A+1102 CompTIA A+ Core 2 Practice Test Flashcards
Which of the following should generate an alert when the account is disabled or altered?
THE CORRECT ANSWER
Change default administrator account.
These default accounts have practical limitations and consequently are the ultimate target for threat actors. Any use of the default administrator account must be logged and accounted for.
Disabling guest accounts allow unauthorized access to the computer and may provide some sort of network access too. It is only enabled to facilitate password-less file sharing in a Windows workgroup.
Restrict user permission means some networks have complex requirements for assigning rights. However, the basic principle is that the number of accounts with administrator privileges should be as few as possible.
Restrict login times are typically used to prevent an account from logging in at an unusual time of the day or night or during the weekend.
A Windows administrator wants to learn how to use Linux by installing the Linux subsystem for Windows. What should their version of Windows have on the New Technology File System (NTFS) to support case-sensitive naming and hard links required by Linux?
THE CORRECT ANSWER
POSIX
To support UNIX/Linux compatibility, Microsoft engineered NTFS to support case-sensitive naming, hard links, and other key features UNIX/Linux applications require. This is known as POSIX compliance.
When data is written to an NTFS volume, it is re-read, verified, and logged via journaling. In the event of a problem, the sector concerned is marked as bad and the data relocated.
FAT32 is a variant of FAT that uses a 32-bit allocation table, nominally supporting volumes up to 2 TB. The maximum file size is 4 GB minus 1 byte.
The Indexing Service creates a catalog of file and folder locations and properties, speeding up searches.
A security analyst notices an unauthorized disclosure of customers’ data at the company. What type of data is breached?
YOU WERE CORRECT
PII
Personally identifiable information (PII) is data that can be used to identify, contact, or locate an individual or impersonate that individual in the case of identity theft. PII is any representation of information that authorizes the identity of an individual.
The open-source license makes it free to use, modify, and share and makes the program code used to design it available.
Healthcare data refers to medical and insurance records plus associated hospital and laboratory test results.
The chain of custody form records where, when, and who collected the evidence, handled it subsequently, and stored it.
A vulnerability manager is brainstorming different ways to enhance security for their cell phone devices. The company only uses Apple, and so one of the ideas the manager comes up with is to look for anomalistic files that do not belong with Apple for signs of possible malware which did not profile the device and instead just blasted malware out, hoping the operating system would be right. Which of the following would be anomalistic?
THE CORRECT ANSWER
.apk
An .apk file is a format for Android. The vulnerability manager only has Apple in their environment. Unknown sources enable untrusted apps to be downloaded from a website and installed using the .APK file format.
DMG (disk image) format is used for simple installs where the package contents need to be copied to the Applications folder.
PKG format is used where app setup needs to perform additional actions, such as running a service or writing files to multiple folders.
The app is placed in a directory with a .APP extension in the Applications folder when it has been installed.
A user logs into a computer and uses a camera that records a 3-D image with its infrared sensor to mitigate attempts to use a photo to spoof the authentication mechanism. What is this called?
YOU WERE CORRECT
Facial recognition
Facial recognition is the bio gesture that uses a webcam to scan the unique features of the user’s face.
A fingerprint is the type of bio gesture authentication that uses a sensor to scan the unique features of the user’s fingerprint.
Single sign-on (SSO) means that a user authenticates once to a device or network to access multiple applications or services. The advantage of SSO is that each user does not have to manage multiple digital identities and passwords.
Gpupdate is a policy applied at sign-in and refreshed periodically, which is normally every 90 minutes. The gpupdate command is used to immediately apply a new or changed policy to a computer and account profile.
Which of the following avoids opening remote desktop ports on the network’s firewall?
THE CORRECT ANSWER
VPN
A virtual private network (VPN) establishes a tunneled link that joins a local computer to a remote network. Establish a VPN link and then use a remote desktop to connect to a host on the private network.
Secure shell (SSH) is also a remote access protocol, but it connects to a command interpreter rather than a desktop window manager.
Virtual network computing (VNC) is a freeware product with similar functionality to RDP. It works over TCP port 5900. Not all versions of VNC support connection security.
Remote Monitoring and Management (RMM) tools are principally designed for managed service providers (MSPs).
A Windows client administrator plans to upgrade their OS in the current environment. What is one of the most important considerations for the upgrade?
THE CORRECT ANSWER
User training
Different desktop styles introduced by a new OS version or changing from one OS to another can generate issues as users struggle to navigate the new desktop and file system. An upgrade project must take account of this and prepare training programs.
