A+ Part 2 Flashcards
Windows’ 64-bit shared system files (DLLs and EXEs) are stored in %SystemRoot%\____
System32
DLL/system Files for the 32-bit versions are stored in %SystemRoot%\
syswow64
A support operator helps a user who is complaining about latency and sluggish performance. Which of the following will be the least helpful in troubleshooting?
- Perform a system file check (SFC)
- Use Task Manager.
- Reboot.
- Run fewer programs.
In modern systems, checking file integrity will not improve sluggish performance. In most instances, it will have no effect.
A student considers upgrading but has many custom drivers and hardware in their Windows-driven rig. Where can the student look for a catalog of tested devices and drivers for this platform?
- HCL
- PXE
- NIST
- SED
Microsoft maintains a Windows Logo’d Product List (LPL) catalog, also called the Hardware Compatibility List (HCL). This is a catalog of tested devices and drivers. If a device has not passed Windows logo testing, users should check the device vendor’s website to confirm whether there is a driver available.
A user brings in a laptop that does not boot. Based on the user’s description, the assistant suggests running chkdsk. How can the user do this?
- System Restore
- WinRE
- UEFI
- BCD
Drop into the Windows Recovery Environment (WinRE) command prompt, where the user could run commands such as diskpart, sfc, chkdsk, bootrec, bcdedit, or regedit to try to repair the installation manually.
A curious IT professional investigates the hidden System Reserved partition. What will the professional find contained in the partition?
- RMM
- MSDS
- NLA
- BCD
*
The BOOTMGR and the boot configuration data (BCD) file are normally installed to a hidden System Reserved partition.
A penetration tester looks to harvest credentials from users who log in locally. Where should the penetration tester look for users who authenticated locally?
SAM
Kerberos
VPN
Web portal
In a Windows local sign-in, the Local Security Authority (LSA) compares the submitted credential to the one stored in the Security Accounts Manager (SAM) database, which is part of the registry. This is also referred to as interactive logon.
In a Windows network sign-in, the LSA can pass the credentials for authentication to a network service. The preferred system for network authentication is based on a system called Kerberos.
In a remote sign-in, if the user’s device is not connected to the local network, authentication can take place over some type of virtual private network (VPN).
A pen tester would need access to the web server to access credentials stored to access a web portal.
A PC user is looking at the wireless card adapter properties on their Windows computer. Which of the following is the most important setting to verify in order to ensure the PC is capable of connecting to an existing network?
- Power transmission
- SSID
- Automatic connection
- Protocol support
Protocol support
A server administrator wants to connect to a user’s computer. They are trying to get their patching numbers up and discover that users must pull the updates, so the administrator wants to push a script that forces the pull. The administrator wants to copy the file to users’ automatically hidden shares. Which of the following could the administrator use? (Select all that apply.)
- C:\Windows$
- C$
- C:\Users$
- ADMIN$
ADMIN$
C$
Where would you look for the option to view and configure wireless adapter status in macOS?
In the Status menu on the Menu bar, in the top-right of the screen, or in the Network prefpane.
What is the name of Apple’s backup software for macOS?
Time machine
A user finds a .app directory in their Downloads folder on their Mac. What is this most likely indicative of?
- The package contents were copied.
- The app setup needs to perform additional actions.
- The application is being sideloaded.
- The app has been installed.
The app has been installed.
A _ is a short representation of data. A _ function takes any amount of data as input and produces a fixed-length value as output.
hash
What type of cryptographic key is delivered in a digital certificate?
A digital certificate is a wrapper for a subject’s public key. The public and private keys in an asymmetric cipher are paired. If one key is used to encrypt a message, only the other key can then decrypt it.
What two factors must a user present to authenticate to a wireless network secured using EAP-TLS?
- A digital certificate and its associated private key are installed on the wireless station.
- Device authentication, typically via a password, PIN, or biometric gesture, permits access to the private key.
A network professional sets up the ability to authenticate over Extensible Authentication Protocol over Wireless (EAPoW). Which of the following will the professional need to configure?
- TACACS+
- WPA3
- Active directory
- MFA
Extensible Authentication Protocol over Wireless (EAPoW) is a protocol used for wireless network authentication. It allows for a variety of authentication methods to be used over wireless networks. When implementing EAPoW, the network professional will need to configure an authentication server that supports EAP methods, and this is often done using Active Directory (AD). Active Directory is a directory service developed by Microsoft that provides centralized authentication, authorization, and directory services. It’s commonly used for user authentication in enterprise environments, and it can be integrated with various EAP methods to provide secure and centralized authentication for wireless networks.
A server administrator discovers that a server service account for a File Transfer Protocol (FTP) server was compromised. Which of the following exploits or vulnerabilities did the malicious actor use?
- XSS
- SQL injection
- Plaintext
- DoS
Plaintext
A plaintext password can be captured by obtaining a password file or by sniffing unencrypted traffic on the network.
A server administrator for a corporation with an enterprise network was tasked with setting up a website hosted on-premise. How should the administrator set it up?
- Content filtering
- UPnP
- Port forward
- Screened subnet
A screened subnet can also be referred to by the deprecated terminology demilitarized zone (DMZ). The idea of a screened subnet is that some hosts are placed in a separate network segment with a different IP subnet address range than the rest of the LAN.
A network administrator is setting up administrative access to network devices. What common solution is used for this?
- Kerberos
- TACACS+
- RADIUS
- EAP
Where Remote Authentication Dial-in User Service (RADIUS) is often used to authenticate connections by wireless and VPN users, TACACS+ is often used in authenticating administrative access to routers, switches, and access points.
A network manager for a growing coffee company sets up wireless access points at cafe locations for users. The manager wants to set up access to allow anyone in the vicinity to join without a password but also make it as secure as possible. Which standard introduced this ability?
- WPA3
- WPA2
- WPA
- WEP
In WPA2, Wi-Fi Enhanced Open traffic is unencrypted. WPA3 encrypts this traffic. This means that any station can still join the network, but traffic is protected against sniffing.
A jewelry chain has just discovered how to make a new form of jewels that has never been created before. They want to set up some sort of alarm if the jewels are taken out of their designated area. What type of alarm should the jewelry chain set up specific to the jewels?
- Motion sensors
- Circuit
- RFID
- Duress
Radio frequency ID (RFID) tags and readers can be used to track the movement of tagged objects within an area. This can form the basis of an alarm system to detect whether someone is trying to remove equipment.
A security manager at a top-secret facility assesses the feasibility of integrating biometric authentication but has heard that it is often not accurate. Which of the following is the most accurate form of biometrics?
- Retina scanner
- Palmprint scanning
- Fingerprint readers
- Badge reader
Retinal scanning is one of the most accurate forms of biometrics. Retinal patterns are very secure, but the equipment required is expensive and the process is relatively intrusive and complex.
You are completing a checklist of security features for workstation deployments. Following the CompTIA A+ objectives, what additional item should you add to the following list, and what recommendation for a built-in Windows feature or features can you recommend be used to implement it?
- Password best practices
- End-user best practices
- Account management
- Change default administrator’s user account/password
- Disable AutoRun/AutoPlay
- Enable Windows Update, Windows Defender Antivirus, and Windows Defender Firewall
Data-at-rest encryption. In Windows, this can be configured at file level via the Encrypting File System (EFS) or at disk level via BitLocker.
A security consultant has recommended blocking end-user access to the chrome://flags browser page. Does this prevent a user from changing any browser settings?
No. The chrome://flags page is for advanced configuration settings. General user, security, and privacy settings are configured via chrome://settings.
