CompTIA A+ Security

After switching a medium-sized office to a Windows domain, a systems administrator has had trouble getting buy-in from users when it comes to saving documents in redundant network shares. Users are adamant that they want to work out of the local Documents folder of their profile. What can the administrator implement to accomplish the goal of getting data to reside on network shares?

Folder redirection

A healthcare company wants a security engineer to secure access to its critical internal resources and data with more than just a username and password. What access control measure would the security engineer suggest the company implement to provide an extra layer of security?

Multifactor authentication

A group of employees has voiced concerns about not feeling safe when walking to and from their cars in the parking lot. Since the building is not in a safe neighborhood, they feel like someone could easily hide and attack people during certain shift changes. What could the company implement to help these employees feel safer?

- Security guards
- Video cameras
- Lighting

This type of alarm system utilizes either microwave radio reflection or passive infrared to trigger an alert threshold.

Motion sensor

A senior-level government agency wants to implement multifactor authentication. However, they specifically do not want any user's mobile device to be a part of the solution as it could compromise them. What authentication method would be a possible solution?

Hard token

A security vendor contracts with a banking firm to provide access control to highly secured areas. The banking firm wants to grant access via biometric data. What would be suitable to use in this case?

- Retina scanner
- Fingerprint reader
- Palmprint scanner

A new data security technician is learning many foundational principles of logical security controls concerning critical data. The technician notices a lot of effort and conversations from colleagues with clients around the concept of least privilege. What is the goal when it pertains to implementing least privilege?

Grant users the minimum possible rights necessary to perform the job.

The security team at a company wants to limit access to certain office areas to prevent theft and improve safety for employees. They would like to utilize door locks with badge readers and software that centrally manages access yet is still accessible with a physical key in case of emergencies or system outages. What objects could the company use in conjunction with the badge readers to grant access?

- Smart cards
- Key fobs

A security engineer is designing a multifactor solution for certain approved users to access highly-sensitive information on the company's intranet. The engineer will require a soft token code provided by what medium to the user?

- Short message service
- Voice call
- Email

A small company has just set up a Windows domain environment and would like to add functionality for their users to save personal work-related documents on a designated file server to protect files from being lost on their PCs. What solution would allow this functionality?

Home folders

A manufacturing plant plans to have cash payments for products sent to their facility for processing. To provide a proper physical security entrance into the area where personnel will handle the cash, a security vendor may suggest what particular automated solution best ensures that only one employee can enter and exit this area at a time?

Access control vestibule

A construction company wants a security engineer to secure access to its critical customer contracts and plans data with more than just a username and password. What access control measure would the security engineer suggest the company implement to provide an extra layer of security?

Multifactor authentication

A company is working with a data security firm to see what areas it can improve to secure its critical data and resources. The security firm has found that almost all users have access to the company's internal data. The security firm would suggest this particular security control since it only allows specific users access to data to perform their job functions.

Least privilege

A managed services technician works with a customer to properly secure the home office Wi-Fi network. The customer states that they use Wi-Fi Protected Access with Temporal Key Integrity Protocol to secure wireless network traffic. However, the technician advises against this solution, as a malicious actor can easily find the encryption key. What would provide for stronger encryption with AES and CCMP for securing Wi-Fi traffic?

WPA2

A network engineer wants to implement a strong EAP-TLS method using multifactor authentication in an enterprise environment. The engineer must configure the Remote Authentication Dial-in User Service (RADIUS) server and the wireless supplicant with which of the following components?

- Encryption key pair
- Digital certificate

A security engineer is attending a training session based on newer network security best practices. However, regarding Wi-Fi protected access (WPA), they learn that WPA3 replaced WPA2 with its accompanying encryption standard stack. With WPA3, what other cipher/protocol stack replaced them?

AES GCMP

A medium-sized office has a growing number of employees whom all need access to the wireless network. Each employee has an individual Windows domain account and wireless network access account. What protocol or service could the office implement to allow users to use one account, granting them access to the wireless network and the domain?

Kerberos

A new local coffee shop would like to provide customers with free Wi-Fi access. In addition, they would like to provide a secured wireless connection without using a pre-shared passphrase. Which type of protected access should the coffee shop use to meet these requirements?