While the scenario did not specify which OS the administrator was upgrading to, Windows 11 requires a CPU or motherboard supporting trusted platform module (TPM) version 2.
When data is written to an NTFS volume, it is re-read, verified, and logged via journaling. In the event of a problem, the sector concerned is marked as bad and the data relocated.
The Dynamic Disks feature allows multiple physical disks to be combined into volumes.
A customer uses their computer at a café, and an attacker watches the customer typing their login information. What is this called?
YOU WERE CORRECT
Shoulder surfing
Shoulder surfing attacks are when the attacker learns a password, PIN, or any secure information by watching the user type it.
Tailgating is when entering a secure area without authorization by following closely behind the person allowed to open the door or checkpoint.
Phishing uses social engineering techniques to make spoofed electronic communications seem authentic to the victim. A phishing message might convince the user to perform actions, such as installing malware disguised as an antivirus program.
Vishing is an attack through a voice channel like a telephone. It can be much more difficult for someone to refuse a request made in a phone call than one made in an email.
A vulnerability and risk manager reviews older systems that can only receive critical patches. What are these systems classified as?
THE CORRECT ANSWER
Extended support
During the extended support phase, the product is no longer commercially available, but the vendor issues critical patches.
An end-of-life (EOL) system is one that its developer or vendor no longer supports. EOL systems no longer receive security updates and therefore represent a critical vulnerability.
A public beta phase might be used to gather user feedback. Microsoft operates a Windows Insider Program where users can sign up to use early release Windows versions and feature updates.
When the product is being actively marketed during the supported phase, the vendor releases regular patches to fix critical security and operational issues and feature upgrades to expand OS functionality.
A malware infection can manifest in many ways, often making it difficult to diagnose. Malware may cause which of the following computer issues? (Select all that apply.)
Windows update fails
Redirection
One of the key indicators of malware infection is that security-related applications, such as antivirus, firewall, and Windows Update, stop working. Other applications or Windows tools, such as Task Manager, may also stop working or crash frequently.
Malware often targets the web browser. An example is a redirection, where the user tries to open one page but gets sent to another.
User Account Control (UAC) is a system to prevent unauthorized use of administrator privileges. Malware may try to disable UAC, but it would not enable it.
Roaming profiles copies the whole profile from a share at logon and copies the updated profile back at logoff.
An employee uses a cryptographic contactless technique that allows access to a building. What is this technique?
YOU WERE CORRECT
Badge reader
Badge readers are a type of electronic lock that works with a hardware token rather than a PIN.
A magnetometer is a type of metal detector often deployed at airports and in public buildings to identify concealed weapons or other items.
Alarm systems are designed to detect intrusion into a building or home. Alarms systems include motion sensors, video surveillance, and lighting.
A palmprint scanner is a contactless-type of camera-based scanner that uses visible and infrared light to record and validate the unique pattern of veins and other features in a person’s hand. Unlike facial recognition, the user must make an intentional gesture to authenticate.
An IT specialist removes malware from a computer system and then re-enables System Restore. Then a new restore point is created, all security-critical services and settings are validated, and the DNS configuration is verified. However, when the specialist runs a final antivirus scan, it detects malware. Considering all the steps taken, which would explain why there was still malware on the system?
THE CORRECT ANSWER
C&C network connection was detected.
The IT specialist did not inspect the firewall configuration and therefore failed to find the changes that allowed a command and control (C&C) network to establish a connection.
Domain Name System (DNS) spoofing is when an attacker directs a victim away from a legitimate site and towards a fake site.
Port forwarding is the process in which a router takes requests from the internet for a particular application and sends them to a designated host on the LAN.
Cross-site scripting (XSS) is when a malicious script is hosted on the attacker’s site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser’s security model of trusted zones.
If an individual is creating an account and unable to think of a strong key code word, the browser can suggest strong keycodes to use. What is this called?
YOU WERE CORRECT
Password manager
Password managers suggest a strong password at each new account sign-up or credential reset and autofill this value when the user needs to authenticate to the site.
Browser sign-in allows the user to synchronize settings between instances of the browser software on different devices.
Secure connection validates the host’s identity running a site and encrypts communications to protect against snooping.
Ad blockers use more sophisticated techniques to prevent displaying anything that does not seem to be part of the site’s main content or functionality. Many sites detect ad blockers and do not display any content while enabling filtering.
