Practice Test #5 Questions Flashcards
(41 cards)
Your companies share drive has several folders that have become encrypted by a piece of ransomware. During your investigation, you found that only the Sales department folders were encrypted. You continue your investigation and find that a salesperson’s workstation was also encrypted. You suspect that this workstation was the original source of the infection. Since it was connected to the Sales department share drive as a mapped S:\ drive, it was also encrypted. You have unplugged the network cable from this workstation. What action should you perform NEXT to restore the company’s network to normal operation?
a) Schedule a full disk anti-malware scan on the workstation
b) Schedule weekly scans and enable on-access scanning
c) Disable System Restore on the workstation
d) Restore the Sales department folders from backups
d) Restore the Sales department folders from backups
Since the share drive affects multiple users, not just this one salesperson, it should be prioritized for recovery first. Since the workstation has been quarantined from the network, it is no longer a threat to the shared drive data. Therefore, you should restore the latest backup of the Sales folders to the share drive. This will enable the rest of the Sales department to get back to normal operations.
Then, you should focus on remediating this workstation. The next step for that remediation would be to disable System Restore, remediate the infected workstation by updating the anti-malware software, and conduct scans
Marta’s organization is concerned with the vulnerability of a user’s account being vulnerable for an extended period of time if their password was compromised. Which of the following controls should be configured as part of their password policy to minimize this vulnerability?
a) Password complexity
b) Minimum password length
c) Password expiration
d) Password history
c) Password expiration
A password expiration control in the policy would force users to change their passwords at specific time intervals. This will then lock out a user who types in the incorrect password or create an alter that the user’s account has been potentially compromised. While the other options are good components of password security to prevent an overall compromise, they are not effective against the vulnerability described in this particular scenario. It states the issue is based on time. Password history is used to determine the number of unique passwords a user must use before using an old password again. The Passwords must meet complexity requirements policy setting determines whether passwords must meet a series of guidelines that are considered important for a strong password. Maximum password length creates a limit to how long the password can be, but a longer password is considered stronger against a brute force attack.
A coworker is creating a file containing a script. You look over their shoulder and see “net use s:\fileserver\videos” in the file. Based on this, what type of file extension should this script use?
a) .vbs
b) .bat
c) .js
d) .py
b) .bat
Batch scripts run on the Windows operating system and, in their simplest form, contain a list of several commands that are executed in a sequence. A .bat file is used for a batch script. You can run the file by calling its name from the command line or double-clicking the file in File Explorer. Generally, batch file scripts run from end to end and are limited in branching and user input.
VBScript is a scripting language based on Microsoft’s Visual Basic programming language. Network administrators often use VBScript to perform repetitive administrative tasks. With VBScript, you can run your scripts from either the command-line or the Windows graphical interface. Scripts that you write must be run within a host environment. Windows 10 provides Internet Explorer, IIS, and Windows Script Host (WSH) for this purpose.
Which of the following commands can a technician use on a Linux server to verify the IP address associated with diontraining.com?
a) netstat
b) dig
c) grep
d) apt-get
b) dig
The dig command is used to query the domain name system (DNS) to obtain information about host addresses, mail exchanges, nameservers, and related information.
The netstat command is used to display the network statistics.
The grep is a command-line utility for searching plain-text data sets for lines that match a regular expression.
The grep command works on Unix, Linux, and macOS operating systems. Grep is an acronym that stands for Global Regular Expression Print. The apt-get utility is a powerful package management command-line program that works with Ubuntu’s APT (Advanced Packaging Tool) library to install new software packages, remove existing software packages, upgrade existing software packages, and even upgrade the entire operating system. The apt-get utility works with Ubuntu and Debian-based Linux distributions.