WPA3

An organization has asked a network engineer why a particular wireless access point is not allowing users to authenticate to the company's network. Users can connect to other access points without issue. The engineer finds that the problem access point can find and connect to the Remote Authentication Dial-in User Service (RADIUS) server, but they do not trust each other. What is most likely NOT configured on the access point?

Shared secret

Which protocol allows access points to use Remote Authentication Dial-in User Service (RADIUS), or Terminal Access Controller Access Control System Plus (TACACS+), and Extensible Authentication Protocol (EAP) to tunnel credentials and tokens that allow a domain user to connect via a wireless client to authenticate to a Windows domain controller and use single sign-on authorization?

Kerberos

A growing company has just recently implemented a Windows domain and is building out its Active Directory structure. They have asked a network services company if they can manage access to their wireless network using permissions in the new domain. A network engineer tells them this is certainly achievable using this particular protocol.

EAP

A network security analyst works with a small business to properly secure their Wi-Fi network. The owner states that they use Wi-Fi Protected Access with Temporal Key Integrity Protocol to secure wireless network traffic. The analyst advises against this solution since a threat actor could easily find the encryption key. What would strengthen encryption with AES and CCMP for securing Wi-Fi traffic?

WPA2

A senior network engineer wants to provide the organization's staff with a convenient yet secure method for authenticating and administrating all the company Cisco routers, switches, and access points. What Authentication, Authorization, and Accounting (AAA) protocol would provide the best solution for this?

TACACS+

Network engineers are talking at a conference, reminiscing about legacy Wi-Fi security standards. Unfortunately, they could not remember the cipher that replaced Rivest Cipher 4 (RC4) at the advent of WPA2. What cipher are they attempting to remember?

AES

A managed service provider wants to provide their network engineers with a convenient yet secure method for accessing and administrating all their managed client Cisco routers, switches, and access points. What Authentication, Authorization, and Accounting (AAA) protocol would provide the best solution for this?

TACACS+

A user's computer has an infection that renders the computer system unusable as soon as it boots up. After calling the support phone number for the system's antivirus software, the support technician gives the user a .iso file to help remove the infection. What will this file allow the user to do differently from removing the infection after the computer starts up?

Scan the computer in recovery mode.

A user makes a frantic call to a family friend. Their computer displays a message that the Federal Bureau of Investigation has tracked malicious terrorist activity to their laptop. The only information they see to remove the message is a link to a Bitcoin wallet that requests payment. What type of infection is this user experiencing?

Ransomware attack

A customer brings a PC into a local computer repair shop believing it may have a virus. After some investigation into the problems, the technician deems that there are so many viruses and malware on the system that there really is only one appropriate avenue to take to give the customer the security of knowing the PC is free and clear of the viruses and malware. What remediation will the technician perform?

Perform OS reinstallation.

When dealing with this particular malware payload, users should be aware that there is the possibility that it can compromise system files and programming interfaces. For example, compromised local shell processes, such as Explorer or Task Manager on Windows, ps or top on Linux, and port-listening tools no longer reveal their presence. What is this particular malware payload?

Rootkit

A user thinks there may be a virus on their computer, calls into an IT help desk, and states that when browsing certain websites, the browser gives a scary warning about the site possibly being unsafe. What could cause a browser certificate warning?

- A certificate has expired.
- A certificate is self-signed.
- There is a server name mismatch in the certificate.

A computer science student is taking beginner-level classes on information security. The course discusses malware vectors, a method by which the malware executes on a computer. The student then learns about which of the following common vectors?

- Worm
- Virus
- Trojan

A managed service provider company has adopted CompTIA's seven-step best practice procedure for malware removal. A technician is about to attempt to remove a malware infection according to these best practices. Which step will the technician take in the overall process of removal?

- Disable System Restore.
- Educate the end user.

A malicious hacker sets out to create a botnet to deploy onto a mass number of computers to perform complex blockchain calculations for obtaining digital coins. What malware payload will accomplish this task?

Cryptominer

A user brings their PC to the company's IT help desk thinking it has a virus. After some investigation into the problems, the technician deems that there are so many viruses and malware on the system that there really is only one appropriate avenue to take to give the customer the security of knowing the help desk has removed everything from the PC. What remediation would this be?

Perform OS reinstallation.

An IT security professional has finished removing a trojan malware infection using their company's enterprise anti-malware platform. What operating-system-specific validations would ensure no reinfections could occur?