A manager for a large corporation is in charge of client machines and is currently undergoing a lifecycle hardware refresh. They want to optimize the machines to be powerful enough to run applications. The manager also wants to be sure that they are not underpowered either. What can the manager use to determine CPU optimization?
THE CORRECT ANSWER
Privileged time
If privileged time is much higher than user time, the central processing unit (CPU) is likely underpowered (it can barely run Windows core processes efficiently).
If overall processor time is very high (over 85% for sustained periods), it can be helpful to compare these. Privileged time represents system processes, whereas user time is software applications.
If the disk queue length increases and disk time is high, then the manager has a disk problem.
Pages per second are the number of pages read from or written to disk to resolve hard page faults, which means memory moves processes to the page file.
A security engineer researches how to make backup and antivirus apps available to their iOS mobile devices. Where should the apps be pushed?
THE CORRECT ANSWER
Business Manager
A supervised macOS can be restricted in terms of app installation and uninstallation policies. Corporate apps can be pushed to devices via the Business Manager portal.
By default, macOS will only allow apps to be installed if downloaded from the Mac App Store. To allow the installation of download apps, go to System Preferences > Security & Privacy.
The Finder is the macOS equivalent of File Explorer in Windows. It lets the user navigate all the files and folders on a Mac.
iCloud is Apple’s online storage solution for its users. It provides a central, shared location for mail, contacts, calendar, photos, notes, reminders, and more across macOS and iOS devices.
An administrator is backup chaining a database with the type of backup that utilizes a moderate time and storage requirement. What type of backup is this?
THE CORRECT ANSWER
Full with differential
Full with differential means that the chain starts with a full backup and then runs differential jobs that select new files and files modified since the original full job.
Full with incremental means that the chain starts with a full backup and then runs incremental jobs that select only new files and files modified since the previous job.
Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.
Retention is the period that any given backup job is kept for. Short-term retention is important for version control and for recovering from malware infection.
An IT manager, who is in charge of the client image, considers enabling a data at rest solution. Where can the manager go to enable the built-in Microsoft solution?
THE CORRECT ANSWER
System Settings
The System Settings page in the Settings app presents options for configuring input and output devices, power, remote desktop, notifications, and clipboard (data copying). BitLocker disk encryption is here.
The Devices and Printers applet in the Control Panel provides an interface for adding devices manually and shortcuts to the configuration pages for connected devices.
The Programs and Features Control Panel applet is the legacy software management interface. Users can use it to install and modify desktop applications and Windows Features.
Network and Sharing Center is a Control Panel applet that shows status information.
A user notices that their device has a leaking component and needs to take careful measures to minimize any risk and discard the approved component at the proper waste facility. Which of the following disposal is this?
THE CORRECT ANSWER
Battery
Batteries must be disposed of through an approved waste facility. Swollen or leaking batteries from devices must be handled carefully and stored within appropriate containers. Gloves and safety goggles may minimize the risk of burns from the corrosive material.
Recycling used toner cartridges is offered at most vendors. The products in toner powder are not classified as hazardous to health.
Device disposal can be donated, and if it can not be reused, it must be disposed of through the approved waste facility.
An electrical device has a fuse appropriate to its maximum current. If the current increases past the fuse capacity, the fuse will blow. However, if the fuse fitted is rated too low, the fuse will blow too easily.
A security awareness trainer spends a good portion of the training class talking about phishing, given its popularity as an attack vector. Phishing campaigns are getting more sophisticated, so the trainer is helping the class learn how to identify a phishing email. Which of the following is an indicator of phishing? (Select all that apply.)
Inconsistent sender and reply to addresses
Urgency
Disguised links
Many phishing emails have a sense of urgency so that the recipient will act now or else it will be too late. In business, this could be an email that appears to be from the boss, who needs something right away.
The email sender’s address (the FROM address) should be consistent with the REPLY-TO address.
Links in phishing emails can be disguised. For example, a link that appears to be www.microsoft.com, reveals a very different URL, such as www.maliciouslink.com, when the cursor hovers over the link.
An email with no signature is not an indicator of phishing.
A server administrator was called in to help a VIP whose computer was accidentally infected with a virus. The administrator wants to revert the computer but still preserve user personalization settings. What should the administrator use?
YOU WERE CORRECT
Refresh
Windows supports refresh and reset options to try to repair the installation. Using refresh recopies the system files and reverts most system settings to the default but can preserve user personalization settings, data files, and more.
