Practice Test #2 Questions Flashcards
A network administrator needs to allow employees to upload files to a remote server securely. What port must be allowed through the firewall?
a) 25
b) 21
c) 161
d) 22
d) 22
- To securely upload a file, the employees could use SFTP (Secure FTP) or SCP (Secure Copy). Both SFTP and SCP operate over port 22, therefore port 22 must be opened by the firewall so that the employees can reach the file servers. Port 21 is used by the File Transfer Protocol, but it is not a secure method of sending files. There is a more secure version of FTP known as FTPS, but that uses port 990. Port 25 is reserved for the simple mail transfer protocol (SMTP), which is an internet standard communication protocol for electronic mail transmission. Port 161 is reserved for simple network management protocol (SNMP), which is a networking protocol used for the management and monitoring of network-connected devices in Internet Protocol networks.*
Which of the following policies or plans would describe the access requirements for connecting a user’s laptop to the corporate network?
a) Remote access policy
b) Password policy
c) Onboarding policy
d) BYOD policy
d) BYOD policy
A bring your own device (BYOD) policy allows, and sometimes encourages, employees to access enterprise networks and systems using personal mobile devices such as smartphones, tablets, and laptops.
A remote access policy is a document that outlines and defines acceptable methods of remotely connecting to the internal network.
A password policy is a set of rules created to improve computer security by motivating users to create dependable, secure passwords and then store and utilize them properly. This document promotes strong passwords by specifying a minimum password length, complexity requirements, requiring periodic password changes, and placing limits on the reuse of passwords.
An onboarding policy is a documented policy that describes all the requirements for integrating a new employee into the company and its cultures, as well as getting that new hire all the tools and information they need to begin their job successfully.
A user is having an issue with an application on their Android device. Whenever the user attempts to launch the application, the app fails and generates an error message. When asked, other users say they are not having the same issue. Which of the following should the technician attempt FIRST to solve this issue?
a) Rollback the application to the previous version
b) Update the operating system of the smartphones
c) Reinstall the malfunctioning application
d) Clear the local application cache
d) Clear the local application cache
To solve an issue with a mobile application, you should normally attempt the following steps. First, clear the application cache since this locally stored information can become glitchy and cause an app to crash. If you have two of the same smartphones having the same issue, it is unlikely to be the application cache causing the issue but in this case, only one user is having the issue.
In this case, the technician would then attempt to update the OS of the smartphones. Updating the operating system can minimize compatibility issues and fix crashing applications.
Third, you can try reinstalling the application if the other two options don’t work.
Which of the following types of wireless encryption uses a 40-bit encryption key with an RC4 encryption cipher?
a) WEP
b) WPA
c) WPA2
d) Open
a) WEP
The Wired Equivalent Privacy (WEP) encryption system is based on the RC4 encryption cipher. WEP uses a 40-bit encryption key and a 24-bit initialization vector by default, creating a 64-bit key. Newer versions of WEP support a 128-bit key size. A larger encryption key creates stronger encryption and is more difficult to attack. WEP is considered weak by today’s standards and should be replaced by WPA2 or strong encryption schemes. Wi-Fi protected access (WPA) is an improved encryption scheme for protecting Wi-Fi communications designed to replace WEP.
WPA uses the RC4 cipher and a temporal key integrity protocol (TKIP) to overcome the vulnerabilities in the older WEP protection scheme. Wi-Fi protected access version 2 (WPA2) replaced the original version of WPA after the completion of the 802.11i security standard.
WPA2 features an improved method of key distribution and authentication for enterprise networks, though the pre-shared key method is still available for home and small office networks. WPA2 uses the improved AES cipher with counter mode with cipher-block chaining message authentication protocol (CCMP) for encryption.
An open network does not use an encryption key or preshared key to protect the network.