- Restore points
- DNS configuration
- Software firewall settings

A fairly new level one help desk technician has worked hard to remove some malware infections on a user's computer. However, similar infections reappeared once the technician cleaned up and restarted the computer. What malware vector is manifesting in this situation?

Boot sector virus

A company's CFO notices an extremely small USB dongle plugged into their laptop. It is not associated with any of the wireless devices the CFO uses, and the device does not have any logo printed on it. After speaking with the IT service desk, the CFO mentions that he has received some emails lately about changes to various online accounts that he did not initiate. What conclusion may the service desk technician come to after hearing this statement?

The CFO's system has a keylogger installed.

As a part of a company's overall information security plan, the security operations team sends out designed phishing emails to groups of users. Users who click links inside baited emails are then enrolled in training to help them spot phishing-type emails. What are some characteristics seen in typical phishing emails?

- Disguised links and attachments
- Inconsistent sender and reply to addresses
- Unexpected communications

A user makes a frantic call to their company's IT help desk. The computer displays a message that Homeland Security has tracked malicious terrorist activity to the user's work laptop. The only information they see to remove the message is a link to a Bitcoin wallet that requests payment. What type of infection is this user experiencing?

Ransomware attack

After carrying out a campaign to gather data via e-mail and other electronic means, what else can an attacker do to gather personal information about a company owner without being in that person's presence?

Go dumpster-diving behind the corporate offices.

An IT support intern attends a local IT security conference. The intern attends a breakout session that focuses on common security vulnerabilities when managing multiple endpoints. What security vulnerabilities can the session point out?

- End of life OS
- Unpatched system
- Unprotected system

A person visits a local library frequently with their laptop to use the Wi-Fi to complete school assignments and check social media. One day, the user notices that the wireless network name or the Service Set Identifier (SSID) is slightly different from normal. As a result, the user connects to the Wi-Fi and is automatically brought to a Facebook web page with fields to enter their Facebook username and password. What type of attack has occurred here?

Evil twin

Which of the following attacks are successful since there are currently no known patches to prevent it from happening?

Zero-day attack

A concerned employee has noticed that their manager seems to always quietly approach other co-workers from behind and carefully watch the actions they are doing on their computers. Other employees reported that this manager would watch for an extensive amount of time before saying anything to the employee at the computer. What social engineering tactic could be suspect in this situation?

Shoulder surfing

An attacker emailed many employees of a target company (that supports government organizations) with no success in gaining remote access through online social engineering. The attacker then scopes the company's corporate office to find an easy to manipulate employee. How may the attacker plan on infiltrating the office?

- Impersonate an employee.
- Tailgate into the offices.

A systems administrator is auditing the settings of a group of web servers. The administrator notices that a few of the servers also have file services and database roles installed and are not in line with the documented configuration of the company's standard web servers. What vulnerability are these systems experiencing?

Non-compliant system

A company is working on a plan for a future bring your own device (BYOD) program for employees. They would like to provide connectivity due to the rural location of the building and limited cell phone service. What concern would the network security team have with this plan?

Lack of a secure baseline configuration for personal devices

After a recent data breach, a company's IT department has concluded that the breach started with a laptop that accessed the Wi-Fi to gain access to its resources. The company uses a passphrase and media access control (MAC) address filtering to restrict access to Wi-Fi. What type of attack gained access to the company's wireless network?

Spoofing

An employee receives an email from what looks to be the IT department informing the employee has a compromised password. In a panic, the employee clicks the provided web link in the email, enters their old password, and then enters a new password. The employee noticed that this is not how the IT department has had them change their password in the past. What kind of attack has the user just experienced?

Phishing

A concerned employee has noticed that a co-worker seems to always quietly approach other co-workers from behind and carefully watch the actions they are doing on their computers. Others have also reported that this co-worker will watch an employee for an extensive amount of time before saying anything to the employee working on the computer. What social engineering tactic could be suspect in this situation?

Shoulder surfing

An employee receives a phone call from someone in the IT department informing them that their computer has a virus. In a panic, the employee quickly follows the instructions from the caller to grant remote access to their workstation. Unfortunately, the employee notices that the application used for remote access is not the same as the application used in the past when someone from IT has remotely worked on their workstation. What kind of attack has the user just experienced?

Vishing

What type of attack occurs when an attacker may use software to guess another user's password using common words?