Your Windows 10 machine has just crashed. Where should you look to identify the cause of the system crash and how to fix it?
a) BSOD (blue screen of death)
b) DDOS
c) MAC
d) POST (Power On Self Test)
a) BSOD (blue screen of death)
*When your Windows 10 machine crashes, the Blue Screen of Death (BSOD) is often the first place to look for clues. Here’s why: BSOD (Blue Screen of Death): The BSOD provides critical information about system crashes, such as error codes, memory dump, and driver or hardware issues that led to the crash. The error message displayed on the BSOD typically includes a STOP code (such as 0x0000007E or 0x00000050) and a brief description of the error, which can help in diagnosing the cause of the crash. Sometimes, the BSOD will also mention a specific driver or process that may be involved in the crash, which is useful for troubleshooting. You can analyze the minidump files (created after a BSOD occurs) to get more details on what caused the crash. Tools like Event Viewer or BlueScreenView can help you analyze these files.
Why not the other options?
b) DDOS (Distributed Denial of Service):
A DDoS attack typically causes a network service to become unavailable by overwhelming it with a flood of traffic. It does not directly cause a system crash (like a BSOD), and it would not be logged in the BSOD itself.
c) MAC (Media Access Control):
The MAC address refers to a unique identifier assigned to network interfaces and is unrelated to system crashes. It’s part of network communication and has no direct connection to the cause of a system crash in Windows.
d) POST (Power On Self Test):
POST occurs when the computer is first powered on and performs hardware diagnostics before the operating system starts loading. If your system is already crashing (after it has started running), POST is not relevant. It’s only used to detect initial hardware failures when starting the machine, not for identifying issues that occur after boot.*
Tony works for a company as a cybersecurity analyst. His company runs a website that allows public postings. Recently, users have started complaining about the website having pop-up messages asking for their username and password. Simultaneously, your security team has noticed a large increase in the number of compromised user accounts on the system. What type of attack is most likely the cause of both of these events?
a) Rootkit
b) Cross-site request forgery
c) SQL injection
d) Cross-site scripting
cross-site scripting (XSS)
This scenario is a perfect example of the effects of a cross-site scripting (XSS) attack. If your website’s HTML code does not perform input validation to remove scripts that may be entered by a user, then an attacker can create a popup window that collects passwords and uses that information to compromise other accounts further.
A cross-site request forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they are currently authenticated.
An XSS will allow an attacker to execute arbitrary JavaScript within the victim’s browser (such as creating pop-ups).
A CSRF would allow an attack to induce a victim to perform actions they do not intend to perform.
A rootkit is a set of software tools that enable an unauthorized user to control a computer system without being detected.
SQL injection is the placement of malicious code in SQL statements via web page input. None of the things described in this scenario would indicate a CSRF, rootkit, or SQL injection.
Which of the following commands is used to edit a text file on a Linux server?
a) pwd
b) nano
c) cat
d) grep
b) nano
The nano utility is an easy-to-use command-line text editor for Linux systems. Nano includes the functionality of a regular text editor, as well as syntax highlighting, multiple buffers, search and replace with regular expression support, spellchecking, UTF-8 encoding, and more.
The cat (short for “concatenate“) command is one of the most frequently used commands in Linux/Unix. The cat command allows the creation of single or multiple files, view file contents, concatenate files, and redirect output in the terminal to a file.
The grep is a command-line utility for searching plain-text data sets for lines that match a regular expression. The grep command works on Unix, Linux, and macOS operating systems. Grep is an acronym that stands for Global Regular Expression Print.
The pwd command displays the present working directory (current directory) path to the terminal or display. If you are working on a Linux system and are unsure of where you are in the directory structure, type “pwd” and hit enter to display the path to the screen.
Which of the following commands is used on a Linux system to safely turn off a server?
a) shutdown
b) kill
c) rm
d) ps
a) shutdown
The shutdown command brings the system down in a secure way. When the shutdown is initiated, all logged-in users and processes are notified that the system is going down, and no further logins are allowed. You can shut down your system immediately or at the specified time.
The ps command is used to list the currently running processes, and their PIDs and some other information depend on different options. It reads the process information from the virtual files in the /proc file system. The /proc directory contains virtual files and is known as a virtual file system.
The kill command sends a signal to specified processes or process groups, causing them to act according to the signal. When the signal is not specified, it defaults to -15 (-TERM), which terminates the specified process by gracefully stopping it. If “kill -9” is used instead, it will immediately kill the process.