Using the full reset option deletes the existing OS plus apps, settings, and data ready for the OS to be reinstalled.
A factory recovery partition is a tool used by the original equipment manufacturers (OEMs) to restore the OS environment to its ship state. The recovery partition is created on the internal fixed drive.
The OS setup media might not contain drivers for certain hardware devices, but this could be part of an unattended file.
A user implements a method that requires a one-time code within a given time frame to get access to their email account. What is this method?
YOU WERE CORRECT
Soft token
A soft token is a piece of a two-factor security token that generates a single-use login PIN to authorize computer services.
Hard tokens require the user to physically possess their authentication device to gain access to a specific network. The hard token is first registered with the service or network. When the user needs to authenticate, they connect the token and authorize it via a password, PIN, fingerprint reader, or voice recognition.
Short message service (SMS) is a text messaging service between mobile phones. The short messaging service allows up to 160 characters between phones.
A phone call can be used as a second factor authentication, but typically is insecure.
Which of the following backup procedures state that users should have three copies of their data across two media types, with one copy held off-line and off-site?
YOU WERE CORRECT
3-2-1 backup rule
3-2-1 backup rule is a best-practice maxim that users can apply to their backup procedures to verify that they are implementing a solution to mitigate the widest possible range of disaster scenarios.
Grandfather-father-son (GFS) is a backup rotation scheme that uses son tapes to store the most recent data and have the shortest retention period. Grandfather tapes are the oldest and have the longest retention period.
Frequency is the period between backup jobs. If the edits are much more difficult to reconstruct, the backup frequency might need to be measured in hours, minutes, or seconds.
The synthetic full backup is not generated directly from the original data but instead assembled from other backup jobs.
A user just installed a new application on their workstation, but the application has issues even starting up. The user has been working on the machine regularly up to this point without any prior issues. Which of the following is most likely the issue?
THE CORRECT ANSWER
Firewall
In this scenario, one place to troubleshoot is the host-based firewall. Select “Allow an app through the firewall” to allow or block programs (configure exceptions) from the Windows Firewall status page.
While proxy settings could be an issue, if the user is working fine beforehand, proxy settings are not likely to be an issue.
If the user has been using the machine without any previous problems it is unlikely that the domain name system (DNS) is the issue.
The Personalization settings allow the users to select and customize themes, which set the appearance of the desktop environment.
A client uses this software that allows access to a given computer. What is this software?
THE CORRECT ANSWER
Screen-sharing
Screen-sharing is software that is designed to work over HTTPS across the internet. This is secure because the connection is encrypted but also easier to implement as it does not require special firewall rules.
Some web-conferencing and videoconferencing software, like Microsoft Teams and Zoom, provides a screen-sharing client that participants may control.
With file transfer, users can choose a file-sharing protocol that can be used across all connected hosts. It allows configuring permissions on the share and provisioning user accounts that are recognized by both the server and client.
Desktop management suites are designed for deployment by a single organization and focus primarily on access control and authorization.
A marketing professional normally sends large files to other team members. The IT department recommended using a shared drive and assisted them in setting it up. The project was a very high priority, so the professional collaborated with several members but started receiving reports that some users could not access it sometimes and others could. They eventually figured out that only 20 people at a time seemed to be able to access it. What is causing the issue?
THE CORRECT ANSWER
The share was created on a Windows desktop.
The Share tab in the folder’s Properties dialog can customize permissions, change the share name, and limit the number of simultaneous connections. Windows desktop versions are limited to 20 inbound connections.
If more than 20 users access the share, the data should be stored on file servers rather than local client computers.
The proxy settings will not affect users’ ability to access the file share in this scenario. It could cause issues accessing the internet, however.
If the domain name system (DNS) were causing an issue, the users would not be limited to 20 people. It is possible that load-balanced DNS servers could cause issues if one is incorrect.
A Linux server administrator notices a service they do not recognize, although the environment is quite big. They look at the help file for the ksh process, but the documentation seems poor. It does seem to indicate that it provides interactivity, however. What type of program is this?
THE CORRECT ANSWER
Terminal
The shell provides a command environment by which a user can operate the OS and applications. Many shell programs are available with Linux, notably Bash, zsh, and ksh (Korn shell).
Products such as Clam AntiVirus (ClamAV) and the Snort Intrusion Prevention System (IPS) can be used to block varied malware threats and attempts to counteract security systems.
apt-get is a command interface for the Advanced Packaging Tool (APT). APT is used by Debian distributions and works with .deb format packages.
