file transfers—a common issue when AirDrop is set to "Everyone". This feature allows nearby Apple devices to send files anonymously, which can be exploited in public places like planes, trains, or conferences to send inappropriate or random files.

Answer 52

D. Operating system update Explanation: Given the context: Outlook worked yesterday The computer restarted overnight It stopped functioning immediately after …the most likely cause is an operating system update. Windows updates often occur during off-hours and can: Break compatibility with certain Office versions Corrupt Outlook profiles or dependent files Reset or alter key system or application settings This is a common and predictable scenario, especially in environments with automatic updates enabled.

Answer 53

B. Bollards Explanation: Bollards are short, sturdy vertical posts designed to prevent vehicles from driving into buildings or restricted areas while still allowing easy pedestrian access.

Answer 54

A. Port forwarding Explanation: When a SOHO router is installed, it typically blocks incoming external traffic by default for security. If the company is hosting a public website on an internal server, customers (external users) will be unable to reach it unless port forwarding is properly configured.

Answer 55

A. Proceed with the custom manufacturer's procedure. Explanation: Printer consumables—such as toner cartridges, ink cartridges, and imaging drums—often require special handling due to chemical content and environmental impact.

Answer 56

D. Clear the application cache Explanation: When an Android application crashes immediately upon launch, the most non-destructive first step is to clear the app cache.

Answer 57

A. Changing channels Explanation: Wireless interference from other nearby networks (SSIDs) is most commonly caused by overlapping channels, especially on the crowded 2.4 GHz band. The best way to resolve this issue is to Change the wireless channel on the access point to one that is less congested. In the 2.4 GHz range, the non-overlapping channels are 1, 6, and 11. Switching to a less crowded channel minimizes signal overlap and improves performance.

Answer 58

D. Recalibrating the accelerometer Explanation: The accelerometer in a smartphone is the sensor responsible for detecting orientation changes (e.g., from portrait to landscape). If the display fails to rotate even when autorotate is enabled, it's likely that the accelerometer is malfunctioning or needs recalibration. Recalibrating the accelerometer allows the phone to accurately detect movement and orientation, resolving issues like stuck screen rotation.

Answer 59

B. Windows Professional Edition Explanation: To join a corporate domain and access enterprise features like Group Policy, domain authentication, and shared network resources, the PC must be running an edition of Windows that supports domain join. Windows Professional Edition is the most commonly deployed version in corporate environments because it: Supports domain join and Active Directory Includes remote desktop, BitLocker, and Group Policy management Is cost-effective compared to Enterprise

Answer 60

B. Determine if the device has adequate storage available. Explanation: A common reason why Android OS updates fail, especially during a tethered (USB-connected) update, is insufficient internal storage space. Even if no error message is shown, the update process often silently fails or halts when: There isn't enough space to download, unpack, or install the update Temporary files from prior updates or apps are consuming disk space Checking available storage is a logical and non-invasive first step before diving into other potential causes.

Answer 61

D. The newly installed OS is x86. Explanation: An x86 (32-bit) version of Windows has a maximum usable RAM limit of 4GB, regardless of how much physical memory is installed. This is due to the addressing limitations of 32-bit architecture. In this case, the technician installed a 32-bit (x86) version of Windows 10 on a system with 16GB of RAM, so the OS can only utilize 4GB, and the rest is unused.

Answer 62

C. Install privacy screens Explanation: In a call center environment where patient data (e.g., PHI under HIPAA) is visible on screens and agents frequently walk away from their workstations, the best preventive measure against visual data theft is to install privacy screens.

Answer 63

C. A full backup of the data that is stored off site in cold storage Explanation: Cold storage refers to data that is: Completely offline and inaccessible via the network Protected from ransomware and other cyber threats Ideal for archiving sensitive or infrequently accessed data This method ensures the data remains intact for years, which satisfies the CFO’s compliance and business continuity needs.

Answer 64

A. Use a key combination to lock the computer when leaving. Explanation: The most effective and immediate way for the officer to secure the workstation is to use a keyboard shortcut like: Windows + L on Windows Ctrl + Command + Q on macOS This action instantly locks the session, ensuring that: No unauthorized users can access the workstation Sensitive law enforcement data is protected The officer can quickly resume work without rebooting or logging out

Answer 65

D. Change the default passwords on new network devices. Explanation: The first step after installing a new router or network hardware is to change the default administrative passwords. Default credentials are widely known and often published online, making devices with unchanged passwords a major security risk.

Answer 66

D. The time or date was not in sync with the website. Explanation: If multiple users on a corporate network receive messages that websites cannot be trusted, but remote users are unaffected, the most likely cause is that the system time or date is incorrect on internal machines or a shared resource (such as a domain controller).

Answer 67

B. Name on a medical diagnosis Explanation: The name on a medical diagnosis is most likely to be regulated because it involves Personally Identifiable Information (PII) combined with health information, making it Protected Health Information (PHI) under laws like: HIPAA (Health Insurance Portability and Accountability Act) in the U.S.

Answer 68

D. MDM (Mobile Device Management) Explanation: Mobile Device Management (MDM) is the best solution to prevent rooting or jailbreaking of company-issued mobile phones.

Answer 69

B. Startup Folder E. Task Scheduler Explanation: To configure a conference room computer to automatically launch an application upon login, the technician can use either of the following methods: B. Startup Folder A traditional and simple method. Any shortcut placed in the Startup folder will launch that application automatically when the user logs in. E. Task Scheduler Offers more granular control, such as: Running the app only at logon Setting conditions (e.g., only if idle, or with certain permissions) Useful for more complex automation scenarios.

Answer 70

A. Require the user to change the password at the next log-in Explanation: When a systems administrator resets a user's password, the best practice to maintain account security is to force the user to change the password at their next log-in.

Answer 71

D. rd Explanation: The **rd** command (short for remove directory) is used in the Windows Command Prompt to delete an empty directory. It can also be written as **rmdir**.

Answer 72

B. Disconnect the power before servicing the PC. Explanation: When troubleshooting a suspected short in a computer's power supply, the very first and most critical step is to: Disconnect the power source (unplug the PC from the wall outlet or surge protector) This action: Eliminates the risk of electrical shock Prevents further damage to components Ensures safe servicing conditions

Answer 73

D. Internet Options Explanation: To configure a proxy server for content filtering or web access in Windows, the best utility to use is: ✅ Internet Options → Connections tab → LAN Settings

Answer 74

D. VNC with username and password Explanation: macOS includes a built-in VNC-compatible service called Screen Sharing, which can be accessed via: A standard VNC client on the Windows machine (e.g., RealVNC, TightVNC) Connection over the network using the server's IP address This provides full GUI access, making it ideal for tasks that require interacting with the macOS desktop environment.

Answer 75

D. Smart card and password Explanation: Multi-Factor Authentication (MFA) requires authentication using at least two of the following distinct factors: Something you know – e.g., password, PIN Something you have – e.g., smart card, mobile token Something you are – e.g., fingerprint, retina scan, facial recognition Smart card (have) + password (know) = MFA This combination uses two different factors, which meets the MFA definition.

Answer 76

C. Remove the static IP configuration from the desktop. Explanation: The message “address is already in use” indicates an IP address conflict. In this scenario: The user has a specific IP address required to access specialized software. That same IP is likely still statically configured on the old desktop. The new laptop is now trying to use the same IP, causing a conflict. To resolve the issue, the static IP on the old desktop should be removed (or changed), so the new laptop can take over that IP address without conflict.

Answer 77

D. Rebuild the profile Explanation: When only one user is experiencing an issue with an application (like document-processing software) on a shared Windows workstation, and other users do not have the problem: ✅ The issue is most likely due to a corrupted or misconfigured user profile. Rebuilding the user profile: Creates a fresh environment for the user Resolves problems tied to user-specific settings, app data, or registry entries Retains system-wide configurations that are working fine for others

Answer 78

B. Pro Explanation: BitLocker is a full-disk encryption feature built into Windows that helps protect data by encrypting entire volumes. ✅ The most basic version of Windows that includes BitLocker is Windows 10/11 Pro. Windows Home editions do not support BitLocker. More advanced editions like Enterprise and Pro for Workstations also include BitLocker, but they offer additional enterprise-level features.

Answer 79

✅C. Reboot the system in safe mode and rescan. Explanation: Booting into Safe Mode loads Windows with minimal drivers and services, which: Prevents most malware from running (especially those that auto-start) Allows antivirus and anti-malware tools to more effectively detect and remove threats Preserves the user’s files and installed applications ✅ This is the best balance between effective malware removal and data preservation.

Answer 80

✅ D. Installer_x86.exe Explanation: The Windows 10 Enterprise 32-bit operating system only supports 32-bit applications. In Windows terminology: x86 refers to 32-bit architecture x64 refers to 64-bit architecture ✅ Therefore, the technician should run Installer_x86.exe to ensure compatibility with the 32-bit OS.

Answer 81

B. Enable the microphone under Windows Privacy settings to allow desktop applications to access it. Explanation: In Windows 10, microphone access is restricted by privacy settings. Even if the mic works with built-in apps (like Voice Recorder), third-party desktop applications (such as VoIP software) may be blocked from using it unless explicitly allowed.

Answer 82

C. The network cable has become disconnected. Explanation: Given the situation: The user cannot connect to the network The technician cannot ping the desktop There is ongoing construction nearby ✅ The most likely cause is that the network cable was physically disconnected, possibly due to construction workers moving equipment or accidentally unplugging/disrupting the cable connection.

