Practice Test #1 Questions Flashcards
Jason’s company issued him an old 2018 laptop with an internal hardware security key that he uses to connect to his office network over a VPN while traveling. Without this laptop, Jason cannot access his company’s internal servers, email, or share drive files. The Windows 10 laptop is extremely slow, and the screen recently cracked and needs to be replaced. When Jason returns to the company’s headquarters, the company will provide him with a new laptop due to the broken screen. Until then, he is working out of his hotel room during a 45-day business trip and needs to continue using this laptop. Jason brings the laptop to the computer store you work at and asks for your assistance. Which of the following do you recommend?
a) Replace the display and charge him for the parts/installation
b) Sell him an external 15” tablet/monitor to connect to the laptop as a workaround
c) Replace the display and contact the manufacturer for reimbursement
d) Purchase a new laptop as the cost to repair might be more than a new laptop
b) Sell him an external 15” tablet/monitor to connect to the laptop as a workaround
In this scenario, you should recommend that he purchase an external 15” tablet/monitor to connect to the laptop as a workaround until he can return to the company’s headquarters. Since the laptop has an internal hardware key, if he replaces it with a new laptop then it will not connect to the corporate network over the VPN. The laptop is outside of the warranty period, making the recommendation of replacing the display and being reimbursed by the manufacturer incorrect.
While you could replace the display and charge him for the parts/installation, this would likely be more expensive than simply buying an external tablet/monitor as a workaround. A laptop replacement display usually costs between $300-500, whereas an external tablet/monitor costs between $100-150. The cheapest and quickest option provided would be to purchase an external monitor to use in his hotel until he gets back to the office.
You are working on upgrading the memory of a laptop. After removing the old memory chips from the laptop, where should you safely store them until you are ready to reuse them in another laptop?
a) Ziplock bags
b) Antistatic bag
c) Cardboard box
d) Manila envelopes
b) Antistatic bag
To properly handle and store sensitive components, like a memory chip, you should use an ESD strap and place the components in an antistatic bag. An antistatic bag is a bag used for storing electronic components, which are prone to damage caused by electrostatic discharge (ESD) These bags are usually plastic polyethylene terephthalate (PET) and have a distinctive color (silvery for metalized film, pink or black for polyethylene).
You are working as a penetration tester and have discovered a new method of exploiting a vulnerability within the Windows 10 operating system. You conduct some research online and discover that a security patch against this particular vulnerability doesn’t exist yet. Which type of threat would this BEST be categorized as?
a) Spoofing
b) Brute force
c) Zero-day
d) DDOS
c) Zero-day
A zero-day attack happens once that flaw, or software/hardware vulnerability, is exploited, and attackers release malware before a developer has an opportunity to create a patch to fix the vulnerability, hence the term zero-day.
A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
A brute-force attack consists of an attacker systematically trying all possible password and passphrase combinations until the correct one is found.
Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source.
Dion Training is building a new computer for its video editor to use. The new computer will use an octa-core Intel processor, 3 TB of DDR4 memory, and a RAID 0 with two 4 TB SSDs for optimal performance. Which of the following editions of Windows 10 would support all of this computer’s memory properly?
a) Enterprise
b) Pro
c) Home
d) Educational
a) Enterprise
*Microsoft Windows 10 Enterprise supports up to 6TB of RAM while Windows 10 Pro supports up to 2TB of RAM. Microsoft Windows 10 Enterprise and Windows 10 Pro for Workstations are designed to run on devices with high-performance configurations.
