Answer Description

FAT32 is an older format that is supported on most systems, and is the best option provided. NTFS may cause issues between systems and OSs. HFS+ is the native OSX format and is not natively supported by some OSs (to include Windows). AES-128 is an encryption standard.

Wikipedia

File Allocation Table (FAT) is a file system developed for personal computers and was the default filesystem for MS-DOS and Windows 9x operating systems. Originally developed in 1977 for use on floppy disks, it was adapted for use on hard disks and other devices. The increase in disk drives capacity required three major variants: FAT12, FAT16 and FAT32. FAT was replaced with NTFS as the default file system on Microsoft operating systems starting with Windows XP. Nevertheless, FAT continues to be used on flash and other solid-state memory cards and modules (including USB flash drives), many portable and embedded devices because of its compatibility and ease of implementation.

Answer Description

"sudo passwd bobsmith" will run the passwd utility as a super user and will prompt you to enter a new password for bobsmith. "chown" is used to change file ownership, the syntax provided is also incorrect. "su bobsmith" will allow you to run commands as bobsmith. The "pwd" command shows your Present Working Directory, it has nothing to do with passwords.

Wikipedia

passwd is a command on Unix, Plan 9, Inferno, and most Unix-like operating systems used to change a user's password. The password entered by the user is run through a key derivation function to create a hashed version of the new password, which is saved. Only the hashed version is stored; the entered password is not saved for security reasons. When the user logs on, the password entered by the user during the log on process is run through the same key derivation function and the resulting hashed version is compared with the saved version. If the hashes are identical, the entered password is considered to be correct, and the user is authenticated. In theory, it is possible for two different passwords to produce the same hash. However, cryptographic hash functions are designed in such a way that finding any password that produces the same hash is very difficult and practically infeasible, so if the produced hash matches the stored one, the user can be authenticated. The passwd command may be used to change passwords for local accounts, and on most systems, can also be used to change passwords managed in a distributed authentication mechanism such as NIS, Kerberos, or LDAP.

Answer Description

MSCONFIG allows you to safe boot or boot into Safe Mode. GRUB is a utility usually associated with booting into Linux systems. REGEDIT is used for editing the Windows registry. BIOS/UEFI is used for managing hardware configurations.

Wikipedia

MSConfig (officially called System Configuration in Windows Vista, Windows 7, Windows 8, Windows 10, or Windows 11 and Microsoft System Configuration Utility in previous operating systems) is a system utility to troubleshoot the Microsoft Windows startup process. It can disable or re-enable software, device drivers and Windows services that run at startup, or change boot parameters. It is bundled with all versions of Microsoft Windows operating systems since Windows 98 except Windows 2000. Windows 95 and Windows 2000 users can download the utility as well, although it was not designed for them.

Answer Description

This is a clear violation of the principle of least privilege, and it would likely drive the IT department mad. ACLs do not have anything to do with account creation/deletion. Privacy filters are a physical security mechanism that prevent folks from watching your screen, this it does not apply to this situation. Tailgating is when someone follows an authorized individual into a controlled area, also not applicable here.

Wikipedia

In information security, computer science, and other fields, the principle of least privilege (PoLP), also known as the principle of minimal privilege (PoMP) or the principle of least authority (PoLA), requires that in a particular abstraction layer of a computing environment, every module (such as a process, a user, or a program, depending on the subject) must be able to access only the information and resources that are necessary for its legitimate purpose.

Answer Description

SERVICES.MSC is where you change the startup configurations for services in Windows. DXDIAG is a tool for troubleshooting DirectX sound/video issues. Port 3389 is the port for RDP, but the port being blocked was not the issue. Adding the RDP gateway to an adapter is a made up answer.