What type of structure is “For Next” in scripting?
a) Branch
b) Loop
c) Constant
d) Variable
b) Loop
- In a loop, the computer repeats the task until a condition is met. Often implemented with For, For Next, While, or Do While statements*
A computer was recently infected with a piece of malware. Without any user intervention, the malware is now spreading throughout the corporate network and infecting other computers that it finds. Which type of malware MOST likely infected these computers?
a) Trojan
b) Virus
c) Ransomeware
d) Worm
d) Worm
A worm is a standalone malware computer program that replicates itself to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. A worm can spread on its own, whereas a virus needs a host program or user interaction to propagate itself.
A virus is malicious software designed to infect computer files or disks when it is activated. A virus may be programmed to carry out other malicious actions, such as deleting files or changing system settings. A trojan is a type of malware that looks legitimate but can take control of your computer.
A Trojan is designed to damage, disrupt, steal, or in general, inflict some other harmful action on your data or network. The most common form of a trojan is a Remote Access Trojan (RAT), which allows an attacker to control a workstation or steal information remotely. To operate, a trojan will create numerous processes that run in the background of the system.
Ransomware is a type of malware designed to deny access to a computer system or data until a ransom is paid. Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website. Once infected, a system or its files are encrypted, and then the decryption key is withheld from the victim unless payment is received.
Which of the following types of attacks are usually used as part of an on-path attack?
a) Spoofing
b) DDOS
c) Tailgaiting
d) Brute force
a) Spoofing
Spoofing is often used to inject the attacker into the conversation path between the two parties. Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source. An on-path attack is an attack where the attacker secretly relays and possibly alters the communications between two parties who believe they are directly communicating with each other. The attacker makes independent connections with the victims and relays messages between them to make them believe they are talking directly to each other over a private connection. The attacker will intercept all relevant messages passing between the two victims and inject new ones.
A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources.
Tailgating is a social engineering technique to gain access to a building by following someone unaware of their presence.
A brute-force attack consists of an attacker submitting many passwords or passphrases with the hope of eventually guessing correctly.
You are partitioning a 1 TB hard drive on a new workstation. The hard disk has been partitioned into four different partitions with 100 GB, 150 GB, 250 GB, and 500 GB. How many different file system types could you support on this 1 TB hard drive?
a) 2
b) 3
c) 1
d) 4
d) 4
Partitioning is the act of dividing a physical disk into logically separate storage areas, often referred to as drives. Each partition can be formatted with any file system type. Since there are 4 distinct partitions on this single hard drive, it can support up to 4 different file systems.
Which RAID solution will provide the BEST speed and redundancy for a backup and disaster recovery server?
a) RAID 0
b) RAID 1
c) RAID 5
d) RAID 10
d) RAID 10
RAID 10 (also known as RAID 1+0) combines the benefits of both RAID 1 (mirroring) and RAID 0 (striping). Redundancy: RAID 10 provides excellent redundancy because data is mirrored (RAID 1) across multiple drives. This means that if one drive fails, the system can still operate using the mirrored copy without data loss.
Speed: RAID 10 also provides high performance because data is striped across multiple drives (RAID 0), which speeds up both read and write operations by distributing data across multiple disks. This results in fast data access, which is important for backup and disaster recovery tasks.
Comparison with other RAID levels:
RAID 0: Offers the best speed because of striping but has no redundancy. If one drive fails, all data is lost, making it unsuitable for backup and disaster recovery.
RAID 1: Provides redundancy through mirroring, but it does not offer the same level of performance as RAID 10, as there’s no striping to enhance read/write speed.
RAID 5: Provides a good balance between speed, redundancy, and storage efficiency (using parity for redundancy), but it is slower than RAID 10 for both read and write operations, especially when rebuilding after a failure.
You are configuring a SOHO network and only allowing specific IP addresses to access the network while blocking any IP addresses that are not on the list. Which of the following should be implemented?
a) Port forwarding
b) MAC filtering
c) Allow list
d) Block list
c) Allow List
An allow list lets you specify which IP addresses are allowed to access the network. All other IP addresses are blocked by default. This is exactly what you need if you only want certain IP addresses to access your network.