Answer 83

B. Clearing the cache Explanation: If a website is confirmed to be online and working for others, but one user still cannot access it, the most likely local cause is a corrupted or outdated browser cache. The cache may contain: Old page versions Redirects Expired authentication sessions

Answer 84

C. In-place upgrade Explanation: An in-place upgrade allows the technician to: Upgrade Windows 7 Pro to Windows 10 Pro Preserve user files, applications, and settings Perform the upgrade locally, one PC at a time ✅ This is the most efficient method when you want to retain user data and minimize post-upgrade configuration.

Answer 85

✅ D. Enabling BitLocker on all hard drives Explanation: To mitigate the risk of data loss from lost or stolen laptops, the most effective and seamless solution is: ✅ Full-disk encryption with BitLocker BitLocker encrypts all data on the drive, making it inaccessible without the correct credentials—even if the hard drive is removed and connected to another device.

Answer 86

C. WPA3 Explanation: WPA3 (Wi-Fi Protected Access 3) is the most secure and current standard for wireless network encryption. It provides: Stronger encryption algorithms (like SAE – Simultaneous Authentication of Equals) Improved protection against brute-force attacks Better individualized data encryption

Answer 87

A. The user's password expired while on vacation. Explanation: The scenario describes a user who: Can log in to Windows locally (likely using cached credentials) Cannot access internal network shares Cannot browse any websites (internal or external) Gets errors like “Hmm, we can't reach this page” — a generic browser connectivity message This behavior is consistent with a situation where the user’s Active Directory password has expired: They are authenticated locally using cached credentials But cannot fully authenticate to the network or domain resources, which prevents: Access to internal network shares Use of the DNS infrastructure for resolving external websites Authentication to proxy servers (if required for internet access)

Answer 88

✅ B. .pkg ✅ D. .dmg ✅ G. .app Explanation: On macOS, the most common file extensions used to install or run applications are: ✅ .pkg (Package Installer) Apple’s official installer package format Used for system-level installations and software from trusted sources ✅ .dmg (Disk Image) Compressed disk image file Commonly used to distribute applications; users mount it and drag the .app to Applications ✅ .app (Application Bundle) The actual application package Appears as a single file but is a directory bundle containing the app and its resources

Answer 89

✅ B. Performance Monitor to check for resource utilization Explanation: When a user reports slow performance and constant hard drive activity after installing software, the most logical first step is to: ✅ Use Performance Monitor (or Task Manager) to view CPU, memory, disk, and process usage. This helps determine whether: A specific application (like a background scan) is consuming excessive resources There are multiple services running from the security suite Disk I/O is being maxed out This pinpoints the cause quickly without making changes.

Answer 90

✅ D. The workstations and the authentication server have a system clock difference. Explanation: Active Directory domain authentication requires the system clocks of domain-joined computers and domain controllers to be synchronized within a specific time window (typically 5 minutes by default). ✅ If the Group Policy forces workstations to use an SNTP server that is out of sync (or offline), this can result in a significant time difference, causing Kerberos authentication to fail—and users can't log in. This is the most common and likely cause when login issues follow a time-related policy change.

Answer 91

A. Differential backup Explanation: A differential backup stores all data that has changed since the last full backup. This backup method allows for quick restoration using only: The most recent full backup The most recent differential backup

Answer 92

A. Acceptable use policy. Explanation: The acceptable use policy (AUP) defines how users are allowed to access and use company resources, including: Account usage rules Restrictions on sharing login credentials Prohibited activities such as unauthorized access to another user’s account—even with consent

Answer 93

D. Disconnect the machine from the network. Explanation: The .lock file extension is a strong sign of a ransomware infection. These attacks encrypt files and demand payment to unlock them. The first and most critical step is to: ✅ Disconnect the machine from the network (wired and wireless) This action is necessary to: Prevent the ransomware from spreading to other devices, shared folders, or network drives Stop additional files from being encrypted Preserve the current state of the system for investigation or recovery

Answer 94

✅ B. Changing proxy settings Explanation: If a user is being redirected to unfamiliar websites while browsing with Internet Explorer, it's likely due to malicious or incorrect proxy settings configured on the system. These settings can: Hijack web traffic Redirect to malicious or ad-heavy websites Be modified by malware or potentially unwanted programs (PUPs) ✅ Checking and removing unwanted proxy configurations will typically resolve the redirection issue.

Answer 95

✅ A. Risk analysis Explanation: Before a change request—such as a server deployment—can be approved, it must go through a change management process. A critical part of that process is: ✅ Risk analysis – assessing the potential impact, likelihood of failure, security concerns, and any mitigation strategies. This helps the Change Advisory Board (CAB) or approving authority determine whether the proposed change is safe, necessary, and worth proceeding.

Answer 96

✅ C. Operating systems no longer receive updates. Explanation: When an operating system reaches end-of-life (EOL) status, the manufacturer (e.g., Microsoft, Apple, or a Linux distribution team) no longer provides: Security patches Feature updates Technical support ✅ This makes the system vulnerable to security threats and non-compliant with many IT policies and regulations.

Answer 97

✅ C. Ease of Access Center Explanation: The Ease of Access Center in Windows is specifically designed to help users with disabilities, including those who are visually impaired. From this utility, a technician can configure features such as: Narrator (text-to-speech) Magnifier High contrast modes On-screen keyboard Text size adjustments ✅ This is the best and most comprehensive tool for making a system accessible to users with vision impairments.

Answer 98

B. close out of the site and contact the bank. Explanation: The error message — "The security certificate presented by this website was issued for a different website's address" — indicates a potential security threat, such as: A man-in-the-middle attack A spoofed or malicious website A misconfigured or fraudulent certificate ✅ The safest and most appropriate action is to close the website immediately and contact the bank directly using a known, trusted method (e.g., official phone number).

Answer 99

Correct Answer: ✅ A. Rearranging the monitor’s position in display settings Explanation: When multiple monitors are connected, Windows allows you to rearrange their physical layout in Display Settings to match how they are positioned on your desk. ✅ In this case, the new monitor is physically to the right, but Windows likely thinks it’s on the left or unassigned side, so the mouse can't move between screens properly. By dragging the monitor icons in Settings > System > Display, you can match the actual arrangement, allowing smooth mouse transitions between them.

Answer 100

✅ A. The smartphone’s line was not provisioned with a data plan Explanation: The user is able to: Make calls and send texts (uses the voice network, not data) Use internet services only when connected to Wi-Fi But: Cannot access internet-related functions over mobile data ✅ This strongly indicates that the smartphone’s cellular line is not provisioned with a data plan or mobile data is disabled. Without an active data plan: Mobile internet (web browsing, email, apps) won’t work off Wi-Fi Calls and SMS continue to work because they use a different channel

Answer 101

D. The runtime environment is not installed. Explanation: The error "How do you want to open this file?" typically appears in Windows when the system does not recognize the file extension or doesn't have the appropriate application or interpreter installed to run it. In this case, the script is named Inventory.py, which is a Python script. This message most likely means that: ✅ Python is not installed, or the .py file extension is not associated with the Python interpreter. Once Python is properly installed, double-clicking the script should launch it, or it can be run from the command line using: bash Copy Edit python Inventory.py

Answer 102

✅ D. Distributed denial of service Explanation: When multiple computers from different locations flood a company’s web server with connection requests, overwhelming it and making it unavailable to legitimate users, this is a classic: ✅ Distributed Denial of Service (DDoS) attack. In a DDoS attack: The goal is to disrupt availability by overwhelming the server with traffic Multiple systems, often part of a botnet, are used to launch the attack from various geographic locations

Answer 103

✅ C. Run chkdsk on the drive as the administrator Explanation: To verify the integrity of a disk and check for bad sectors without making changes immediately, the technician should use: ✅ chkdsk – Check Disk Utility When run with just chkdsk (without /f or /r), it scans the file system and disk surface to detect: File system errors Bad sectors Directory structure issues 🛠 Command: chkdsk C: This will check the disk and report issues without making any changes.

Answer 104

✅ A. Stop code Explanation: When a Blue Screen of Death (BSOD) appears, it displays a stop code, which is a hexadecimal error code and brief message that identifies the cause of the system crash. ✅ The stop code is the most direct and relevant information to begin diagnosing a BSOD. For example: 0x0000007B indicates an inaccessible boot device 0x0000001E relates to a kernel mode exception not handled Technicians can look up stop codes to find specific causes and recommended resolutions.

Answer 105

✅ B. WPA3 Explanation: WPA3 (Wi-Fi Protected Access 3) is the strongest and most secure wireless encryption protocol currently available for wireless networks. It includes: Stronger encryption algorithms using Simultaneous Authentication of Equals (SAE) Forward secrecy, which protects past sessions even if a password is compromised Improved protection against brute-force attacks ✅ It's the best choice for securing modern Wi-Fi networks.

Answer 106

✅ C. Change the default administrative password Explanation: The first and most critical step to securing new network equipment (like routers, firewalls, and switches) is to: ✅ Change the default administrative password Default passwords are widely known and easily exploited by attackers. Leaving them unchanged creates an immediate vulnerability that can be exploited over the internet or even locally.

Answer 107

✅ A. Send a quick message regarding the delay to the next customer. Explanation: When running behind schedule, the most professional and courteous action is to: ✅ Notify the next customer promptly about the delay, setting expectations and showing respect for their time. This approach: Maintains customer trust Demonstrates professionalism Gives the next customer a chance to adjust their schedule if needed

Answer 108

✅ D. Evil twin Explanation: An evil twin attack involves an attacker setting up a fake wireless access point (with a name similar to a legitimate network) to trick users into connecting. Once connected, the attacker can: Redirect users to phishing websites Capture login credentials Monitor or manipulate network traffic ✅ In this scenario, the user connected to a malicious wireless network and was tricked into entering login credentials, which is textbook behavior of an evil twin attack.

