The CompTIA A+ certification is for IT professionals that can support modern technologies like security, cloud, data management and more. CompTIA A+ is the industry standard for starting a career in the Information Technology sector. The 220-1102 exam is the second in the CompTIA A+ 1100 series (preceded by 220-1101). CompTIA A+ 220-1102 covers operating systems, security, software and operational procedures.
A user has called the IT help desk where you work stating they clicked a link in an email from their boss and are now receiving a warning in their browser
> This site's certificate could not be verified. Are you sure you want to proceed?
How should you instruct the user to move forward?
Based on the information you have its unclear if something malicious is really going on. Certificates are used on websites running the HTTPS protocol to verify the server's identity and provide encryption. While it is possible that this is a spoofed email, or that the sender's account has been hacked, it's also possible this is a valid link and the web server is simply misconfigured (e.g. the certificate expired and the web server was not updated). The best way to proceed is to forward the email to whomever is responsible for IT Security at the company so the details can be determined in an investigation.
Unfortunately the FAT32 file system does not allow for file and folder permissions like those that are commonly found on modern file systems, such as NTFS.
A Chain of Custody is a list of individuals who handled evidence in an investigation. It serves as a paper trail that can be used by investigators or a court system to verify evidence was not tampered with.
Chain of custody (CoC), in legal contexts, is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. Of particular importance in criminal cases, the concept is also applied in civil litigation and more broadly in drug testing of athletes and in supply chain management, e.g. to improve the traceability of food products, or to provide assurances that wood products originate from sustainably managed forests. It is often a tedious process that has been required for evidence to be shown legally in court. Now, however, with new portable technology that allows accurate laboratory quality results from the scene of the crime, the chain of custody is often much shorter which means evidence can be processed for court much faster. The term is also sometimes used in the fields of history, art history, and archives as a synonym for provenance (meaning the chronology of the ownership, custody or location of a historical object, document or group of documents), which may be an important factor in determining authenticity.
Chain_of_custody - Wikipedia, the free encyclopediaYou are concerned about users installing unauthorized software and making unauthorized changes to their Windows 8 workstations. Which tool is best for limiting this type of behavior?
User Account Control (UAC) is a feature in Windows 7, 8 and 10 that prompts users to confirm changes initiated by software. Until the changes are confirmed by UAC the change will not be made. This helps users understand when they are making system level changes like installing a new application. Sudo is a similar feature in Linux operating systems. NTFS is a file system and Windows Defender is an anti-malware application.
User Account Control (UAC) is a mandatory access control enforcement feature introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed version also present in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows 11. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorises an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges and malware are kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorises it. UAC uses Mandatory Integrity Control to isolate running processes with different privileges. To reduce the possibility of lower-privilege applications communicating with higher-privilege ones, another new technology, User Interface Privilege Isolation, is used in conjunction with User Account Control to isolate these processes from each other. One prominent use of this is Internet Explorer 7's "Protected Mode".Operating systems on mainframes and on servers have differentiated between superusers and userland for decades. This had an obvious security component, but also an administrative component, in that it prevented users from accidentally changing system settings. Early Microsoft home operating-systems (such as MS-DOS, Windows 95-98 and Windows Me) did not have a concept of different user-accounts on the same machine. Subsequent versions of
User_Account_Control - Wikipedia, the free encyclopediaYou volunteer at the local library where you help manage a computer lab. This lab is not always monitored by workers or volunteers but you would like to ensure it is still available for community members at all times. You are concerned people may steal or move the laptops in the computer lab. What type of physical security device could prevent this?
Cable locks are a physical security measure that can prevent small or mobile devices from being physically removed from a location. These are often called cable locks but may also be called a Kensington lock or Kensington security slot. The goal is to secure the device to another large object like a well, desk or cart.
A Kensington Security Slot (also called a K-Slot or Kensington lock) is part of an anti-theft system designed in the mid 1980s and patented by Kryptonite in 1999–2000, assigned to Schlage in 2002, and since 2005 owned and marketed by Kensington Computer Products Group, a division of ACCO Brands.
Kensington_Security_Slot - Wikipedia, the free encyclopediaWhich option is a Windows power management mode that draws a small amount of power on resume by saving system state in RAM?
The Sleep power management option saves the computer state in RAM and powering off uneeded components until the computer awakes. Hibernate is similar but saves system state to the hard disk, which saves more power but is slower to resume when waking.
Sleep mode (or suspend to RAM) is a low power mode for electronic devices such as computers, televisions, and remote controlled devices. These modes save significantly on electrical consumption compared to leaving a device fully on and, upon resume, allow the user to avoid having to reissue instructions or to wait for a machine to reboot. Many devices signify this power mode with a pulsed or red colored LED power light.
Sleep_mode - Wikipedia, the free encyclopediaAlex, a technician, would like to map a network drive when he starts up his computer in the morning. Which of the following commands would he use to accomplish this task?