Why not the others?
a) Port forwarding: This is used to redirect traffic from one port to another, not for controlling access by IP address.
b) MAC filtering: This controls access based on device hardware addresses, not IP addresses.
d) Block list: A block list just blocks certain IP addresses, but doesn’t restrict all others like an allow list does.
You are renting space in another company’s data center. To protect your server from being physically accessed when you are not in the building, what device should you use?
a) USB lock
b) Entry control roster
c) Smart card
d) Server lock
d) Server lock
A server lock is a physical security device designed specifically to secure a server or other hardware in place, preventing unauthorized access to the device itself. It typically involves a cable that attaches to the server’s chassis and locks it to a fixed object, such as a rack or a secure location in the data center. This protects the server from being physically tampered with or stolen when you’re not in the building.
Why not the others?
a) USB lock: A USB lock is used to physically block USB ports to prevent unauthorized devices from being connected to the server, but it doesn’t prevent physical access to the server.
b) Entry control roster: This is a list of authorized people who can enter the building or data center, but it doesn’t secure the server itself once inside.
c) Smart card: A smart card is used for authentication, typically to access systems, but it does not provide physical security for a server.
Mark’s laptop is running Windows 10 and appears to become slower and slower over time with use. You decide to check the current CPU utilization and observe that it remains in the 95% to 100% range fairly consistently. You close three of Mark’s open applications and recheck the CPU utilization. You notice the utilization dropped to the 30% to 35% range. A week later, Mark calls you again and says the computer is extremely slow. Which of the following tools can you use to check the CPU utilization and manage any high-resource processes?
a) Task Manager
b) Msconfig
c) PerfMon
d) RDS
a) Task Manager
Task Manager is for quick checks of current system performance, while Performance Monitor is for in-depth, long-term monitoring and analysis of system health and performance.
Peter is attempting to print to his office printer, but nothing comes out. Yesterday, his printer was working just fine. Peter does not notice any errors on the taskbar’s printer icon. Which of the following actions should Peter try FIRST to solve this issue?
a) Check the status of the print server queue
b) Check that the printer is not offline
c) Check to ensure the printer selected is the default printer
d) Cancel all documents and print them again
a) Check the status of the print server queue
When this issue occurs, it is often because the system properly sent the print job to the print queue, but the print queue has become stuck.
If no error is shown in the taskbar’s printer icon, the user should open the print queue to determine if the print job has become stuck. If it is, then the print queue can be emptied or reset.
A customer has requested you install an external video card into their gaming PC. Which of the following tools should you utilize to protect the video card as you carry it from the storage room to your workbench?
a) Antistatic bag
b) ESD strap
c) Latex gloves
d) Air filter mask
a) Antistatic bag
Elizabeth was replacing a client’s security device that protects their screened subnet. The client has an application that allows external users to access the application remotely. After replacing the devices, the external users cannot connect remotely to the application anymore. Which of the following devices was MOST likely misconfigured and is now causing a problem?
a) DNS
b) Firewall
c) Content filter
d) DHCP
b) Firewall
Firewalls are responsible for controlling incoming and outgoing traffic to and from a network. If the firewall is misconfigured after being replaced, it might be blocking the specific ports or protocols required for remote users to connect to the application. The firewall could have been set to block access to the external application or failed to allow necessary port forwarding or access rules for remote connections.
*Why not the others?
a) DNS: While DNS issues can prevent remote users from resolving the application’s domain name, it doesn’t typically stop users from connecting once the address is resolved. DNS issues would usually result in an error indicating the site is unreachable.
c) Content filter: Content filters control access to specific types of content (like websites or apps) but would not typically block the application’s ability to connect, especially if it’s related to network-level access.
d) DHCP: The DHCP server assigns IP addresses to devices on the network. While a misconfigured DHCP could cause internal network issues, it wouldn’t typically affect remote access to an external application unless the internal network setup was misconfigured, which doesn’t seem to be the case here.