Answer 109

✅ B. Creating a ticketing system Explanation: A ticketing system is the best solution for managing a high volume of service requests because it: Organizes and tracks every user request Enables prioritization and assignment to appropriate staff Provides visibility into request status and workload Allows for reporting and trend analysis to improve efficiency over time ✅ It is a foundational tool for any help desk or service desk environment, especially one struggling with high demand.

Answer 110

✅ A. yum Explanation: The yum command (Yellowdog Updater, Modified) is a package manager used on RPM-based Linux distributions like CentOS, Red Hat Enterprise Linux (RHEL), and Fedora to: Install, update, or remove software packages Handle dependencies automatically ✅ Example: sudo yum install [package-name]

Answer 111

✅ A. Multifactor authentication will be forced for Wi-Fi. Explanation: Deploying client certificates in conjunction with a username and password introduces multifactor authentication (MFA) because it combines: Something the user knows – their username and password Something the user has – a client certificate stored on the device ✅ This enhances security by requiring both factors for Wi-Fi authentication, making unauthorized access significantly more difficult.

Answer 112

✅ D. The log-in script failed Explanation: In many corporate environments, network drives are mapped automatically during login using a log-in script (batch, PowerShell, or Group Policy-based). If the log-in script fails, the user will: Be successfully logged in to the computer But not see or access mapped network drives ✅ Since no other users are affected, it's likely a local issue such as a failed or misconfigured login script for that user.

Answer 113

✅ A. resmon.exe Explanation: **resmon.exe** launches Resource Monitor, a powerful tool in Windows used to view real-time system performance, including: Disk I/O (input/output activity) CPU and memory usage Network activity ✅ It's the best tool to confirm high disk I/O and identify which processes are causing it.

Answer 114

✅ D. Failed login restrictions Explanation: Failed login restrictions are designed to prevent unauthorized access attempts by: Locking the device after a set number of incorrect attempts Introducing time delays between attempts Potentially triggering data wipes after multiple failed tries (if configured) ✅ This feature directly addresses the concern of brute force attacks on a pattern lock screen.

Answer 115

✅ D. Restrictions of use Explanation: A EULA (End-User License Agreement) is a legal contract between the software provider and the user that defines how the software can be used. It typically includes: ✅ Restrictions of use (e.g., no reverse engineering, limited number of installations) Licensing terms (single user, enterprise, etc.) Warranty disclaimers and limitations of liability It sets clear boundaries on what users can and cannot do with the software.

Answer 116

✅ C. The deployment script is performing unknown actions. Explanation: Running a script from the internet without understanding its contents poses a serious security and operational risk. The script could: Contain malicious code Make unauthorized changes Cause data loss or corruption Bypass security policies ✅ The biggest danger is that it may be performing unknown or harmful actions, which the administrator would not be able to detect or prevent.

Answer 117

✅ D. The device is restricted from updating due to a corporate security policy. Explanation: In many enterprise environments, Mobile Device Management (MDM) or other corporate security policies are configured to: Delay or block OS updates until they are tested and approved Ensure compatibility with internal apps and systems Prevent unintended disruptions or vulnerabilities from unverified updates ✅ This is the most likely reason the device is out of date despite auto-updates being enabled.

Answer 118

✅ C. Name server Explanation: If a user can access websites via IP address (e.g., 8.8.8.8) but cannot resolve domain names (e.g., www.google.com), the issue is almost always related to DNS (Domain Name System) resolution. The name server (DNS server) is responsible for converting domain names into IP addresses. If the DNS server is misconfigured, unreachable, or incorrect, the user: Can connect via IP addresses ❌ Cannot connect via domain names ✅ Updating the name server (e.g., setting it to a public DNS like 8.8.8.8) will likely resolve the issue.

Answer 119

✅ B. Implement the deployment Explanation: In the change management lifecycle, once a change request has been approved, the next logical step is to: ✅ Implement the deployment as specified in the change plan. This means carrying out the approved changes in accordance with pre-defined procedures, including any rollback plans if necessary.

Answer 120

✅ D. devmgmt.msc (Device Manager) Explanation: Since the touchpad stopped working after a Windows update, the technician suspects a driver or hardware-related issue. The best tool to inspect and adjust device settings and drivers is: ✅ Device Manager (devmgmt.msc) With Device Manager, the technician can: Check the status of the touchpad Update, roll back, or reinstall the driver See if the device is disabled or has an error

Answer 121

✅ A. Power off the machine Explanation: When ransomware is actively detected and cannot be quarantined, it likely means the malware is still running and encrypting files in real time. The top priority is to halt its activity immediately to: Prevent further file encryption Stop it from spreading to networked systems Minimize data loss ✅ Powering off the machine is the fastest way to stop the malware and prevent more damage.

Answer 122

Correct Answer: ✅ F. services.msc Explanation: The error message "The Audio Driver is not running" typically means that the Windows Audio service is stopped or has failed. To resolve this: ✅ Launch services.msc to access the Services console, where you can: Start or restart the Windows Audio service Set it to Automatic if it’s disabled Check dependencies like the Audio Endpoint Builder service

Answer 123

✅ A. System Explanation: To modify the Path Environment Variable, the technician should use the System utility in the Control Panel. This is where you can: Access Advanced system settings Open the Environment Variables dialog Edit the Path variable to include the directory where the new application's executable resides ✅ This ensures the application can be run from any command prompt without specifying its full path.

Answer 124

✅ A. Power user account Explanation: A Power User account in Windows provides elevated privileges compared to a standard user, but less than an Administrator. This account type is ideal for: Accessing advanced features and settings in applications Performing some system-level tasks Maintaining a least privilege environment by not granting full admin rights ✅ It strikes the right balance between functionality and security in environments where advanced application use is needed but full administrative access is not allowed.

Answer 125

✅ C. Modified file Explanation: A hash value is a unique digital fingerprint of a file. If the hash of the downloaded file does not match the vendor-provided hash (a11e11a1 ≠ 2a222a2b2), this strongly indicates that: ✅ The file has been modified, either due to: Corruption during download Tampering or malicious alteration Compromise on the host server This is a critical security concern and means the file should not be executed.

Answer 126

✅ D. Shredding Explanation: For optical media like CDs, DVDs, or Blu-ray discs, the MOST effective and secure method of disposal is: ✅ Shredding — physically destroying the disc so data cannot be recovered. Special optical media shredders or disc pulverizers are designed to break the disc into small, unreadable pieces, ensuring complete data destruction.

Answer 127

✅ C. If NFC is enabled Explanation: NFC (Near Field Communication) is the core technology used by mobile payment apps like Apple Pay, Google Pay, and Samsung Pay. When the user tries to make a payment at a contactless terminal and it fails, the most likely cause is that: ✅ NFC is disabled, which means the phone cannot communicate with the payment terminal.

Answer 128

✅ B. Zero day Explanation: A zero-day attack is an exploit that targets a previously unknown vulnerability — one that: Has not yet been patched May not even be publicly disclosed yet Leaves systems unprotected due to lack of available fixes ✅ Since the CEO was informed that there is no patch available, this strongly suggests a zero-day vulnerability has been discovered and possibly exploited.

Answer 129

Correct Answer: ✅ B. Use the application at home and contact the vendor regarding a corporate license. Explanation: Software licenses typically specify where and how many devices the software can legally be installed on. If a user has a personal/home license, it usually: Is not valid for use in a corporate environment Is often limited to a single device May violate the End User License Agreement (EULA) if used improperly ✅ The systems administrator should advise the user to use the application at home as licensed and contact the vendor to obtain a corporate license if the software is needed on company devices.

Answer 130

✅ C. VPN (Virtual Private Network) Explanation: To securely interconnect two remote offices to a main branch, the technician should implement a VPN. A Virtual Private Network: Creates a secure, encrypted tunnel over the internet Enables private communication between geographically separate networks Complies with security best practices for confidentiality, integrity, and privacy ✅ VPN is the industry standard for site-to-site or remote office connectivity.

Answer 131

✅ B. The GPS application contains malware. Explanation: The combination of: Excessive data usage Abnormally slow device performance And the presence of a third-party GPS app strongly suggests the possibility of malware. Malicious applications can: Run background processes that consume bandwidth Send data to remote servers Drain system resources, causing the phone to run slowly ✅ Therefore, malware embedded in the GPS app is the most likely cause of both issues.

Answer 132

✅ C. Chain of custody Explanation: The chain of custody is the chronological documentation showing: Who had access to evidence When and how it was handled or transferred Every step from collection to presentation ✅ It is crucial for legal and forensic purposes, ensuring the integrity and admissibility of evidence in court.

Answer 133

Correct Answer: ✅ D. Turning off AutoPlay Explanation: AutoPlay is a Windows feature that automatically launches specified actions (like opening or executing files) when external media (like flash drives or CDs) are inserted. ✅ Disabling AutoPlay prevents malicious files from automatically executing when a flash drive is plugged in — a common method for spreading malware or ransomware.

Answer 134

✅ D. Sandbox testing Explanation: Sandbox testing involves simulating a change in a controlled, isolated environment (the "sandbox") to: Test how the change will behave Identify potential issues or conflicts Ensure stability before the change is implemented in production ✅ It’s a critical step in change management to reduce the risk of negative impact.

Answer 135

✅ B. Open Settings, select Personalization, click Browse, and then locate and open the image the user wants to use. Explanation: In Windows 10, to change the desktop wallpaper using the Settings tool, the user should: Open Settings Select "Personalization" Go to the "Background" tab Click "Browse" to select and set a new image as the wallpaper ✅ This is the correct and intended method for updating desktop background images in Windows 10.

Answer 136

✅ C. Mission Control Explanation: Mission Control is the macOS feature that provides: An overview of all open windows Access to virtual desktops (Spaces) The ability to create and manage additional desktops ✅ To create a new virtual desktop space, the user can open Mission Control (usually via F3, a swipe gesture, or using Control + ↑) and then click the "+" button at the top-right to add a new desktop.