The NET command in Windows provides many options, including the NET USE command tool. The NET USE command will show and configure mapped network drives from a shared resource like a NAS or a storage server.
In computing, net is a command in IBM OS/2 (including eComStation and ArcaOS), Microsoft Windows and ReactOS used to manage and configure the operating system from the command-line It is also part of the IBM PC Network Program for DOS
Net_use - Wikipedia, the free encyclopediaYou are troubleshooting a service failing to start on a Windows 10 laptop. You have already confirmed the service is configured to start using msconfig
. You suspect the application is crashing after being started, where could you look to find a log of errors or crashes?
Event Viewer ( or eventvwr.msc
, eventvwr.exe
) is a great place to start when troubleshooting application failures. Applications and components of the Windows itself will log events to Event Viewer so they can be reviewed. This may includes information about the application running like configuration details, warning messages and error messages.
Event Viewer is a component of Microsoft's Windows NT operating system that lets administrators and users view the event logs on a local or remote machine. Applications and operating-system components can use this centralized log service to report events that have taken place, such as a failure to start a component or to complete an action. In Windows Vista, Microsoft overhauled the event system.Due to the Event Viewer's routine reporting of minor start-up and processing errors (which do not, in fact, harm or damage the computer), the software is frequently used by technical support scammers to trick the victim into thinking that their computer contains critical errors requiring immediate technical support. An example is the "Administrative Events" field under "Custom Views" which can have over a thousand errors or warnings logged over a month's time.
Event_Viewer - Wikipedia, the free encyclopediaA malicious user has gained access to several user accounts by guessing their password. The malicious user was able to guess passwords using a list of commonly used phrases and words. Which of the following terms best describes this type of attack?
A Dictionary Attack uses a list of preset words, phrases and commonly used passwords.
In cryptanalysis and computer security, a dictionary attack is an attack using a restricted subset of a keyspace to defeat a cipher or authentication mechanism by trying to determine its decryption key or passphrase, sometimes trying thousands or millions of likely possibilities often obtained from lists of past security breaches.
Dictionary_attack - Wikipedia, the free encyclopediaMobile Device Management (MDM) software is used to manage groups of mobile devices like smartphones and tablets. Because these devices run different operating systems than their PC counterparts, are often used by employees at home or on public wireless networks and can download applications from app stores, special management software is needed to ensure their security.
Mobile device management (MDM) is the administration of mobile devices, such as smartphones, tablet computers, and laptops. MDM is usually implemented with the use of a third-party product that has management features for particular vendors of mobile devices. Though closely related to Enterprise Mobility Management and Unified Endpoint Management, MDM differs slightly from both: unlike MDM, EMM includes mobile information management, BYOD, mobile application management and mobile content management, whereas UEM provides device management for endpoints like desktops, printers, IoT devices, and wearables as well.
Mobile_device_management - Wikipedia, the free encyclopediaAPT (Advanced Packaging Tool) is the default package manager for the Ubuntu Linux distribution. A package manager is a system used to download, install, update and remove software applications.
Advanced Package Tool, or APT, is a free-software user interface that works with core libraries to handle the installation and removal of software on Debian, and Debian-based Linux Distributions APT simplifies the process of managing software on Unix-like computer systems by automating the retrieval, configuration and installation of software packages, either from precompiled files or by compiling source code
Advanced_Packaging_Tool - Wikipedia, the free encyclopediaA Biometric lock is a lock that uses a person's physical attributes to authenticate them. It may also use non-physical attributes like voice recognition, however options like fingerprints, iris scans and facial recognition are more common in a security scenario.
A biometric device is a security identification and authentication device. Such devices use automated methods of verifying or recognising the identity of a living person based on a physiological or behavioral characteristic. These characteristics include fingerprints, facial images, iris and voice recognition.
Biometric_device - Wikipedia, the free encyclopediaAn employee is suspected of insider trading and using confidential company information to make trades in the stock market. Your employer has asked you to take possession of the employee's laptop and hold it until the government authorities pick it up. What should you do when transferring the device to the authorities?
Chain of Custody (CoC) is a document that tracks the custody of an object. Anytime the object is transferred, stored, or otherwise handled by someone it must be recorded in the chain of custody. The CoC will be used as evidence that the device was not tampered with. The CoC should be given to law enforcement officials along with the device.
Chain of custody (CoC), in legal contexts, is the chronological documentation or paper trail that records the sequence of custody, control, transfer, analysis, and disposition of materials, including physical or electronic evidence. Of particular importance in criminal cases, the concept is also applied in civil litigation and more broadly in drug testing of athletes and in supply chain management, e.g. to improve the traceability of food products, or to provide assurances that wood products originate from sustainably managed forests. It is often a tedious process that has been required for evidence to be shown legally in court. Now, however, with new portable technology that allows accurate laboratory quality results from the scene of the crime, the chain of custody is often much shorter which means evidence can be processed for court much faster. The term is also sometimes used in the fields of history, art history, and archives as a synonym for provenance (meaning the chronology of the ownership, custody or location of a historical object, document or group of documents), which may be an important factor in determining authenticity.