During the reconnaissance phase of a penetration test, you have determined that your client’s employees all use Android smartphones that connect back to the corporate network over a secure VPN connection. Which of the following methods would MOST likely be the best method for exploiting these?
a) Identify a jailbroken device for easy exploitation
b) Use web-based exploits against the device’s web interfaces
c) Use a tool like ICSSPLOIT to target specific vulnerabilities
d) Use social engineering to trick a user into opening a malicious APK
d) Use social engineering to trick a user into opening a malicious APK
When targeting mobile devices, you must first determine if the company uses iPhones or Android-based devices. If they are using Android-based devices, you can use social engineering to trick a user into installing a malicious APK.
As a penetration tester, you can create a malicious APK using msfvenom in the Metasploit framework. The user can install it directly from your website instead of the Google Play store.
A macOS user is browsing the internet in Google Chrome when they see a notification that says, “Windows Enterprise Defender: Your computer is infected with a virus, please click here to remove it!” What type of threat is this user experiencing?
a) Phising
b) Worm
c) Rogue anti-virus
d) Pharming
c) Rogue anti-virus
Rogue anti-virus is a form of malicious software and internet fraud that misleads users into believing there is a virus on their computer and to pay money for a fake malware removal tool (that actually introduces malware to the computer). It is a form of scareware that manipulates users through fear and a form of ransomware. Since the alert is being displayed on a macOS system but appears to be meant for a Windows system, it is obviously a scam or fake alert and most likely a rogue anti-virus attempting to infect the system.
Phishing is an email-based social engineering attack in which the attacker sends an email from a supposedly reputable source, such as a bank, to try to elicit private information from the victim.
You are trying to copy a 4.7 GB file from your Windows laptop to an external hard drive using USB 3. The external hard drive is formatted with FAT32. Every time you attempt this copy, you receive an error. What is MOST likely the issue?
a) Files over 4 GB cannot be stored on a FAT32 formatted drive
b) USB 3 is too slow to transfer a file this large
c) The laptop must be reformatted as FAT32 to support this transfer
d) The external hard drive must be formatted as APFS to support this transfer
a) Files over 4 GB cannot be stored on a FAT32 formatted drive
Since this file is 4.7 GB in size, it cannot be stored as a single file on the FAT32 hard drive. The file allocation table 32-bit (FAT32) is the 32-bit file system supported by Windows, macOS, and Linux computers. FAT32 can support maximum volume sizes of up to 2 TB and maximum file sizes of up to 4 GB.
Which of the following should be implemented to allow wireless network access for clients in the lobby using a shared password as the key?
a) Geofencing
b) WPA2
c) IPsec
d) Firewall
b) WPA2
Wi-Fi Protected Access 2 Pre-Shared Key or WPA2-PSK is a system of encryption used to authenticate users on wireless local area networks using a shared password as the key. WPA2-PSK [AES] is the recommended secure method of making sure no one can listen to your wireless data while it is being transmitted back and forth between your router and other devices on your network.
Internet Protocol Security (IPsec) is a secure network protocol suite that authenticates and encrypts the packets of data to provide secure encrypted communication between two computers over an Internet Protocol network and is used in virtual private networks.
A user contacts the service desk, stating their account is locked out, and they are unable to login to their local workstation. Which of the following log files should you review to determine the source of the lockout on the local workstation?
a) Security log
b) Application log
c) Setup
d) System log
a) Security log
The security log contains information regarding audit data and security on a system. For example, the security log contains a list of every successful and failed login attempt.
The system log contains information about service load failures, hardware conflicts, driver load failures, and more.