Windows 10 Enterprise and Windows 10 Pro for Workstations both support up to four physical CPUs. Windows 10 Pro and Windows 10 Education both only support two physical CPUs and 2 TB of RAM. Windows 10 Home only supports one physical CPU and up to 128 GB of RAM.*
A home user brought their Windows 10 laptop to the electronics store where you work. They claim their computer has become infected with malware. You begin troubleshooting the issue by first pressing the power button, and the laptop loads properly without any issues. When you open Microsoft Edge, you notice that multiple pop-ups appear almost immediately. Which of the following actions should you take NEXT?
a) Clear the browser’s cookies and history, enable the pop-up blocker, and scan the system for malware
b) Quarantine the machine and report it as infected to your company’s cybersecurity department for investigation
c) Document the pop-ups displayed and take a screenshot
d) Reinstall or reimage the operating system
a) Clear the browser’s cookies and history, enable the pop-up blocker, and scan the system for malware
Malware often targets the web browser. Malware such as adware and spyware is designed with commercial or criminal intent rather than to vandalize the computer system. Common infection symptoms of spyware or adware are pop-ups or additional toolbars, the home page or search provider changing suddenly, searches returning results that are different to other computers, slow performance, and excessive crashing. Viruses and Trojans may spawn pop-ups without the user opening the browser. Since this is a home user’s laptop, you should remediate the issue and return the system to them. Since this is not a system owned by your company, there is no reason to report it to your company’s cybersecurity department.
You are troubleshooting a Windows 10 laptop that is infected with malware. You have already identified the type of malware on the laptop. What should you do NEXT? (Select THREE)
a) Enable System Restore in Windows
b) Disconnect the laptop from the network
c) Educate the end user
d) Schedule scans and run system updates
e) Disable System Restore in Windows
f) Update the anti-malware software
b) Disconnect the laptop from the network
e) Disable System Restore in Windows
f) Update the anti-malware software
b) is Quarantine
A new corporate policy dictates that all access to network resources will be controlled based on the user’s job functions and tasks within the organization. For example, only people working in Human Resources can access employee records, and only the people working in finance can access customer payment histories. Which of the following security concepts is BEST described by this new policy?
a) Blocklists
b) Directory permissions
c) Least privilege
d) Permission creep
c) Least privilege
Least privilege is the concept and practice of restricting access rights for users, accounts, and computing processes to only those resources absolutely required to perform routine, legitimate activities. Privilege itself refers to the authorization to bypass certain security restraints.
Permissions Creep, also known as privilege creep, is what happens when an employee moves between roles in an organization and keeps the access or permissions of the previous role.
Directory permissions are used to determine which users can access, read, write, and delete files or directories within a given directory.
A blocklist is a list of IP addresses, ports, or applications that are not allowed to be run or used on a given system.
What is the minimum processor required to install Windows 10 (x86) on a device?
a) 2 GHz single-core processor
b) 1 GHz dual-core processor
c) 2 GHz dual-core processor
d) 1 GHz single-core processor
d) 1 GHz single-core processor
*For the Windows 10 (32-bit) operating system, the minimum requirements are a 1 GHz processor, 1 GB of RAM, and at least 32 GB of hard drive space.
For the Windows 10 (64-bit) operating system, the minimum requirements are a 1 GHz processor, 2 GB of RAM, and at least 32 GB of hard drive space.
For the Windows 11 (64-bit) operating system, the minimum requirements are a dual-core 1 GHz processor, 4 GB of RAM, and at least 64 GB of hard drive space.*
A network administrator has set up a firewall and set up only three allow rules so that traffic can be sent over ports 21, 110, and 25. Next, they added a final rule of “deny any any” to the end of the ACL to minimize the attack surface and better secure the network. Unfortunately, now the administrator is receiving complaints from users that they cannot access any web pages using their URLs, such as DionTraining.com. Which of the following should the administrator do to correct this issue?
a) Add a rule to the ACL to allow traffic on ports 110 and 389
b) Add a rule to the ACL to allow traffic on ports 143 and 22
c) Add a rule to the ACL to allow traffic on ports 139 and 445
d) Add a rule to the ACL to allow traffic on ports 80 and 53
d) Add a rule to the ACL to allow traffic on ports 80 and 53
Port 80 is used for HTTP traffic (web traffic)
Port 53 is used for DNS queries (to resolve domain names like DionTraining.com to IP addresses)
Why not the others?
The ports in options a), b), and c) are related to email (POP3, IMAP), remote administration (SSH), and file sharing (SMB, NetBIOS). They do not address web browsing or DNS issues.