Dictionary attack

A school district is working on a plan for a future bring your own device (BYOD) program for students. They would like to provide connectivity due to the rural location of the building and limited cell phone service. What concern would the network security team have with this plan?

Lack of a secure baseline configuration for personal devices

An IT support desk intern is learning about fundamental security concerns that any support desk should look to remediate. What can be a security vulnerability when it comes to managing multiple endpoints?

- Unprotected system
- End of life OS
- Unpatched system

Company executives, like the Chief Information Officer (CIO), are the main target of which of the following attacks?

Whaling

What type of local account on a Windows computer has full rights and privileges to everything on the system?

Administrator account

Windows Defender Firewall uses which security feature based on Transmission Control Port (TCP) or User Datagram Protocol (UDP)?

Port filtering

A company has given its employees a Windows 10 laptop to use for remote work. Employees who already have access to Office 365 applications can get to work right away. How would employees initially log on to their laptops to begin working on them?

Use their Microsoft account.

The Chief Information Officer (CIO) has mandated securing all office workstations to prevent unauthorized access to data in the case of thefts. How can a desktop technician configure an office workstation to adhere to the recent mandate?

- Activate BitLocker To Go.
- Disable USB ports.

An administrator applies Share and New Technology File System (NTFS) permissions to a folder on a Windows server. The group "Everyone" has Read permissions to the share, and the "Users" group has modify permissions through NTFS permissions. Which of the following is a true statement?

- The "Users" group can modify files in the share.
- The "Users" group can see everything in the share folder.

An office workstation, that is not connected to the internet, suffers a year-old vulnerability exploit. However, the workstation does have anti-malware software and specific local accounts for employees to use as a logon. Why were the workstation users unaware of the exploit on the workstation?

Newer updates were not installed.

Which of the following is most used to access the certificates on a smart card to log on to an account for a web application?

PIN

A local consulting organization uses different web applications in its internal network to process financial, customer, and even third-party data. Each application must authenticate each user accessing its services. How can web administrators configure these web services to authenticate users securely but in the most convenient way possible as they log on to their office workstation?

Set up single sign-on (SSO).

What type of local account does a user's Windows computer utilize for legacy applications?

Power user account

Employees at a secure facility must log on to office workstations with two-factor authentication (2FA). All employees access the building with a smart card. What 2FA methods are employees most likely using to access their workstations

- Username and password
- PIN

What type of safeguard mechanism triggers an action on a system based on specific processes and how they connect to other systems?

Application security

The User Account Control (UAC) feature in Windows has a concern with what type of user account on a Windows machine?

Administrator

The encrypting file system (EFS) is primarily for what purpose on a Windows machine?

- File-level encryption
- Folder-level encryption

An insurance company uses different web applications that handle finance, customer account management, and access to car and repair services. However, each application adheres to strict security access and authentication policies. How can web administrators configure these different web applications, so they are both secure and most convenient for users to access as soon as they log on to their workstation office?

Set up single sign-on (SSO).

Employees have received their brand-new Windows 10 laptops to support a work-from-home initiative. Employees have already been using Office 365 applications in the office and are looking forward to picking up right where they left off. How should employees initially log on to their laptops?

Use their Microsoft account.

A large corporation has ordered all branch offices to secure office data to prevent unauthorized access to data in the case of theft. The change applies company-wide via a security policy for easy deployment. What does a computer technician need to address to fulfill these orders?

- Disable USB ports.
- Activate BitLocker To Go.

Employees at a secure facility must log on to office workstations with two-factor authentication (2FA). All employees access the building with a smart card. What 2FA methods are employees most likely using to access their workstations?

- Username and password
- PIN

A technician is reviewing the organization's account management policies. Why should the technician disable a guest account?

It allows unauthenticated access to the computer and may provide network access.

Corporate pushes out a memorandum to improve the physical security of branch office workstations so that company data does not get stolen if someone breaks into the offices and steals hard drive disks (HDDs). How can an IT manager address this specific security concern when deploying new workstations?

Set up the Windows BitLocker service.

A company has tasked a technician with installing a system in a new complex. What should be the technician's first step when creating the administrator account?

Change the default password.

A technician is completing a project and steps away from the computer to get a cup of coffee. Knowing that safeguards are in place, what will the computer do during the technician's absence?

The computer locks after a certain amount of time has transpired.