Jason has an old 2017 Dell Laptop that he uses to connect to his office network while traveling. The computer is slow and is running Windows 7. The laptop’s screen was recently cracked and needs replacement. Jason brings the laptop to the computer store you work at and asks for your assistance. Which of the following do you recommend?
a) Sell him an external 15” tablet/monitor to connect to the laptop as a workaround
b) Purchase a new laptop as the cost to repair might be more than a new laptop
c) Replace the display and contact the manufacturer for reimbursement
d) Replace the display and charge him for the parts/installation
b) Purchase a new laptop as the cost to repair might be more than a new laptop
- In this scenario, you should recommend that he purchase a new laptop. Since the laptop is 5-7 years old, it is unlikely to be worth the cost of repair since he could buy a new laptop for $200 to $500. This new laptop would be faster, more secure, and last longer than repairing this old laptop. As a technician, you should weigh the benefits and drawbacks of a particular repair and provide a good recommendation to your customer.*
Which of the following backup rotation schemes uses a three-tiered approach to ensure at least one monthly full backup is conducted?
a) Grandfather-father-son (GFS)
b) FIFO backup
c) Tower of Hanoi
d) 3-2-1 backup
a) Grandfather-father-son (GFS)
The grandfather is a full backup that is stored off-site once per month. The father is a weekly full backup that is conducted. The son is an incremental or differential backup conducted each day.
The 3-2-1 backup rule states that an organization should create (3) one primary backup and two copies of the data, (2) save the backups to two different types of media, and (1) keep at least one backup copy off-site.
The Tower of Hanoi is a backup rotation scheme that rotates backup media sets throughout the backup process to minimize wear and failure of tape backup media.
The First In First Out (FIFO) backup scheme uses a set number of tapes and overwrites the oldest tape with the newest information.
Which of the following backup rotation schemes requires at least one monthly full backup to be stored safely off-site?
a) GFS
b) FIFO backup
c) 3-2-1 backup
d) Tower of Hanoi
c) 3-2-1 backup
The 3-2-1 backup rule states that an organization should create (3) one primary backup and two copies of the data, (2) save the backups to two different types of media, and (1) keep at least one backup copy off-site.
The grandfather-father-son (GFS) backup rotation scheme is widely used to combine full and incremental backups to reduce backup time and enhance storage security. Most often, the GFS is paired with the 3-2-1 rule to create a backup system with the best of both techniques. For example, the grandfather can be a full backup that is stored off-site once per month, the father is a full backup that is conducted weekly, and the son is an incremental or differential backup conducted each day. For example, each Monday a full backup can be conducted which becomes the father. Then, each day of the week a son is created by performing an incremental or differential backup. Once per month, a full backup is conducted to become the grandfather and could be moved off-site.
The Tower of Hanoi is a backup rotation scheme that rotates backup media sets throughout the backup process to minimize wear and failure of tape backup media. For example, when using this method with four backup tapes labeled A, B, C, and D, a total of 16 days of backups can be maintained with just 4 tapes. Tape A is used every odd-numbered day for 16 days. Tape B is used on days 2, 6, 10, and 14. Tape C is used on days 4 and 12. Tape D is used on days 8 and 16. This allows Tape A to be overwritten every other day, while Tape B is overwritten every four days and Tapes C and D are overwritten every 8 days.
The First In First Out (FIFO) backup scheme uses a set number of tapes and overwrites the oldest tape with the newest information. For example, if there are 7 tapes in use, every evening a new backup is conducted over the previous week’s daily backup. To have a longer amount of days of backups, a technician simply needs to increase the number of tapes from 7 to 14 or 21.
What permissions would be represented by the octal 517?
a) rwx–xr-x
b) –xr-xrwx
c) r-xrwx–x
d) r-x–xrwx
d) r-x–xrwx
R-X is 5, –X is 1, and RWX is 7. In Linux, you can convert letter permissions to octal by giving 4 for each R, 2 for each W, and 1 for each X. R is for read-only, W is for write, and X is for execute. The permissions strings are written to represent the owner’s permissions, the group’s permissions, and the other user’s permissions.