Which of the following Control Panel sections would allow a technician to add or remove an external scanner from a Windows 10 computer?
a) Devices and Printers
b) System
c) Programs and Features
d) Device Manager
a) Devices and Printers
The Devices and Printers section of the Control Panel allows a technician to manage and add printers, scanners, and other external devices to connect to a Windows computer.
The Device Manager is used to view and control the hardware that is attached to the computer. The device manager will highlight a piece of hardware that is not working so that a technician can repair or replace it.
A cybersecurity analyst notices that an attacker is trying to crack the WPS pin associated with a wireless printer. The device logs show that the attacker tried 00000000, 00000001, 00000002 and continued to increment by 1 number each time until they found the correct PIN of 13252342. Which of the following type of password cracking was being performed by the attacker?
a) Brute-force
b) Rainbow table
c) Dictionary
d) Hybrid
a) Brute-force
A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly. In a traditional brute-force attack, the passcode or password is incrementally increased by one letter/number each time until the right passcode/password is found.
A dictionary attack is a technique for defeating a cipher or authentication mechanism by trying to determine its decryption key or passphrase by trying hundreds or sometimes millions of likely possibilities, such as words in a dictionary.
A rainbow table is a precomputed list of possible hashes used when trying to speed up the process of password cracking.
A hybrid password cracking attack combines the use of a brute-force attack with a dictionary attack by using words from the dictionary’s list as the basis for the brute-force attack. For example, if the diction had the word Jason in it, the hybrid attack might try Jason123, Jason!@#, and J@$0n as possible combinations based on the word Jason.
What does the command “shutdown /h” do on a Windows workstation?
a) Log off the workstation
b) Enter hibernation mode
c) Shutdown the workstation
d) Reboot the workstation
b) Enter hibernation mode
The shutdown command allows a user or administrator to shut down or restart local or remote computers, one at a time.
Using the /r option will reboot the computer.
Using the /s option will shut down the computer.
Using the /l option will log off the current user.
Using the /h option will enter sleep or hibernation mode.
What umask should be set for a directory to have 700 as its octal permissions?
a) rwx——
b) rwxrwxrwx
c) r–r–r–
d) rwx—rwx
a) rwx——
RWX is 7 and — is 0.
In Linux, you can convert letter permissions to octal.
R = 4 | R is for read-only
W = 2 | W is for write
X = 1 | X is for execute
— = 0
The permissions strings are written to represent the owner’s permissions, the group’s permissions, and the other user’s permissions.
You have just installed a new photo-sharing social media app on your smartphone. When you try to take a photo with the app, you hear the picture-taking sound. Unfortunately, when you check the app and your photo album, you cannot find any new pictures. Which of the following actions should you take to fix this issue?
a) Perform a firmware update
b) Update all the smartphone’s apps
c) Verify the app has the correct permissions
d) Uninstall and reinstall the app
c) Verify the app has the correct permissions
Each app has to have the proper permissions to use the smartphone’s various components, such as the microphone, camera, and storage. If the app has the correct permissions for the camera but not the storage, it will not store the photos being taken. This issue can be quickly corrected by checking the permissions under the app’s settings and the smartphone’s settings.
Dion Training wants to implement a new wireless network in their offices. Which of the following types would support encryption for traffic being sent and received over the network while still allowing users to connect to the open network without a password, passphrase, or digital certificate?
a) WEP
b) WPA
c) WPA2
d) WPA3
d) WPA3
One of the features of WPA3 (WIFI6) is enhanced open. Enhanced Open enables encryption for traffic being sent and received over a wireless network when still using open authentication. WEP, WPA, WPA2 do not provide encryption of traffic sent over the network unless the network is protected by a password, passphrase, or digital certificate.
Your company wants to increase the security of its server room. Which TWO of the following should they install to protect the server room’s contents?
a) Privacy window shades
b) Biometric lock
c) Bollard
d) Strong passwords
e) Badge reader
b) Biometric lock & e) Badge reader
A badge reader and biometric lock can be used on a server room door to provide multifactor authentication. Biometrics are identifying features stored as digital data that can be used to authenticate a user.