Answer 137

✅ B. Performing a remote wipe on the device Explanation: When a device containing sensitive or regulated data (such as patient/customer intake information in a doctor’s office) is lost, the BEST and most immediate action is to: ✅ Perform a remote wipe to erase all data and settings on the device. This ensures the data is no longer accessible, even if the tablet falls into the wrong hands.

Answer 138

A. Device drivers C. Installed application license keys ✅ Explanation: A. Device drivers: Including proper device drivers in the master image ensures that hardware like network adapters, graphics cards, and chipsets function correctly across all target systems. Missing or incorrect drivers can lead to post-deployment issues. C. Installed application license keys: If applications are pre-installed on the master image, their licenses must be valid and properly handled to ensure compliance and avoid activation issues on deployed systems. Some applications may require volume licensing or reactivation after deployment.

Answer 139

C. Event Viewer > Windows Logs > Application Explanation: Event Viewer is a diagnostic tool used to view detailed logs about application and system events. The "Application" log under Windows Logs specifically records events related to software, including error messages from installed applications. This is the best tool to research the specific error message encountered during or after an application installation.

Answer 140

C. BitLocker ✅ Explanation: BitLocker is Microsoft's full disk encryption solution built into Windows (especially Pro, Enterprise, and Education editions). It encrypts the entire drive, ensuring that all data on the disk is protected, meeting the requirement for full disk encryption on a Windows laptop. BitLocker can also integrate with TPM (Trusted Platform Module) to securely store encryption keys.

Answer 141

A. Use a network share to share the installation files. ✅ Explanation: Using a network share allows the business owner to copy or run the installer from a central location over the network. This is especially helpful in workgroup environments (non-domain setups) where ease and speed are priorities. It avoids the need to manually plug in USBs or re-download the installer on each PC. It's the most efficient method when deploying the same software to multiple networked machines in a small business.

Answer 142

C. Open Settings, select System, select Display, and change the Scale and layout setting to a higher percentage. ✅ Explanation: In Windows 10, the best way to increase the size of text, apps, and other items is by adjusting the Scale and layout setting. This setting enlarges everything proportionally without lowering screen clarity, unlike reducing resolution. You can access it by: Open Settings Select System Select Display Under Scale and layout, increase the scaling percentage (e.g., from 100% to 125% or 150%).

Answer 143

A. ipconfig /all B. hostname ✅ Explanation: A. ipconfig /all Displays detailed network configuration, including the hostname (under "Host Name") and IP addresses. Useful for gathering comprehensive system network info, which can help the help desk. B. hostname A quick and direct command to display the computer's network name (hostname). Simple and efficient when you just need the device name.

Answer 144

C. PCI ✅ Explanation: PCI stands for Payment Card Industry Data Security Standard (PCI DSS). It is a globally recognized security standard designed specifically to protect credit card information during and after a financial transaction. All companies that store, process, or transmit credit card data are required to comply with PCI DSS.

Answer 145

A. Quarantine the computer. ✅ Explanation: Quarantining the computer is the next immediate step after confirming a virus to prevent the malware from spreading to other systems or compromising network resources. This step isolates the infected system, limiting potential damage before attempting removal or updates.

Answer 146

The correct answer is: B. Attach the external hardware token. ✅ Explanation: Many specialized or high-security applications require a hardware token (e.g., USB dongle or smart card) to verify license authorization or enable the software to function. If the software displays a message that it’s not authorized to run, and the install was successful, it's likely waiting for this external token to be connected as part of the licensing process.

Answer 147

A. Encryption F. Backups ✅ Explanation: To remain compliant with regulatory standards like PCI DSS (Payment Card Industry Data Security Standard), the following controls are critical: A. Encryption: Full-disk and file-level encryption help protect sensitive credit card data at rest and in transit. PCI DSS requires encryption for stored cardholder data. F. Backups: Regular, secure backups ensure data integrity and availability, which are essential parts of data protection and compliance. Helps in recovery from data loss, corruption, or ransomware.

Answer 148

A. Enterprise ✅ Explanation: Windows 10 Enterprise editions often use Volume Licensing with Key Management Service (KMS) activation. KMS activation requires reactivation every 180 days to stay compliant. This setup is common in large organizations to manage and monitor licensing centrally.

Answer 149

D. exFAT ✅ Explanation: exFAT (Extended File Allocation Table) is the best choice for cross-platform compatibility between Windows and macOS. It supports large file sizes (over 4GB) and read/write access on both operating systems without needing third-party drivers or reformatting. Ideal for external drives like SSDs or USB flash drives when used between Macs and Windows PCs.

Answer 150

B. Drilling E. Incinerating ✅ Explanation: To ensure data is completely unrecoverable, especially when requiring a certificate of destruction, the most effective and verifiable methods are: B. Drilling: Physically destroys the platters inside the hard drive, making data recovery impossible. Common method used in secure data destruction services. E. Incinerating: Total physical destruction through burning—destroys all data-containing components. Often used in highly secure environments and can be certified. Both methods are acceptable and certifiable under various data destruction standards like NIST 800-88.

Answer 151

C. Add a password to the guest network. ✅ Explanation: The technician discovered unauthorized users on the Wi-Fi network, likely because the guest network is open or unsecured. By adding a password, access is restricted to authorized users only, effectively preventing neighbors or outsiders from connecting. This step improves network security while still allowing legitimate guest access (e.g., for patients).

Answer 152

C. Booting into safe mode ✅ Explanation: Safe Mode loads Windows with minimal drivers and background processes, which can prevent persistent or deeply embedded malware from running. Running a malware scan in Safe Mode increases the chances of fully detecting and removing malware that might reload itself or hide during a normal boot. This is especially useful for malware that reinstalls itself on reboot, as it's often running processes that block or undo cleaning attempts.

Answer 153

C. Incremental ✅ Explanation: Incremental backups save only the changes made since the last backup (whether full or incremental). This method uses less storage, which means more backup versions can be retained — exactly what the law firm wants. Although restore times are longer (because you need the last full backup plus all subsequent incrementals), the firm explicitly stated that restore time is not a concern.

Answer 154

B. MSRA (Microsoft Remote Assistance) ✅ Explanation: MSRA (Microsoft Remote Assistance) is built into Windows and allows a technician to remotely view or control a user's desktop to provide support. It does not require additional software to be installed on either end, making it ideal for quick, remote help. The user typically sends an invitation file or link to the technician to initiate the session.

Answer 155

D. Missing system files ✅ Explanation: If the antivirus software is actually up to date (verified on the device), but the system still shows notifications that it's out of date, it's likely due to a corrupted or missing system file. These files may affect how Windows Security Center or the antivirus reports status, causing false warnings.

Answer 156

A. Quarantine the host in the antivirus system. ✅ Explanation: The user's issue began after opening a suspicious file, which is a common tactic for malware, especially ransomware. The first action should be to quarantine the host—this isolates the system from the network to prevent: The spread of malware to other systems. Further damage or data exfiltration. Once the system is contained, further investigation and remediation steps (like scans, forensics, or reimaging) can be taken safely.

Answer 157

B. Redeem the included activation key card for a product key. ✅ Explanation: When upgrading from Windows 10 Home to Windows 10 Pro, the user needs a valid Pro product key. If the user purchased a license, it likely came with a product key card (physical or digital). The technician should guide the user to redeem that key by: Going to Settings > Update & Security > Activation Clicking “Change product key” Entering the 25-character product key from the card This process upgrades the edition and activates it with the new Pro license.

Answer 158

B. yum ✅ Explanation: yum (Yellowdog Updater, Modified) is a package management utility used on Linux distributions, especially those based on Red Hat (e.g., CentOS, Fedora, RHEL). It allows users to install, update, remove, and manage software packages from configured repositories.

Answer 159

B. Verify that NFC is enabled. ✅ Explanation: NFC (Near Field Communication) is the technology used for contactless payments (e.g., Apple Pay, Google Pay, Samsung Pay). If the NFC setting is turned off, the payment pad won’t detect the phone, even if other features are working. Ensuring NFC is enabled is the first and most critical step when contactless payments fail.

Answer 160

D. The customer has a guest network enabled. ✅ Explanation: Many home routers have a guest network feature that can be enabled by default or set without a password for convenience. If the guest network is open (no password), anyone nearby can connect without authentication—leading to unauthorized access. This is the most likely cause when Wi-Fi is accessible without a password.

Answer 161

B. Add the required snap-in. ✅ Explanation: If Local Users and Groups is not visible in the Microsoft Management Console (MMC), the most likely reason is that it has not been added as a snap-in. The technician can: Open MMC (mmc.exe) Go to File > Add/Remove Snap-in Select Local Users and Groups Click Add, then OK This will allow them to manage user profiles and perform the rebuild.

Answer 162

B. Regionally diverse backups ✅ Explanation: In an area prone to natural disasters like hurricanes and power outages, it's critical to store backups in geographically separate locations to ensure data survivability. Regionally diverse backups involve storing copies of data off-site, in data centers or cloud regions outside the affected area, protecting the business from local disasters or power failures.

Answer 163

B. Check for application updates. ✅ Explanation: After an OS update, some apps may become unstable or incompatible until the developer releases an update to fix bugs or restore compatibility. The first and least disruptive step is to check the App Store (iOS) or Google Play Store (Android) for an application update that resolves the issue. This step can quickly fix the problem without data loss or major changes.

Answer 164

D. Equipment lock ✅ Explanation: An equipment lock (like a Kensington lock) is a physical security control designed to secure laptops to desks or immovable objects. It prevents theft by physically restricting removal of the device from its location.