Linux does not have an “official” backup tool. There are plenty of commercial and open-source backup products for Linux, however. Some examples include Amanda, Bacula, Fwbackups, and Rsync.
A security analyst notices a critical incident that has a widespread effect on customers that can eventually involve a potential data breach. The analyst creates a ticket with the vendor and sets the importance in order to trigger a faster response time. What describes what attribute of the ticket the analyst set?
THE CORRECT ANSWER
Severity levels
The severity level is a way of classifying tickets into priority order. Severity levels are not over-complex. There are three severity levels based on impact: critical incidents, major incidents, and minor incidents.
Categories and subcategories group related tickets together, useful for assigning tickets to the relevant support section or technician and for reporting and analysis.
Escalation levels occur when an agent cannot resolve the ticket. The support team can be organized into tiers to clarify escalation levels.
Problem resolution sets out the plan of action and documents the successful implementation and testing of the plan and full system functionality.
A threat actor uses a technique that instills statements through an unfiltered user response. What is this technique?
YOU WERE CORRECT
SQL injection
SQL injection attack is when the attacker modifies one or more of the basic functions by adding code to some input accepted by the app, causing it to execute the attacker’s own set of SQL queries or parameters.
Cross-site scripting (XSS) attack exploits the fact that the browser is likely to trust scripts that appear to come from a site the user has chosen to visit.
A dictionary attack is when the software matches the hash to those produced by ordinary words found in a dictionary.
A brute force attack is when the software tries to match the hash against one of every possible combination it could be.
A company uses a method that restricts its employees from messing with their computer settings. What is this method called?
THE CORRECT ANSWER
BIOS
Basic input/output (BIOS) password is a piece of authentication information that may sometimes require logging into a computer’s basic input/output system (BIOS) before the machine can boot up.
Expiration requirement means that the user must change the password after a set period.
Secure personal identifiable information (PII) and passwords are when paper copies of personal and confidential data must not leave where they could be read or stolen. This type of information should not be entered into unprotected plain text files, word processing documents, or spreadsheets.
Disabling guest accounts allow unauthorized access to the computer and may provide some network access. It is only enabled to facilitate password-less file sharing in a Windows workgroup.
A user wants to share their printer with other teams, but not all teams use the same operating system. What can the user do to configure functionality with the other teams?
THE CORRECT ANSWER
Additional drivers
Use the additional drivers’ button to make drivers available for different client operating systems. For example, if the print server is Windows 10 64-bit, it can make 32-bit Windows 7 drivers available.
Configuring the proxy settings will not help with printer functionality. The settings for proxy information can be found in internet options.
A mapped drive is a share that has been assigned to a drive letter on a client device. To map a share as a drive, right-click it and select Map Network Drive.
A file server would not help with printer functionality, although a printer server could assist with this endeavor.
The operating system update on a user’s phone fails. The user verifies the phone’s connection to a wall outlet that leads to the office Wi-Fi. Which of the following could be responsible for the update failure?
THE CORRECT ANSWER
Metered network
Updates may be blocked if a device is connected to a metered network. Additionally, if the operating system update is incompatible with the device model, it may cause the update to fail.
Remote Authentication Dial-in User Service (RADIUS) is a protocol used to manage remote and wireless authentication infrastructures.
Near-field communication (NFC) is mostly used for contactless payment readers, security ID tags, and shop shelf-edge labels for stock control.
A wireless local area network (WLAN) uses radios and antennas for data transmission and reception. Most WLANs are based on the IEEE 802.11 series of standards, better known as Wi-Fi. Since the user verified that the phone was connected to Wi-Fi, WLAN would not be an issue.
A server administrator wants to run the latest technologies. What technology should the administrator start using which will replace the New Technology File System (NTFS)?
THE CORRECT ANSWER
ReFS
Resilient File System (ReFS) is being developed to replace NTFS. ReFS is only available for Pro for Workstations and Enterprise editions and cannot currently be used for the boot volume.
Most Linux distributions use some version of the extended (ext) file system to format partitions on mass storage devices. ext3 is a 64-bit file system with journaling support.
Where Windows uses NTFS and Linux typically uses ext3 or ext4, Apple Mac workstations and laptops use the proprietary Apple File System (APFS).
exFAT is a 64-bit version of FAT designed for use with removable hard drives and flash media.
Which of the following will block untrusted application sources from running?
THE CORRECT ANSWER
Anti-malware