Wikipedia

Remote Desktop Services (RDS), known as Terminal Services in Windows Server 2008 and earlier, is one of the components of Microsoft Windows that allow a user to initiate and control an interactive session on a remote computer or virtual machine over a network connection. RDS was first released in 1998 as Terminal Server in Windows NT 4.0 Terminal Server Edition, a stand-alone edition of Windows NT 4.0 Server that allowed users to log in remotely. Starting with Windows 2000, it was integrated under the name of Terminal Services as an optional component in the server editions of the Windows NT family of operating systems, receiving updates and improvements with each version of Windows. Terminal Services were then renamed to Remote Desktop Services with Windows Server 2008 R2 in 2009. RDS is Microsoft's implementation of thin client architecture, where Windows software, and the entire desktop of the computer running RDS, are made accessible to any remote client machine that supports Remote Desktop Protocol (RDP). User interfaces are displayed from the server onto the client system and input from the client system is transmitted to the server - where software execution takes place. This is in contrast to application streaming systems, like Microsoft App-V, in which computer programs are streamed to the client on-demand and executed on the client machine. RemoteFX was added to RDS as part of Windows Server 2008 R2 Service Pack 1.

Answer Description

Mike's computer likely needs to be joined to the domain, as it is network running AD and the features would be enabled/supported through AD. Workgroups do not usually share the features that Mike is looking for, and since it is an AD network this is likely not a correct answer. This is not likely against the company's BYOD policy as Sarah is doing the same thing, but it is best to know what your company's policies are. Windows Update is for updating the OS/Software, not adding the features Mike is looking for.

Wikipedia

Active Directory (AD) is a directory service developed by Microsoft for Windows domain networks. Windows Server operating systems include it as a set of processes and services. Originally, only centralized domain management used Active Directory. However, it ultimately became an umbrella title for various directory-based identity-related services.A domain controller is a server running the Active Directory Domain Service (AD DS) role. It authenticates and authorizes all users and computers in a Windows domain-type network, assigning and enforcing security policies for all computers and installing or updating software. For example, when a user logs into a computer part of a Windows domain, Active Directory checks the submitted username and password and determines whether the user is a system administrator or a non-admin user. Furthermore, it allows the management and storage of information, provides authentication and authorization mechanisms, and establishes a framework to deploy other related services: Certificate Services, Active Directory Federation Services, Lightweight Directory Services, and Rights Management Services.Active Directory uses Lightweight Directory Access Protocol (LDAP) versions 2 and 3, Microsoft's version of Kerberos, and DNS.Robert R. King defined it in the following way:"A domain represents a database. That database holds records about network services-things like computers, users, groups and other things that use, support, or exist on a network. The domain database is, in effect, Active Directory."

Answer Description

Preboot Execution Environment (PXE) is an industry standard protocol that allows a computer to boot an operating system from a network server. It is typically used to configure new PC's, often in bulk.

Wikipedia

In computing, the Preboot eXecution Environment, PXE (most often pronounced as pixie, often called PXE Boot/pixie boot.) specification describes a standardized client–server environment that boots a software assembly, retrieved from a network, on PXE-enabled clients. On the client side it requires only a PXE-capable network interface controller (NIC), and uses a small set of industry-standard network protocols such as DHCP and TFTP. The concept behind the PXE originated in the early days of protocols like BOOTP/DHCP/TFTP, and as of 2015 it forms part of the Unified Extensible Firmware Interface (UEFI) standard. In modern data centers, PXE is the most frequent choice for operating system booting, installation and deployment.

Answer Description

"gpupdate" will pull all of the group policy settings from the Domain Controller, which can set uniform legal banners, backgrounds, and security settings for all of the company's systems. "regedit" is for editing the registry, while you can set these options through the registry it would be very tedious and not recommended. "msconfig" is a tool for editing startup, boot, and service options; it is not appropriate for this problem. "chkdsk" is for checking disk/file system integrity.

Wikipedia

Group Policy is a feature of the Microsoft Windows NT family of operating systems (including Windows 7, Windows 8.1, Windows 10, Windows 11, and Windows Server 2003+) that controls the working environment of user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment. A set of Group Policy configurations is called a Group Policy Object (GPO). A version of Group Policy called Local Group Policy (LGPO or LocalGPO) allows Group Policy Object management without Active Directory on standalone computers.Active Directory servers disseminate group policies by listing them in their LDAP directory under objects of class groupPolicyContainer. These refer to fileserver paths (attribute gPCFileSysPath) that store the actual group policy objects, typically in an SMB share \\domain.com\SYSVOL shared by the Active Directory server. If a group policy has registry settings, the associated file share will have a file registry.pol with the registry settings that the client needs to apply.The Policy Editor (gpedit.msc) is not provided on Home versions of Windows XP/Vista/7/8/8.1/10/11.