Answer 165

C. EOL (End of Life) ✅ Explanation: EOL (End of Life) means the vendor has officially stopped supporting the product. This includes: No more patches or updates No technical support Often, the product is no longer sold or distributed Users are typically encouraged to upgrade to a supported version.

Answer 166

B. Run a virus scan. ✅ Explanation: The first step in response to suspicious behavior after opening a questionable email is to run a virus/malware scan. This helps identify and possibly remove any malicious software that may have been introduced. It’s a non-destructive, quick step that gathers evidence and potentially resolves the issue.

Answer 167

D. WPA2/AES ✅ Explanation: WPA2 (Wi-Fi Protected Access 2) with AES (Advanced Encryption Standard) is a wireless security protocol that supports Enterprise mode, also known as WPA2-Enterprise. In WPA2-Enterprise, users authenticate using login credentials (such as their domain username and password), typically via 802.1X authentication using RADIUS. This setup allows centralized credential-based access to secure SSIDs—ideal for corporate environments.

Answer 168

C. Group Policy ✅ Explanation: Group Policy is the most commonly used tool in a Windows domain environment to centrally configure and enforce security settings on user devices. It allows administrators to: Set password policies Control user access Configure firewall and software restrictions Enforce device-specific security configurations All of this can be done from Active Directory Domain Services using tools like the Group Policy Management Console (GPMC).

Answer 169

A. MFA (Multi-Factor Authentication) ✅ Explanation: MFA (Multi-Factor Authentication) is a security method that requires two or more types of verification to access a system. One common factor is something the user knows (like a password), and the second is something the user has, such as: An SMS code sent to their phone A code from a third-party authentication app (like Google Authenticator or Microsoft Authenticator) This approach significantly increases security by preventing access even if the password is compromised.

Answer 170

B. Power Options ✅ Explanation: To prevent USB devices from being suspended by the operating system (a common issue with peripherals like keyboards, mice, or external drives), the technician should configure the USB selective suspend setting in: Control Panel > Power Options > Change plan settings > Change advanced power settings > USB settings > USB selective suspend setting Setting this option to "Disabled" ensures that the OS does not automatically power down USB ports to save energy.

Answer 171

B. ifconfig ✅ Explanation: On macOS (and other Unix-based systems), the ifconfig command is used to manually configure network interfaces, including setting a static IP address.

Answer 172

D. Vishing ✅ Explanation: Vishing (Voice Phishing) is a social engineering attack where a scammer calls the victim by phone, pretending to be from a legitimate organization (like a bank), and tries to trick them into revealing sensitive information such as passwords, account numbers, or Social Security numbers. The term combines “voice” + “phishing.”

Answer 173

he correct answer is: C. netstat ✅ Explanation: netstat (Network Statistics) is the correct tool for investigating active network connections and listening ports on a device. It helps a technician identify: What services or applications are using network connections Remote IP addresses the laptop is connected to Whether background services are using bandwidth

Answer 174

D. OSX (also written as macOS) ✅ Explanation: macOS (OSX) is a closed-source operating system developed by Apple. Its source code is not publicly available, and it is tightly controlled in terms of licensing and modification. Only Apple hardware is officially supported to run macOS.

Answer 175

B. A cryptominer is verifying transactions. ✅ Explanation: Cryptomining malware (also called cryptojacking) uses the computer’s CPU (or GPU) to mine cryptocurrency without the user’s consent. It causes high CPU usage, often pegging it at 100%, resulting in system slowdown. These types of malware can evade antivirus detection, especially if they use legitimate system processes or fileless techniques.

Answer 176

C. Operating system updates ✅ Explanation: Operating system updates often include security patches that fix known vulnerabilities and exploits. Keeping a device’s OS up to date is one of the most effective ways to prevent attackers from exploiting known flaws in the system.

Answer 177

C. Personalization ✅ Explanation: To enable a screensaver lock on Windows 10, the technician should go to: Settings > Personalization > Lock screen > Screen saver settings From there, they can: Choose a screensaver Check the box for "On resume, display logon screen" Set the wait time (in minutes) before it activates This ensures the workstation locks automatically after inactivity, enhancing physical security.

Answer 178

A. Restore the device to factory settings. ✅ Explanation: If sensitive data has been leaked, and the device has: An unapproved app installed Full command shell access (suggesting the device is rooted or jailbroken) …then the device is severely compromised. The most secure and immediate action is to wipe the device completely by performing a factory reset. This removes any malicious software, backdoors, or unauthorized access points.

Answer 179

C. Asset tags and IDs ✅ Explanation: Asset tags and IDs are used to uniquely identify and track each piece of IT hardware in an organization. When creating a full inventory, these identifiers help document: What equipment exists Where it is located Who it's assigned to When it was purchased or deployed This is essential for asset management, audits, and lifecycle tracking.

Answer 180

C. robocopy ✅ Explanation: robocopy (Robust File Copy) is a powerful command-line utility in Windows designed specifically for reliable and efficient copying, especially in dynamic environments. It supports mirroring, which means it can replicate a source folder exactly, including: Adding new files Overwriting changed files Deleting files in the destination that were removed from the source (using the /MIR flag)

Answer 181

C. DNS servers ✅ Explanation: If a user is redirected to a different website than intended — especially when trying to access a known search provider — this is often a sign of a DNS hijack or manipulation. Malicious DNS servers can redirect legitimate URLs to malicious or ad-filled websites. Checking the configured DNS servers on the system or router is the first and most effective step to investigate and resolve redirection issues.

Answer 182

C. Accelerometer ✅ Explanation: The accelerometer is the internal sensor in mobile devices that detects orientation and movement. If the screen is not rotating despite having auto-rotate enabled, and the device was recently dropped, it’s likely that the accelerometer is damaged or malfunctioning. Replacing the accelerometer would resolve issues related to screen rotation and orientation sensing.

Answer 183

B. Check corporate policies for guidance. ✅ Explanation: When dealing with a computer that holds sensitive information, the first and most appropriate step is to review the organization's policies regarding: Handling of sensitive data Off-site equipment repairs Chain of custody procedures These policies will dictate the correct course of action to ensure data security and compliance with regulations (e.g., HIPAA, PCI-DSS, or internal confidentiality standards).

Answer 184

A. Mission Control ✅ Explanation: Mission Control is a macOS feature that provides a bird’s-eye view of all open windows, desktop spaces, and full-screen apps. It helps users quickly locate, switch between, or organize open applications. Activated by swiping up with three or four fingers on a trackpad, pressing F3, or using Control + ↑ (up arrow).

Answer 185

C. VPN (Virtual Private Network) ✅ Explanation: A VPN creates a secure, encrypted tunnel between the user's device and a remote server or network. It hides IP addresses, encrypts all network traffic, and protects data in transit, making it ideal for secure remote access and privacy. VPNs can use protocols like IPSec, SSL/TLS, or WireGuard to provide enhanced security.

Answer 186

C. VNC (Virtual Network Computing) ✅ Explanation: VNC is a remote desktop sharing protocol that allows the technician to view and interact with the user’s desktop in real-time. It’s ideal for remote support, collaborative troubleshooting, and screen sharing where the technician and user can both see and interact with the screen.

Answer 187

C. Programs and Features ✅ Explanation: Programs and Features (found in Control Panel) allows a technician to repair, modify, or uninstall applications. If an application shows an error like "Application needs to be repaired", this utility often provides a "Repair" option next to the affected program. This is the most direct and appropriate tool for fixing corrupted or failed application installations in Windows 10.

Answer 188

A. The Windows 10 desktop has Windows 10 Home installed. ✅ Explanation: Windows 10 Home does not support incoming Remote Desktop Protocol (RDP) connections. If the technician can ping the machine but RDP fails, and the PC is running Windows 10 Home, that’s the most likely reason—because RDP isn't enabled or available on that edition. Windows 10 Pro, Enterprise, or Education editions are required for hosting RDP sessions.

Answer 189

D. AUP (Acceptable Use Policy) ✅ Explanation: An Acceptable Use Policy (AUP) outlines the rules and guidelines for using company IT resources, including: Network access Internet usage Email behavior Data security practices New employees are typically required to read and sign the AUP before being granted access to ensure they understand their responsibilities and the consequences of misuse.

Answer 190

B. RADIUS (Remote Authentication Dial-In User Service) ✅ Explanation: RADIUS is an authentication protocol often used with WPA2-Enterprise for wireless security in enterprise environments. It enables centralized authentication, typically integrating with Active Directory or LDAP, to: Require both user and device to be in specific security groups. Enforce role-based access control for Wi-Fi connections. This method ensures that only authorized users and machines can connect to the corporate wireless network.

Answer 191

C. Samba ✅ Explanation: Samba is an open-source software suite that allows Linux systems to integrate with Windows Active Directory (AD) environments. It enables: Linux servers and desktops to join Windows domains File and printer sharing using the SMB/CIFS protocol Authentication against AD, making Linux machines behave like Windows clients in an AD environment

Answer 192

D. Unattended installation ✅ Explanation: An unattended installation uses a preconfigured answer file (e.g., autounattend.xml) to automatically provide all the inputs needed during the Windows 10 setup process. It’s the fastest and most efficient method for installing Windows on newly built systems, especially when deploying multiple machines. It eliminates the need for manual input, saving time and reducing configuration errors.

Answer 193

D. Change the default credentials. ✅ Explanation: Changing the default username and password on a SOHO router is one of the most effective first steps in securing it against: Unauthorized remote access Botnet infections DDoS participation Many malicious actors scan the internet for routers with default login credentials and exploit them to take control of the device.

Answer 194

C. Using a PIN and providing it to employees ✅ Explanation: Since the kiosk relies on a numeric keypad, the only practical input method is numeric. Using a PIN (Personal Identification Number) allows employees to quickly and easily unlock the kiosk using just the keypad. This method is efficient, requires no extra hardware, and supports shared access if the same PIN is distributed (or individual ones if security requires it).