A badge reader can be used to read a security badge using RFID, a smart card, or a barcode to authenticate a user.
Cable locks are used for laptops, not servers or server rooms.
A bollard is used in the parking lot or the front of a building.
Strong passwords are used for the servers, not the server room itself.
Privacy windows shades could be used, but they are not as strong of a defense as a badge reader and biometric keypad on the door to the server room.
An employee’s inbox is now filled with unwanted emails after their email password had been compromised last week. You helped them reset their password and regain access to their account. Many of the emails are coming from different email addresses such as @yahoo.com, @gmail.com, and @hotmail.com. Which of the following actions should the user take to help reduce the amount of spam they receive?
a) Mark each email as spam or junk
b) Establish an allow list of trusted senders
c) Create a domain-based email filter
d) Click the unsubscribe button of each email
a) Mark each email as spam or junk
*At the user level, the software can redirect spam to a junk folder or similar. Email filtering is any technique used to prevent a user from being overwhelmed with spam or junk email. Spam can be blocked from reaching an organization using a mail gateway to filter messages. Anti-spam filtering needs to balance blocking illegitimate traffic with permitting legitimate messages. Anti-spam techniques can also use lists of known spam servers by establishing a blocklist. If an allow list is used, only a small number of senders could send emails to the user. The technician should not create a domain-based email filter since the spammers are using Yahoo, Gmail, and Hotmail accounts to send the spam. If a domain-based email filter is created, it will block emails from all users on those email providers and prevent legitimate emails from being received.
You have just installed a second monitor for a bookkeeper’s workstation so they can stretch their spreadsheets across both monitors. This would essentially let them use the two monitors as one combined larger monitor. Which of the following settings should you configure?
a) Refresh rate
b) Resolution
c) Color depth
d) Extended mode
d) Extended mode
The extended mode allows the Windows output to be stretched across two or more monitors as if they were a single monitor. This can be configured under the Display settings in Windows 10. Refresh rate is the measure of how fast an image can be updated on a monitor or display. If a monitor has a lower refresh rate, then blurring and ghosting can occur. Color depth defines how many unique colors can be displayed by the projected image at once. Most monitors have a default or native resolution. When you first connect a monitor to a Windows workstation, this native resolution is detected, and Windows attempts to configure itself automatically. If this creates an imbalance between the two monitors, a technician can adjust the screen’s resolution by changing it in the Display settings area of Windows 10.
You have decided that you wanted to install a second operating system on your computer. After installing the OS and rebooting the computer, you see the “Operating System Not Found” error on your display. You verify that the boot.ini file is configured properly, but the error still appears. What is MOST likely causing this error?
a) The MBR bootloader was installed accidentally
b) An unsupported version of Linux is installed
c) An incompatible partition is marked as active
d) Windows Startup services are not properly running
c) An incompatible partition is marked as active
This issue may occur if one or more of the following conditions are true:
(1) the basic input/output system (BIOS) does not detect the hard disk,
(2) the hard disk is damaged,
(3) sector 0 of the physical hard disk drive has an incorrect or malformed master boot record (MBR),
(4) an incompatible partition is marked as Active, or
(5) a partition that contains the MBR is no longer active. The only option provided in this list is that an incompatible partition is marked as active.
What type of structure is a “Do While” in scripting?
a) Constant
b) Branch
c) Loop
d) Variable
c) Loop
A loop deviates from the initial program path to some sort of logic condition. In a loop, the computer repeats the task until a condition is met. Often implemented with For, For Next, While, or Do While statements. For example, a short script like (For i=1 to 100, print I, next) would print the numbers from 1 to 100 to the screen. A branch is used to control the flow within a computer program or script, usually based on some logic condition. Often, these are implemented with IF THEN ELSE statements. A variable is a placeholder in a script containing a number, character, or string of characters. Variables in scripts do not have to be declared (unlike in programming languages) but can be assigned a value. Then, the variable name is referenced throughout the script instead of the value itself. A constant is a specific identifier that contains a value that cannot be changed within the program. For example, the value to convert a number from F to C is always 5/9 because the formula is C = (F -32) * 5/9.