A technician works with an employee who got locked out of their company device. What best describes a failed attempt lockout?

The account becomes disabled for not entering the correct credential.

An engineer is creating a template for an end-user best practices guide. What assists in securing the workstation when the user steps away from the device?

- Secure PII and passwords.
- Secure and protect hardware.
- Log off the device when not in use.

A technician works on the organization's account management matrix and disables user access for Saturdays and Sundays. What action does the technician complete?

Restricted the user's login time to access the system.

A desktop technician must configure a Windows workstation with a local administrator account to be accessible when the network is not available. Unfortunately, initial attempts to set up the account during the Windows deployment phase failed due to local security password policies on the Windows image. What password best practices can help the technician properly set up the local administrator account password during this initial deployment?

- Use upper and lowercase letters.
- Use symbols or special characters.

A software engineer drafts a policy on execution control, emphasizing trusted/untrusted software sources. What should the engineer disable to ensure infections are not on a company device?

- Disable autorun.
- Disable autoplay

A technician is writing a policy on workstation security. What can a user accomplish on a Windows machine by hitting START+L on the keyboard?

Screensaver lock

When deploying a Windows operating system (OS) to a workstation using a network deployment image, the desktop technician could not complete setting up the local administrator password. This is due to the local security password policies denying the previous password entries. What password best practices could help the technician properly set up the local administrator account during this phase of the deployment?

- Use upper and lowercase letters.
- Use symbols or special characters.

A branch office manager has concerns about the physical security of employee workstations and wants to ensure that external attackers cannot run out with readily available proprietary data on hard drive disks (HDDs) if someone ever breaks into the offices. How might an IT manager change the workstation settings to address this security concern?

Set up the Windows BitLocker service.

A technician develops the organization's account policies and incorporates controls to safeguard the company system infrastructure. What are account policies?

- Restrict user's permissions.
- Use timeout/lock screens.
- Restrict login times.

A help desk technician assists an employee having issues with their corporate device. According to the employee, the Face ID feature is not working. The technician observes the employee's actions, and after a few attempts, the screen produces a message stating, "try again in five minutes." What has occurred in this situation?

Failed attempt locks

An employee enables screen lock on their new corporate smartphone. What is a unique characteristic of using the swiping method?

It uses a simple hand gesture but provides no authentication.

An engineer reviews the functionality and use of locator applications for mobile devices. What are the benefits of using a locator application?

- Use the app if the phone is lost or stolen.
- Use the app to lock the device remotely.
- Use the app to find misplaced phones.

An engineer reviews the organization's policy on mobile security software. What works as a content filter to block access to known phishing sites and block adware/spyware activity?

Antivirus/Anti-malware app

A technician reviews the organization's policies on mobile security software. What is critical for all corporate devices and ensures they are up-to-date?

OS update

A technician is preparing a corporate presentation on the use of locator applications for organizationally-owned devices. What is NOT a feature of a locator application?

To reset the phone to factory settings

An engineer prepares an organizational course-based training module on the use of screen locks for corporate devices. What is unique to using the fingerprint method of screen locking?

It uses a biometric scanner to identify the unique features of the user.

A technician is reviewing the standard operating procedure after an employee reports that they have lost their company laptop. What is the value of using remote wipe?

It allows a device that is not physically available to be reset to factory settings.

A technician reviews the team's best practice guide for mobile security software. What can the technician use to monitor app activity and prevent connections to ports or IP addresses?

Firewall

A technician drafts a report on internet of things (IoT) security. What type of components uses an IoT network?

- Hub/control system
- Wireless mesh networking
- Smart device types

An employee contacts the help desk and advises them that their computer, which contains sensitive organizational data, is missing. What action can the help desk take to protect the organization's data?

Remote wipe

A cyber engineer is conducting an evaluation of current screen lock capabilities for corporate mobile devices. What type of screen lock uses a sensor to scan the unique features of a user?

Fingerprint recognition

A technician is testing the various methods available to screen lock/unlock a device. What uses simple hand gestures but provides no authentication?

Swiping

An employee reviews available screen lock features on their new corporate device. What is unique to pattern screen locks?

It uses a connect-the-dot approach to unlock the device

A technician is advising a new employee on best practices regarding screen locks for their corporate device. What is unique in using facial recognition?

It uses infrared scanning and 3-D imaging to identify the user.