Answer 195

C. Shredding ✅ Explanation: Shredding is the BEST physical destruction method for SSDs (Solid State Drives) containing sensitive data. Unlike HDDs, SSDs store data in flash memory chips, making traditional methods like degaussing or low-level formatting ineffective. Industrial shredders designed for SSDs can physically destroy the memory chips, ensuring data is completely unrecoverable.

Answer 196

B. Verify the address bar URL. ✅ Explanation: Pages flashing multiple times before settling could indicate that the user is being redirected, possibly to a malicious or spoofed website. This is a common symptom of phishing attempts, browser hijacking, or DNS redirection. The next best step is to verify that the URL in the browser's address bar is correct and matches the legitimate banking website (e.g., https://www.bankname.com), and that it's using HTTPS with a valid certificate.

Answer 197

D. .py ✅ Explanation: .py is the default file extension for Python scripts. Python interpreters recognize .py files and execute the Python code contained within them.

Answer 198

D. Chromium ✅ Explanation: Chromium OS (not to be confused with the Chromium browser) is an open-source operating system developed by Google that is designed to only run a web browser interface. Devices running Chromium OS (or its commercial counterpart, Chrome OS) are primarily used to access web-based applications and cloud services, relying almost entirely on the Chromium browser environment.

Answer 199

C. Data plan coverage ✅ Explanation: If text messages (SMS) and phone calls are working but the user cannot browse the internet or receive emails, it strongly suggests that cellular data is not working. The most likely cause is an issue with the user's data plan, such as: No data coverage in the area Roaming restrictions while traveling Data plan limits being exceeded Therefore, the first thing to check is whether the data plan is active and has coverage in the current location.

Answer 200

✅ Explanation: If web browsing slows down periodically and then returns to normal after a few days, this strongly suggests the user may be exceeding their mobile data limit or throttling threshold. Many mobile carriers throttle data speeds after a user reaches a certain amount of usage within a billing cycle. The issue resolving itself after a few days could correlate with the start of a new billing period.

Answer 201

B. Clear the browser cache. ✅ Explanation: After editing the hosts file (which maps domain names to IP addresses), some browsers may still use cached DNS data or cached web content. Clearing the browser cache ensures the browser re-reads the updated hosts file and applies the new domain-blocking rules. This step is often necessary to see the immediate effect of changes made to the hosts file.

Answer 202

A. DHCP (Dynamic Host Configuration Protocol) ✅ Explanation: DHCP automatically assigns IP addresses to devices on a network. It is the most appropriate protocol when a device, like the user’s PC, is connected to the internet but does not require a static (permanent) IP address. This simplifies configuration and ensures the device receives a valid address without manual input.

Answer 203

D. Windows Home ✅ Explanation: Windows Home edition does not support domain join functionality. Only editions like Windows Professional, Enterprise, and Education can join Active Directory domains, which are typically used in business or educational environments. If the domain join option is missing, it's most likely because the machine is running Windows Home, which lacks this feature.

Answer 204

D. Keylogger ✅ Explanation: A keylogger is a type of malware that records user input, specifically keystrokes, to capture sensitive data like: Passwords Credit card numbers Personal messages This captured input is then typically sent to a malicious actor without the user's knowledge.

Answer 205

C. devmgmt.msc (Device Manager) ✅ Explanation: devmgmt.msc launches Device Manager, which allows the technician to: Check if the USB adapter is recognized See if the correct drivers are installed View any errors or conflicts Update, disable, or uninstall the device This is the most appropriate tool for troubleshooting hardware-related issues, especially with external devices like USB adapters.

Answer 206

A. Scope ✅ Explanation: Scope defines the extent, boundaries, and scale of a change — including: What systems, users, or processes are affected What is included or excluded in the change The resources and effort required to implement it It sets the limits and expectations for the change being proposed or executed.

Answer 207

A. Rolling back video card drivers ✅ Explanation: A software patch may have included an incompatible or buggy video card driver that changed the screen resolution or DPI settings, resulting in large desktop icons. Rolling back the video card driver to a previous version can restore normal display behavior without impacting the rest of the system.

Answer 208

D. Reinstalling the OS, flashing the BIOS, and then scanning with on-premises antivirus ✅ Explanation: This option represents a comprehensive and realistic approach to recovering from a serious malware infection in a corporate environment: Reinstalling the OS: Ensures all malware embedded in system files is completely removed. Flashing the BIOS: Protects against firmware-level infections (rare, but possible in advanced threats). Scanning with on-premises antivirus: Confirms that the new system image is clean and in line with corporate security standards before putting the machine back into production.

Answer 209

A. Mount the ISO and run the installation file. ✅ Explanation: An ISO file is a disk image of an optical disc (like a CD or DVD) and needs to be mounted to access its contents. In Windows 10 and newer, you can simply right-click the ISO file and select "Mount", which creates a virtual drive. Then, navigate to the mounted drive and run the installation file (often setup.exe or similar).

Answer 210

B. The system is utilizing a 32-bit OS. ✅ Explanation: A 32-bit version of Windows (also known as x86) can only address up to approximately 4GB of RAM, regardless of how much is physically installed. Of that 4GB, only about 3.2–3.5GB is typically usable due to system-reserved memory. To fully use 8GB or more of RAM, the system must run a 64-bit version of Windows (x64).

Answer 211

A. Evil twin ✅ Explanation: An evil twin attack involves setting up a fraudulent Wi-Fi access point with an SSID that closely resembles a legitimate network name (e.g., "Hotel_WiFi" vs. "H0tel_WiFi"). The goal is to trick users into connecting to the fake access point so attackers can: Intercept communications Steal credentials Inject malware

Answer 212

C. Drive failure ✅ Explanation: A S.M.A.R.T. (Self-Monitoring, Analysis, and Reporting Technology) error is a warning from the hard drive or SSD indicating imminent hardware failure. If the user is now receiving a “no OS found” error, it strongly suggests the drive has failed or become unreadable, and the operating system can no longer be detected or booted.

Answer 213

C. Screen timeout D. Screen brightness ✅ Explanation: C. Screen timeout: Controls how long the display stays on when the device is idle. A long timeout setting can significantly drain battery life, especially if the screen stays on after each use. D. Screen brightness: A brighter screen uses more battery power. High brightness settings, especially in combination with long screen timeout, will drain the battery quickly.

Answer 214

C. Risk analysis ✅ Explanation: A risk analysis identifies and explains potential issues or problems that could arise during the implementation of a change. It helps stakeholders understand: What could go wrong The likelihood and impact of each risk How those risks can be mitigated or managed ❌ Why the other options are incorrect:

Answer 215

C. Device compatibility ✅ Explanation: WPA2 is more widely supported across older and newer devices compared to WPA3, which requires newer hardware and software support. This makes WPA2 more compatible, especially in environments with legacy devices that do not support WPA3.

Answer 216

A. VNC (Virtual Network Computing) ✅ Explanation: VNC is a cross-platform, open-source remote desktop protocol commonly used on Linux systems. It allows a technician to view and control a remote Linux desktop environment graphically, making it ideal for troubleshooting. Many Linux distributions include VNC support or have native packages like TigerVNC, RealVNC, or x11vnc.

Answer 217

A. Disable System Restore. ✅ Explanation: Before removing a Trojan or any malware, it's important to disable System Restore so that the malware is not accidentally restored later from a restore point. Some malware can embed itself in restore points, which could lead to reinfection even after removal. Once the system is clean, System Restore can be re-enabled and new restore points created.

Answer 218

B. Chain of custody D. Data integrity ✅ Explanation: B. Chain of custody: This is critical in forensic investigations to document who handled the evidence, when, and under what conditions. It ensures the data has not been tampered with and can be trusted in legal or internal investigations. D. Data integrity: Ensuring the data has not been altered or corrupted during collection, storage, or transfer is essential. Tools like hashing (e.g., SHA-256) are often used to verify that the data remains unchanged.

Answer 219

B. Badge reader E. Motion sensor ✅ Explanation: B. Badge reader: Used to control and log physical access to secure areas within a building. Often used with ID badges or access cards for employees. E. Motion sensor: Detects unauthorized movement within or around a facility. Often tied to alarm systems or security cameras to enhance physical surveillance.

Answer 220

A. EULA (End-User License Agreement) ✅ Explanation: The EULA is a legal agreement between the software publisher and the user that outlines how the software can and cannot be used. Installing multiple copies of home edition software in a business or office environment likely violates the licensing terms defined in the EULA. Home editions are typically licensed for personal use on a limited number of devices, not for commercial or widespread organizational use.

Answer 221

B. Examine the localhost file entries. ✅ Explanation: If a user is being redirected to unexpected websites, even after clearing the browser cache, it’s possible that the hosts file (commonly located at C:\Windows\System32\drivers\etc\hosts) has been maliciously modified. Malicious actors often alter this file to redirect legitimate domain names (e.g., www.google.com) to malicious IP addresses.

Answer 222

B. BitLocker ✅ Explanation: BitLocker is a built-in encryption feature in Windows (available in Pro, Enterprise, and Education editions) that can encrypt the entire drive, helping to protect data if the laptop is lost or stolen. It encrypts files at the disk level, requiring a password, TPM, or USB key to decrypt and boot.

Answer 223

The correct answer is: B. Restricting user permissions ✅ Explanation: In a non-domain environment, where centralized policies (like Group Policy) aren’t used, the best way to protect sensitive systems—especially for departments like finance—is to: Limit user permissions to the least privilege necessary Prevent unauthorized software installation or system configuration changes Reduce the risk of accidental or malicious misuse This approach aligns with the principle of least privilege, a fundamental security best practice.