The rm command is a command-line utility for removing files or directories. To remove a file, pass the name of a file or files to the rm command, and those files will be removed immediately from the file system.
A user contacts the service desk after they just finished attempting to upgrade their laptop to Windows 10. The upgrade failed, and the user asks you to explain why. Which of the following log files should you review to determine the cause of the upgrade failure?
a) Setup log
b) Application log
c) System log
d) Security log
a) Setup log
The setup log contains a record of the events generated during the Windows installation or upgrade process.
The application log contains information regarding application errors.
The system log contains information about service load failures, hardware conflicts, driver load failures, and more.
The security log contains information regarding audit data and security on a system. For example, the security log contains a list of every successful and failed login attempt.
A user’s computer was running out of storage space, so they decided to install a new second 1 TB hard disk drive (HDD) into their Windows 10 computer. Whenever they attempt to boot up the computer, an error of “No Operating System Found” is displayed on their screen. You unplugged the new 1 TB HDD, and then the computer boots up without any errors. You have just reconnected the 1 TB HDD. What step should you attempt NEXT to fix this issue?
a) Reboot the computer into safe mode
b) Verify the boot order in the BIOS/UEFI
c) Format the 1 TB HDD
d)Reinstall Windows to the 1 TB HHD
b) Verify the boot order in the BIOS/UEFI
If more than one hard drive is connected to the computer, it is important to verify the correct boot order is listed in the BIOS/UEFI. In this scenario, it sounds like the system is configured to boot first from the 1 TB HDD and then from the original HDD. If this order is switched in the boot order, the system will boot without generating the error message.
Formatting the HDD will not solve this problem since a formatted drive does not have an operating system installed by default.
You have been asked to recycle 20 of your company’s old laptops. The laptops will be donated to a local community center for underprivileged children. Which of the following data destruction and disposal methods is MOST appropriate to allow the data on the drives to be fully destroyed and the drives to be reused by the community center?
a) Drill/hammer the HDDs platters
b) Low-level formatting of the HDDs
c) Degaussing of the HDDs
d) Standard formatting of the HDDs
b) Low-level formatting of the HDDs
Low-level formatting is a hard disk operation that should make recovering data from your storage devices impossible once the operation is complete. It sounds like something you might want to do if giving away a hard disk or discarding an old computer that may have contained useful and important private information.
Standard formatting of the drives could allow the data to be restored and make the data vulnerable to exposure.
Drilling or hammering the HDD platters would physically destroy the drives and the data, making the laptops useless for the community center.
Degaussing the drives would also render the drives useless to the community center. Therefore, the safest method is a low-level format since it fully destroys the data and allows the drives to be reused by the community center.
A user’s workstation is infected with malware. You have quarantined it from the network. When you attempt to boot it to the Windows 10 desktop, it fails. Which of the following should you do NEXT to begin remediating this system?
a) Format the workstation and reinstall Windows 10
b) Disable System Restore and reinstall Window 10
c) Restore the workstation from the last system restore point
d) Restart into Safe Mode and conduct an antivirus scan
d) Restart into Safe Mode and conduct an antivirus scan
*Observing Windows in safe mode enables you to narrow down the source of a problem and can help you troubleshoot problems on your PC. Safe Mode will allow you to restore an earlier System Restore point, but it will not allow you to disable System Restore. Restoring to the last system restore point may not restore the system to the time before the malware infection. Formatting and reinstalling Windows would lead to data loss for the user. Therefore, you should attempt to remediate the malware infection from Safe Mode first. *
You were troubleshooting a recently installed NIC on a workstation and decided to ping the NIC’s loopback address. Which of the following IPv4 addresses should you ping?
a) 10.0.0.1
b) 127.0.0.1
c) 192.168.1.1
d) 172.16.1.1
b) 127.0.0.1
The loopback address is 127.0.0.1 in IPv4, and it is reserved for troubleshooting and testing. The loopback address is used to receive a test signal to the NIC and its software/drivers to diagnose problems. Even if the network cable is unplugged, you should be able to ping your loopback address successfully.