You have decided to have DNA genetic testing and analysis performed to determine your exact ancestry composition and possibly find some lost relatives through their database. Which of the following types of data should this be classified?
a) CUI
b) IP
c) PII
d) PHI
d) PHI
Protected health information (PHI) refers to medical and insurance records, plus associated hospital and laboratory test results. Data collected by genetic mapping and heredity companies include the subject’s DNA, making it PHI.
Personally identifiable information (PII) is data that can be used to identify, contact, or locate an individual. Information such as social security number (SSN), name, date of birth, email address, telephone number, street address, and biometric data is considered PII.
Proprietary information or intellectual property (IP) is information created and owned by the company, typically about the products or services that they make or perform.
Controlled Unclassified Information (CUI) is federal non-classified information that must be safeguarded by implementing a uniform set of requirements and information security controls to secure sensitive government information.
Madison is trying to open up her anti-malware solution to run a full system scan because she suspects her computer has become infected. When she attempts to run the tool, an error of “Access denied” is received. What security issue is MOST likely occurring?
a) Rogue anti-virus
b) Renamed system files
c) File permission change
d) Disappearing files
c) File permission change
If the user receives an “access denied” error message, it indicates that the file permissions have been changed. If the system files were renamed or the files disappeared, an error of “file not found” would be seen instead. Rogue antivirus is a particularly popular way to disguise a Trojan. In the early versions of this attack, a website would display a pop-up disguised as a normal Windows dialog box with a fake security alert, warning the user that viruses have been detected. As browsers and security software have moved to block this vector, cold calling vulnerable users claiming to represent Microsoft support has become a popular attack.
An attacker is using a word list that contains 1 million possible passwords as they attempt to crack your Windows password. What type of password attack is this?
a) Hybrid
b) Brute-force
c) Rainbow table
d) Dictionary
d) Dictionary
A dictionary attack uses a list of common passwords to crack a user’s password. These lists do not have just dictionary words, though. For example, the word Dr@g0nBr3@+h (dragon breath) may be one such word but rewritten by substituting symbols or numbers for various letters. The dictionary file might have words like DRAGON, dragon, Dr@g0n, and many other forms. Most dictionary files contain millions of entries, and the password cracking tries each one until a match is found.
A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly.
A hybrid attack combines a dictionary list with the ability to add brute-force combinations to crack a password that is slightly different than the dictionary list entry.
A rainbow table is a tool for speeding up attacks against Windows passwords by precomputing possible hashes. A rainbow table is used to authenticate users by comparing the hash value of the entered password against the one stored in the rainbow table. Using a rainbow table makes password cracking a lot faster and easier for an attacker.
Which of the following types of backups only copies data modified since the last full backup?
a) Synthetic
b) Full
c) Incremental
d) Differential
d) Differential
A differential backup only creates a copy of the selected data that has been modified since the last full backup. It is a good compromise in speed between a full backup (which takes the longest to backup and the least to restore) and an incremental backup (which takes the least to backup and the longest to restore).
An incremental backup only creates a copy of new files and files modified since the last full, incremental, or differential backup. Therefore, it takes the least amount of time to complete a backup. Unfortunately, it also takes the most time to restore since you have to first restore the full backup, then any differential and incremental backups until all your data is restored.
A full backup creates a copy of all the selected data regardless of when it was previously backed up. It takes the most time to complete a backup but is the fastest when conducting a restoral of all the data on a hard drive. Synthetic backup is the process of generating a file from a complete copy of a file created at some past time and one or more incremental copies created at later times. The expression synthetic in this context refers to the fact that the assembled file is not a direct copy of any single current or previously created file. Instead, a synthetic file is merged or synthesized by a specialized application program from the original file and one or more modifications to it.