Answer 224

D. The malware was installed before the system restore point was created. Explanation: System Restore in Windows reverts system files and settings to a previous state using restore points, but it: Does not guarantee removal of malware Does not affect all files, particularly user data or deeply embedded malware Won’t help if the malware existed before the restore point was created ✅ In this case, the malware persisted because it was already present before the restore point, so restoring the system to that point restored the malware too.

Answer 225

D. FAT32 Explanation: FAT32 (File Allocation Table 32) is the most widely supported file system across multiple generations of Microsoft Windows operating systems, from Windows 95 OSR2 through Windows 11. It offers: Universal compatibility with nearly all versions of Windows Read/write support on macOS, Linux, and embedded systems Ideal for USB flash drives and external storage needing broad OS support ✅ Best choice for ensuring maximum compatibility across old and new Windows systems

Answer 226

B. An employee's Apple ID used on the device Explanation: Activation Lock is a security feature tied to Apple's "Find My iPhone" service. When a user signs into a device with their personal Apple ID, it becomes linked to that Apple ID. If the device is later wiped or reset without properly removing the account: ✅ It triggers Activation Lock, requiring the original Apple ID and password to reactivate the device. This often happens with corporate-owned devices when employees sign in with personal Apple IDs, especially if Mobile Device Management (MDM) is not properly configured.

Answer 227

B. Finder Explanation: The default GUI and file manager in macOS is: ✅ Finder Finder is the primary interface for: Navigating files and folders Opening applications Managing connected drives and network locations It's the equivalent of Windows File Explorer and is always accessible from the Dock by default.

Answer 228

B. Battery backup Explanation: To protect systems against frequent short power outages—especially those lasting a few seconds to several minutes—the most effective solution is: ✅ Battery backup, also known as an Uninterruptible Power Supply (UPS) A UPS provides: Immediate power during short outages Time to safely shut down systems during longer ones Protection against voltage drops and spikes This is ideal for micro outages lasting up to 5 minutes, as described in the scenario.

Answer 229

The behavior described—applications launching unexpectedly and browser redirects—is consistent with a broad category of malicious software known as: ✅ Malware Malware is a general term that includes: Viruses, Worms, Trojans, Spyware, Adware, Rootkits, Keyloggers, Cryptominers, and more In this case, since multiple suspicious behaviors are occurring (app hijacking and browser redirects), a generic malware infection is the most accurate and comprehensive diagnosis.

Answer 230

WPA3 (Wi-Fi Protected Access 3) is the latest and most secure Wi-Fi encryption standard and is designed to replace WPA2. It offers: Strong encryption with Simultaneous Authentication of Equals (SAE) Resistance to brute-force attacks Forward secrecy, preventing past data from being decrypted if a password is later compromised ✅ WPA3 is increasingly supported by most modern Wi-Fi-capable devices while maintaining high security standards, making it the best overall choice for compatibility and protection.

Answer 231

B. Shoulder surfing Explanation: A privacy screen is a physical filter placed over a monitor that limits the viewing angle of the screen, so only someone directly in front can clearly see the display. ✅ This helps prevent shoulder surfing, which is when someone tries to view sensitive information by looking over a user's shoulder, especially in public or shared spaces.

Answer 232

B. Edit the hosts file. Explanation: The hosts file is a local configuration file on a computer that maps IP addresses to hostnames (URLs). By editing it, a technician can: Override DNS resolution Manually redirect a URL to a different IP address Perform testing, block sites, or create internal shortcuts ✅ This is the simplest and most direct way to redirect domain names to different IPs without altering external DNS servers.

Answer 233

C. Virtual private network Explanation: A Virtual Private Network (VPN) allows remote employees to securely connect to a company’s internal network over the internet. It creates an encrypted tunnel between the user's device and the corporate network, ensuring that data is protected from eavesdropping and interception.

Answer 234

C. Linux Explanation: Linux is an open-source operating system that allows users to: Access and modify the source code freely (due to its open-source license). Host various server applications, including web servers (Apache, Nginx), databases (MySQL, PostgreSQL), and more. Operate entirely via command-line, especially in server or minimal installations (e.g., Ubuntu Server, CentOS, Arch Linux).

Answer 235

A. RADIUS To enable automatic logins using certificates instead of passwords on a wireless network, the solution must support: ✅ RADIUS (Remote Authentication Dial-In User Service) RADIUS is commonly used in enterprise wireless environments to: Integrate with certificate-based authentication methods like EAP-TLS Work with a certificate authority (CA) to authenticate users/devices without requiring passwords Centralize authentication via 802.1X over wireless networks This setup allows seamless and secure wireless access using digital certificates.

Answer 236

A. Adjust the content filtering. Explanation: If a SOHO (Small Office/Home Office) client is unable to access a specific website—such as a corporate site—the most likely cause is that the site is being blocked by content filtering rules on the network. ✅ Adjusting the content filtering settings (e.g., in the router or firewall) can unblock access to that domain and restore connectivity. This is common when: Web filtering is too aggressive (e.g., blocks business or unknown categories) The corporate website is mistakenly categorized as restricted

Answer 237

B. Sandbox Explanation: A sandbox is an isolated environment used to safely run and test software without affecting the underlying system or network. It allows technicians to: Test untrusted code or applications Analyze potential malware Prevent system-wide changes or access ✅ Using a sandbox ensures that even if the software is harmful or buggy, it won’t compromise the company’s systems.

Answer 238

D. Cryptomining malware Explanation: The scenario describes: High CPU utilization Constant communication with a digital currency-related IP Hash algorithm activity This is a classic sign of: ✅ Cryptomining malware – malicious software that hijacks system resources (CPU/GPU) to mine cryptocurrency without the owner's consent. The attacker profits by using the victim's hardware to solve cryptographic hash problems, earning digital currency while slowing down the server and increasing energy costs.

Answer 239

A. Disk Cleanup Explanation: When a system drive is nearly full, the most appropriate tool to free up disk space is: ✅ Disk Cleanup Disk Cleanup scans for and safely removes: Temporary files System cache Recycle Bin contents Thumbnails and delivery optimization files Previous Windows installations (if applicable) This helps quickly reclaim space without affecting user data or programs.

Answer 240

B. GPT (GUID Partition Table) Explanation: To create five primary partitions and support 4TB of space, the technician must use: ✅ GPT (GUID Partition Table) GPT is the modern partition style that supports: More than four primary partitions (unlike MBR, which is limited to 4) Drives larger than 2TB (MBR maxes out at 2TB) Better reliability with CRC checks and a backup partition table This makes GPT the best and only viable choice in this scenario.

Answer 241

A. Processor Explanation: The error "VT-x not supported by system" refers to Intel Virtualization Technology (VT-x), which is a hardware feature required for virtualization (e.g., for running virtual machines using Hyper-V, VirtualBox, or VMware). ✅ If the current CPU does not support VT-x, the only solution is to upgrade the processor to one that does. In some cases, VT-x may be supported but disabled in the BIOS/UEFI, so the technician should check that first. However, if it's truly not supported, a CPU upgrade is required.

Answer 242

A. Calibrate the phone sensors. Explanation: If the screen is not autorotating even though the setting is enabled and the device has been restarted, the most likely issue is with the orientation sensors, specifically the accelerometer. ✅ The next best step is to calibrate the phone's sensors. This can often resolve issues with screen rotation and other orientation-dependent functions. Calibration helps the system accurately detect movement and orientation, which is required for the screen to rotate properly.

Answer 243

C. ACL (Access Control List) Explanation: NTFS (New Technology File System) uses Access Control Lists (ACLs) to manage permissions for files and folders. An ACL specifies: Which users or groups have access to an object What level of access (e.g., read, write, modify, full control) each user or group has ✅ When a user is granted read-only permissions, that access is defined by an ACL entry on the file or folder.

Answer 244

A. Add a user account to the local administrator's group. Explanation: The User Account Control (UAC) prompt in Windows appears when an action requires elevated (administrator-level) privileges, such as installing software. ✅ The best way to resolve this issue is to add the user to the local administrator group, which grants the necessary privileges to proceed with installations without being blocked by UAC. This allows the user to approve UAC prompts with their own credentials instead of requiring a separate administrator.

Answer 245

C. The incorrect DNS address was assigned. Explanation: The key details are: The computer can ping localhost, the gateway, and even known external IP addresses — meaning the network connection is working. However, it cannot access any web pages (which require domain name resolution). ✅ This strongly indicates a DNS issue, specifically that the DNS server address assigned via DHCP is incorrect or unreachable. If the DNS server is misconfigured or down: The browser can’t translate domain names like www.example.com into IP addresses. Direct IP communication (pinging IPs) still works, which matches the scenario.

Answer 246

D. Check the computer's date and time. Explanation: An error message stating “The security certificate presented by this website has expired or is not yet valid”, while the website works on other machines, usually indicates an issue with the local system's clock. ✅ If the date and time on the user's computer are incorrect, it can cause the browser to misinterpret valid SSL/TLS certificates as invalid. This is a common cause for SSL errors and can be resolved quickly by correcting the system date and time.

Answer 247

✅ A. Uninstalling the application ✅ D. Deleting the application cache Explanation: When a specific Android app crashes immediately upon launch but other apps function correctly, it is likely due to corrupt cached data or a faulty installation. The most effective troubleshooting steps are: ✅ A. Uninstalling the application This removes the app and all its files. Reinstalling the app can resolve issues caused by corrupt data or incomplete updates. ✅ D. Deleting the application cache Clears temporary files that may be causing the app to crash. Often resolves issues without requiring a full uninstall.

Answer 248

✅ C. Settings > Accounts > Family and Other Users Explanation: To add a local administrator on a Windows home PC, the technician should: Navigate to Settings > Accounts > Family and Other Users, then: Select "Add someone else to this PC" Create or select a local account Then click "Change account type" and set it to Administrator This is the correct and most direct way to manage local user roles on a Windows 10/11 Home edition system.