The other three IP addresses presented as options are private Class A, Class B, or Class C addresses, and not the loopback address.
You want to enable a security feature that would remember the Layer 2 address first connected to a particular switch port to prevent someone from unplugging a workstation from the switch port and connecting their own SOHO wireless router to that same switch port. Which of the following security features would BEST accomplish this goal?
a) Single sign-on
b) Firewall
c) Port security
d) Login script
c) Port security
Port security enables an administrator to configure individual switch ports to allow only a specified number of MAC addresses to use that port. Port Security helps secure the network by preventing unknown devices from forwarding packets. When a link goes down, all dynamically locked addresses are freed.
Dion Training uses a patch management server to control the distribution and installation of security patches. A technician needs to configure a new Windows 10 workstation to not perform Windows Updates automatically. Which of the following features in the Task Manager should the technician use to disable the Windows Update service?
a) Services
b) Startup
c) Processes
d) Performance
a) Services
*The task manager is an advanced Windows tool that has 7 tabs that are used to monitor the Processes, Performance, App History, Startup, Users, Details, and Services on a computer. By clicking the Services tab, the technician can list all of the services installed on the computer, display their status, and start/stop/restart those services. *
*By clicking the Startup tab, the technician can see every program configured to start up when Windows is booted up. This can be used to disable unwanted programs from launching during the boot-up process. *
During a disaster recovery, which of the following statements is true?
a) A virtual machine has more downtime than a physical server
b) A virtual machine has less downtime than a physical server
c) A virtual machine cannot be used for redundancy or load balancing
d) Both a virtual machine and a physical server has the same downtime
b) A virtual machine has less downtime than a physical server
A virtual machine can usually be restored much faster than a physical server. Physical servers must be modified to fit the right drivers for the disk drives, NIC, and other necessary components whenever they must be rebuilt after a crash. Often, a new physical server will also be required to replace a faulty one, and then the right drivers are needed to ensure a smooth transition. Conversely, a virtual machine can be recreated using another instance, clone, or restoration from a backup in much less time.
Therefore, the downtime associated with virtual machines and their restoral is much lower.
Jason checks the Dion Training server room and finds that it currently has over 80% humidity. Which of the following risks to the servers could occur due to this high humidity level?
a) An under-voltage event
b) Corrosion of the servers
c) Accidental static discharge
d) An over-voltage event
b) Corrosion of the servers
*When humidity is high, corrosion is the biggest threat. When humidity is high, the water in the air can react with the components in the servers and cause corrosion. When humidity is low, static electricity is built up and can lead to an accidental release which damages components.
In a computer server room or work area, the humidity should be kept between 40-60% to prevent electrostatic discharge from low humidity and corrosion from high humidity. *
Which of the following is the purpose of an ESD mat?
a) Protects equipment from dust or dirt
b) Protects casings from scratches and dents
c) Protects technician from accidental shocks
d) Protects equipment against accidental static discharge
d) Protects equipment against accidental static discharge
An electrostatic discharge (ESD) mat is made from materials that dissipate static to protect sensitive electronic equipment and components.
You need to determine the best way to test operating system patches in a lab environment before deploying them to your automated patch management system. Unfortunately, your network has several different operating systems in use, but you only have one machine available to test the patches on. What is the best environment to utilize to perform the testing of the patches before deployment?
a) Bypass testing and deploy patches directly in the production environment
b) Purchase additional workstations
c) Virtualization
d) Sandboxing
c) Virtualization
Reason: Virtualization allows you to create multiple virtual machines (VMs) on a single physical machine, each running a different operating system. This enables you to simulate and test patches on various operating systems in an isolated environment without needing additional physical hardware. Virtual machines can be quickly cloned, restored, and configured for testing purposes, making them an efficient and cost-effective solution for patch testing.
Option a (Bypass testing and deploy patches directly) is risky, as it can cause unforeseen issues in the production environment.
Option b (Purchase additional workstations) would be expensive and inefficient.