Chain_of_custody - Wikipedia, the free encyclopediaTrue or false: It is best practice to allow system administrators to have administrator privileges associated with their normal user account.
Best practices dictate that administrators should have a secondary account with administrator privileges, separate from their main user account. This leads to improved security due to maintaining separation of duties and minimizes damage done if user accounts are compromised.
Separation of duties (SoD), also known as segregation of duties is the concept of having more than one person required to complete a task. It is an administrative control used by organisations to prevent fraud, sabotage, theft, misuse of information, and other security compromises. In the political realm, it is known as the separation of powers, as can be seen in democracies where the government is separated into three independent branches: a legislature, an executive, and a judiciary.
Separation_of_duties - Wikipedia, the free encyclopediaYou are assisting a user in trying to find a file in their C:\Users folder. You see that some of the folders appear differently than the others, appearing to be faded in, rather than full color. What do these icons refer to?
Folders that are grey and "ghosted" are hidden folders. These typically hold back-end information or files that the user does not need to access.
In computing, a hidden folder (sometimes hidden directory) or hidden file is a folder or file which filesystem utilities do not display by default when showing a directory listing. They are commonly used for storing user preferences or preserving the state of a utility and are frequently created implicitly by using various utilities. They are not a security mechanism because access is not restricted – usually the intent is simply to not "clutter" the display of the contents of a directory listing with files the user did not directly create.
Hidden_file_and_hidden_directory - Wikipedia, the free encyclopediaYou are formatting a new USB drive to be used between several systems running different operating systems (Windows, OSX, Linux). What is the best format to use for the USB drive?
FAT32 is an older format that is supported on most systems, and is the best option provided. NTFS may cause issues between systems and OSs. HFS+ is the native OSX format and is not natively supported by some OSs (to include Windows). AES-128 is an encryption standard.
File Allocation Table (FAT) is a file system developed for personal computers and was the default filesystem for MS-DOS and Windows 9x operating systems. Originally developed in 1977 for use on floppy disks, it was adapted for use on hard disks and other devices. The increase in disk drives capacity required three major variants: FAT12, FAT16 and FAT32. FAT was replaced with NTFS as the default file system on Microsoft operating systems starting with Windows XP. Nevertheless, FAT continues to be used on flash and other solid-state memory cards and modules (including USB flash drives), many portable and embedded devices because of its compatibility and ease of implementation.
File_Allocation_Table - Wikipedia, the free encyclopediaFinder is the GUI based file and folder manager in Mac OSX. Nautilus is a file and folder management application in Linux. Explorer is for Windows.
The Finder is the default file manager and graphical user interface shell used on all Macintosh operating systems. Described in its "About" window as "The Macintosh Desktop Experience", it is responsible for the launching of other applications, and for the overall user management of files, disks, and network volumes. It was introduced with the first Macintosh computer, and also exists as part of GS/OS on the Apple IIGS. It was rewritten completely with the release of Mac OS X in 2001. In a tradition dating back to the Classic Mac OS of the 1980s and 1990s, the Finder icon is the smiling screen of a computer, known as the Happy Mac logo.
Finder_(software) - Wikipedia, the free encyclopediaYou have been asked to help investigate and ongoing security incident. Your manager has asked you to determine if there are any unknown or unexpected network connections on a public facing server that hosts the organization's website. After logging onto the Windows based machine, what command would you use to determine this?
Netstat
is a command line tool available on Windows operating systems that provides information about the current state of the machine's network, including any open TCP connections.
In computing, netstat (network statistics) is a command-line network utility that displays network connections for Transmission Control Protocol (both incoming and outgoing), routing tables, and a number of network interface (network interface controller or software-defined network interface) and network protocol statistics. It is available on Unix, Plan 9, Inferno, and Unix-like operating systems including macOS, Linux, Solaris and BSD. It is also available on IBM OS/2 and on Microsoft Windows NT-based operating systems including Windows XP, Windows Vista, Windows 7, Windows 8 and Windows 10. It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement. On Linux this program is mostly obsolete, although still included in many distributions. On Linux, netstat (part of "net-tools") is superseded by ss (part of iproute2). The replacement for netstat -r is ip route, the replacement for netstat -i is ip -s link, and the replacement for netstat -g is ip maddr, all of which are recommended instead.
Netstat - Wikipedia, the free encyclopediaA computer at work has become infected with malware. After several attempts to remove the malware using a professional anti-malware tool you find the malicious software is not fully removed. What should you do next?
The next logical step here is to restore the computer to a known-good backup. You can try to determine what backups are available compared to when the malware was first discovered. If no backups are available or no backups before the infection are available reformatting the PC is an acceptable last resort.
On Windows 10 what tool can be used to configure automate updates or roll back to a previous version?
You can configure and rollback updates in Windows 10 by opening Windows Settings and selecting Update & Security followed by Windows Updates
Looks like thats it! You can go back and review your answers or click the button below to grade your test.