Answer 249

C. Group Policy Explanation: Group Policy is the most efficient way for a Windows administrator to automate and manage settings for multiple users, including: Creating user profiles Mapping home directories Assigning network printers Configuring security settings This centralized management tool allows settings to be pushed to users or computers in a domain environment without manual configuration for each user.

Answer 250

B. Full disk encryption Explanation: Full disk encryption (FDE) protects all data on a drive by encrypting it. If the laptop is stolen, the data remains inaccessible without the correct decryption key — even if someone removes the hard drive and connects it to another device. In this scenario, the user's simple password and lack of additional security make the system vulnerable. However, full disk encryption would have been the most effective measure to prevent the data from being recovered by the thief.

Answer 251

D. taskmgr Explanation: In modern versions of Windows (Windows 8 and later), the Startup tab in Task Manager (taskmgr) is the correct place to view and manage startup programs. While MSConfig was previously used for this purpose, it now redirects users to Task Manager for startup management.

Answer 252

A. certmgr.msc Explanation: certmgr.msc is the Microsoft Management Console (MMC) snap-in used to view, import, export, and manage certificates on a Windows system. Since the issue involves PKI (Public Key Infrastructure) — which relies on digital certificates — this tool is the most appropriate for troubleshooting certificate-related problems.

Answer 253

D. Enterprise Explanation: Windows Enterprise is designed for large organizations and includes the most comprehensive set of features, including: Built-in encryption tools like BitLocker and BitLocker To Go Advanced endpoint protection with Microsoft Defender for Endpoint Group Policy management Windows Information Protection (WIP) AppLocker, Credential Guard, and Device Guard These features make Enterprise the most suitable choice for companies prioritizing security, encryption, and centralized management.

Answer 254

C. The PXE boot option has not been enabled. Explanation: To boot a computer from the network for imaging or deployment, the PXE (Preboot Execution Environment) option must be enabled in the system BIOS/UEFI. PXE allows the computer to: Initialize its NIC at startup Request a boot image from a server (typically via TFTP) Load the OS image for installation or reimaging ✅ If PXE boot is not enabled, the computer will skip over the NIC during the boot process, preventing network imaging.

Answer 255

A. gpedit Explanation: gpedit.msc (Group Policy Editor) is the tool used locally on Windows 10 Professional to configure and manage Group Policy settings. It allows a technician to set policies for the computer or user accounts, such as security options, software restrictions, and user interface controls.

Answer 256

D. EFS (Encrypting File System) Explanation: EFS (Encrypting File System) is a Windows feature that allows users to encrypt individual files or folders on an NTFS-formatted drive. It is ideal when you want to protect specific data without encrypting the entire drive.

Answer 257

A. Workgroup network Explanation: A Workgroup network is a peer-to-peer network model that is ideal for small offices or home environments where: There is no central server. Each computer acts independently. Resources like files and printers can be shared directly between computers. This setup is simple, low-cost, and easy to configure, making it the best choice for a small office with just three PCs.

Answer 258

C. SQL injection Explanation: SQL injection is a common web security vulnerability that occurs when malicious input is inserted into an SQL query. It can be mitigated by using input validation, which ensures that only properly formatted data is accepted by the application. How input validation helps: Sanitizes user input to remove dangerous characters. Ensures data is of the expected type, format, and length. Prevents malicious code from being interpreted as part of a database command.

Answer 259

B. Synthetic Explanation: A synthetic backup creates a full backup by combining existing full and incremental backups, without requiring all the data to be sent over the network again. This method: Reduces network load by avoiding repeated full data transfers. Builds the full backup on the backup server or storage system, not from the source system. Is efficient and ideal for environments where network impact must be minimized.

Answer 260

D. MSRA (Microsoft Remote Assistance) Explanation: Microsoft Remote Assistance (MSRA) is designed specifically to allow a technician to remotely view and share control of a user's Windows desktop while the user watches and participates. It supports: Simultaneous viewing by both technician and user User approval before session begins Real-time troubleshooting with shared control

Answer 261

C. Primary account and password Explanation: When an iPhone is permanently locked after multiple failed login attempts, the only way to restore access is to: Erase the device (using iTunes, iCloud, or Recovery Mode). Sign in with the primary Apple ID and password that was originally used to activate the device. This is part of Apple’s Activation Lock, a security feature tied to the primary iCloud account to prevent unauthorized access, even if the device is reset.

Answer 262

D. FileVault Explanation: FileVault is the built-in full-disk encryption utility in macOS that uses AES-128 (with a 256-bit key) in XTS mode to encrypt the startup disk. It helps prevent unauthorized access to the data on a Mac, especially in the event of theft or loss.

Answer 263

C. Virtual private network Explanation: If a remote user is having trouble accessing an online share (such as a shared drive or folder on a corporate network), the most likely issue is that they are not connected to the company's internal network. A Virtual Private Network (VPN) allows the user to securely connect to the internal network from a remote location, making shared resources accessible as if they were physically on-site.

Answer 264

B. Apologize to the customer and escalate the issue to a manager. Explanation: When dealing with an angry customer and a technical issue outside the scope of your department, the best course of action is to: Remain calm and professional. Apologize for the inconvenience to show empathy. Escalate the issue to someone with the proper authority or expertise (like a manager or field technician). This ensures the customer is being taken seriously and the issue is handled by the appropriate resource, while maintaining professionalism and de-escalating the situation.

Answer 265

A. Power Plans Explanation: Power Plans in Windows control how a laptop manages power usage, especially in different states like plugged in vs. on battery. If the screen is: Turning off quickly after inactivity Dimming while on battery These behaviors are most likely controlled by the Power Plan settings, which allow users to adjust: Screen brightness Screen timeout Sleep timers Processor performance on battery You can access and customize Power Plans via: Control Panel > Power Options or Settings > System > Power & sleep.

Answer 266

D. Browser plug-ins Explanation: If a user is seeing persistent pop-up ads while browsing and malware scans are coming up clean, the next most likely culprit is a malicious or unwanted browser plug-in (extension). These can: Inject ads into web pages Track user activity Redirect traffic

Answer 267

C. Chain of custody Explanation: Chain of custody refers to the documented and unbroken handling of evidence from the time it is collected until it is presented in court. If evidence in a cybercrime investigation is not properly logged, secured, or transferred, it can be considered compromised or inadmissible, leading to the case being dismissed.

Answer 268

E. Remove the user-installed antivirus software program. Running multiple real-time antivirus programs simultaneously causes system slowdowns, conflicts, and instability, as both programs attempt to scan the same files and monitor the same activities in real time. The proper step is to remove the additional antivirus and allow a single, trusted solution (such as Windows Defender or the original AV software) to handle protection.

Answer 269

B. Educate the end user. If the same virus reappears shortly after removal, it's often due to user behavior—such as downloading infected files, clicking malicious links, or visiting unsafe websites. While technical defenses are important, user education is the most effective way to prevent re-infection. Teaching the user safe browsing habits, how to recognize phishing attempts, and avoid risky downloads helps break the infection cycle.

Answer 270

C. Anti-phishing training Whaling attacks are a type of phishing attack that specifically targets high-profile individuals like executives, managers, or finance personnel. These attacks rely on social engineering rather than software vulnerabilities, often involving spoofed emails that look legitimate and aim to trick users into transferring funds or revealing sensitive data. The best defense against whaling is education. Training staff—especially those in high-risk roles—on how to recognize and respond to phishing and whaling attempts is the most effective way to reduce risk.

Answer 271

E. Windows Defender: This is the primary built-in tool for detecting and removing malware on Windows systems. It performs real-time protection, full system scans, and quarantine/removal of threats. F. Network Packet Analyzer (e.g., Wireshark): While not a removal tool, it can help identify suspicious network activity related to malware. It's especially useful in corporate environments for understanding how malware behaves and whether it's communicating externally.

Answer 272

A. Resource Monitor Resource Monitor is a built-in Windows tool that allows administrators to view real-time data about system resources, including CPU, memory, disk, and especially network activity. It provides detailed information about which processes are making network connections, their IP addresses, and how much bandwidth they are using. This makes it ideal for identifying suspicious or unusual traffic sources on a specific machine—such as a kiosk.

Answer 273

A. PIN code A PIN code (Personal Identification Number) is a direct method of securing a mobile device from unauthorized physical access. When a device is left unattended, a PIN ensures that only someone with the correct code can unlock and access it. This is a frontline security measure for protecting user data and maintaining privacy.

Answer 274

B. Roll back the updates. When a recent update causes widespread performance issues, the most direct and effective resolution is to roll back the updates. This reverts the system to its previous stable state, addressing the root cause of the slowdown if the update introduced bugs or compatibility issues. Rolling back is a common part of patch management in IT environments, especially when a patch negatively impacts user productivity or system stability.

Answer 275

C. PXE boot PXE boot (Preboot Execution Environment) is a network-based boot method that allows computers to load an image from a server without using local media (like USB or DVD). It's ideal for wide-scale deployments in enterprise or institutional environments, where dozens or hundreds of machines need the same OS and configurations.

Answer 276

A. Default gateway settings This strongly indicates a routing issue to the internal network. The default gateway is responsible for directing traffic to other networks. If it's set incorrectly (e.g., only routes to the internet and not internal subnets), the user will lose access to internal resources while still reaching the public internet.

Answer 277

B. Rollback Rollback refers to the predefined steps or procedures that are executed to revert a system to its previous stable state if a change implementation causes problems. This is a critical part of change management and ensures business continuity and system integrity in the event of a failed update or deployment.

1102 Flashcards

(303 cards)