Option d (Sandboxing) is useful for isolating specific applications but is not typically ideal for testing full operating system patches.
A technician is trying to locate a protected .dll file to edit, but they cannot see it in the System32 folder. Which Control Panel utility should the technician use to find the file?
a) Programs and Features
b) System
c) Indexing Options
d) File Explorer Options
d) File Explorer Options
The File Explorer Options section of the Control Panel allows technicians to customize the display of files and folders. For example, the File Explorer Options can enable or disable the ability to show hidden files, hide file extensions, and more. General options allow a technician to configure the folders to open in a new window or the same window, to use a single-click or double-click when opening a file or program using its icon, and the ability to show or hide recently used files and folders in the Quick Access pane of the File Explorer window. The View options tab allows more customized control in terms of hiding and displaying files and folders, as well as the customization of the File Explorer window.
The Indexing Options is used to configure the method used by Windows when searching for content within the storage devices. When indexing is properly configured, the system will catalog the information on the computer using the words within the files and their metadata to more easily find the content when requested by a user.
The System section of the Control Panel allows a technician to see information about the workstation, including the processor type, amount of memory, and operating system version installed on the computer.
The Programs and Features section of the Control Panel allows a technician to install or remove applications, software packages, and features in the Windows operating system.
The administrator would like to use the strongest encryption level possible using PSK without utilizing an additional authentication server. What encryption type should be implemented?
a) MAC filtering
b) WEP
c) WPA2 Enterprise
d) WPA personal
d) WPA personal
Since he wishes to use a pre-shared key and not require an authentication server, WPA personal is the most secure choice. If WPA2 Personal were an option, it would be more secure, though.
WPA2 Enterprise is incorrect since the requirement was for a PSK, whereas WPA2 Enterprise requires a RADIUS authentication server to be used with individual usernames and passwords for each client.
You have been asked to configure your neighbor’s SOHO network. Your neighbor wants to build a Minecraft server so that all their friends can play together over the internet. When configuring their firewall, where should you place the server?
a) MAN
b) LAN
c) WAN
d) Perimeter network
d) Perimeter network
*A perimeter network (formerly called a Demilitarized Zone or DMZ) is a portion of a private network connected to the Internet and protected against intrusion. Certain services may need to be made publicly accessible from the Internet (such as a web, email, or Minecraft server) and they should be installed in the perimeter network instead of in your intranet. If communication is required between hosts on either side of a perimeter network, then a host within the perimeter network will act as a proxy to take the request. *
Your supervisor has requested remote access to a particular server to check on specific data and processes in the evenings and weekends. You are concerned that the server could become infected and want to take some precautions. Which of the following is the MOST important thing to do before granting remote access to the server to your supervisor?
a) Disable internet access from the server outside of normal business hours
b) Educate your supervisor on safe internet browsing techniques
c) Set the server’s anti-virus software to automatically update itself and perform a full scan every Saturday night
d) Install the latest security updates and patches to the server
d) Install the latest security updates and patches to the server
To prevent infection, it is important that all servers and workstations remain patched and up to date on their security updates.
After that, the next best thing would be to set up the anti-virus to update itself daily and run a full scan nightly automatically.
Beyond that, educating your supervisor would be a good idea, as well. Disabling the internet access outside of normal business hours would not work since this would block your supervisor from accessing the server from their home.
You need to move a new desktop computer to another desk. Which of the following actions should you take?
a) Lift with your back and not your legs
b) Ask a coworker to team lift it with you
c) Open the box and carry each piece individually
d) Lift with your legs and not your back
d) Lift with your legs and not your back
You should always lift with your legs and not your back. The leg muscles are much stronger than the back muscles. If you carry heavy objects with your back, you will injure yourself. If the object is greater than 50 pounds, you should ask another coworker to assist you in a team lift to carry the object to prevent injury. Team lifting is when two or more people work together to pick up a heavy or bulky object. When you need to lift or carry items, be aware of what your weight limitations are, as well as any restrictions and guidance outlined in your job description or site safety handbook. Weight limitations will vary depending on context.