Answer Description

Running cmd.exe as an admin will give you the elevated privileges to view another user's folder in most instances. "chkdisk" is for checking file system integrity and does not directly deal with file permissions. "chmod" is a Linux tool and will not work on Windows systems. "dir" is used to display the contents of a directory, not change the working directory.

Wikipedia

User Account Control (UAC) is a mandatory access control enforcement feature introduced with Microsoft's Windows Vista and Windows Server 2008 operating systems, with a more relaxed version also present in Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10, and Windows 11. It aims to improve the security of Microsoft Windows by limiting application software to standard user privileges until an administrator authorises an increase or elevation. In this way, only applications trusted by the user may receive administrative privileges and malware are kept from compromising the operating system. In other words, a user account may have administrator privileges assigned to it, but applications that the user runs do not inherit those privileges unless they are approved beforehand or the user explicitly authorises it. UAC uses Mandatory Integrity Control to isolate running processes with different privileges. To reduce the possibility of lower-privilege applications communicating with higher-privilege ones, another new technology, User Interface Privilege Isolation, is used in conjunction with User Account Control to isolate these processes from each other. One prominent use of this is Internet Explorer 7's "Protected Mode".Operating systems on mainframes and on servers have differentiated between superusers and userland for decades. This had an obvious security component, but also an administrative component, in that it prevented users from accidentally changing system settings. Early Microsoft home operating-systems (such as MS-DOS, Windows 95-98 and Windows Me) did not have a concept of different user-accounts on the same machine. Subsequent versions of

Answer Description

Only a domain will give you a centralized, controlled network and allow for file servers, print servers, and network shares. These are possible in a workgroup, but will not provide the network control that a business would require.

Wikipedia

A computer network is a set of computers sharing resources located on or provided by network nodes. Computers use common communication protocols over digital interconnections to communicate with each other. These interconnections are made up of telecommunication network technologies based on physically wired, optical, and wireless radio-frequency methods that may be arranged in a variety of network topologies. The nodes of a computer network can include personal computers, servers, networking hardware, or other specialized or general-purpose hosts. They are identified by network addresses and may have hostnames. Hostnames serve as memorable labels for the nodes and are rarely changed after initial assignment. Network addresses serve for locating and identifying the nodes by communication protocols such as the Internet Protocol. Computer networks may be classified by many criteria, including the transmission medium used to carry signals, bandwidth, communications protocols to organize network traffic, the network size, the topology, traffic control mechanisms, and organizational intent.Computer networks support many applications and services, such as access to the World Wide Web, digital video and audio, shared use of application and storage servers, printers and fax machines, and use of email and instant messaging applications.

Answer Description

Safe Mode will HOPEFULLY allow you to get into the OS, this is the only answer that allows you to access the INSTALLED OS. Booting from a live CD/USB will load an OS that will likely work, but it will not be the one that is installed. There is no such thing as DEFRAG mode booting, and DEFRAG is used to optimize a file system/storage device. The OS is found but it is running into problems as it loads - checking boot priorities will not solve this.

Wikipedia

Safe mode is a diagnostic mode of a computer operating system (OS). It can also refer to a mode of operation by application software. Safe mode is intended to help fix most, if not all, problems within an operating system. It is also widely used for removing rogue security software.

Answer Description

Encryption is not a physical security measure. Anything regarding access control such as a cypher lock is considered physical security. Video cameras/surveillance are also physical security features, as is controlling access with something you have such as a smart card.

Wikipedia

Physical security describes security measures that are designed to deny unauthorized access to facilities, equipment and resources and to protect personnel and property from damage or harm (such as espionage, theft, or terrorist attacks) Physical security involves the use of multiple layers of interdependent systems that can include CCTV surveillance, security guards, protective barriers, locks, access control, perimeter intrusion detection, deterrent systems, fire protection, and other systems designed to protect persons and property

Answer Description

No-eXecute (NX) bit is a technology featured in most modern processors that allows the CPU to segregate memory for use by a single application. The memory cannot be accessed by another application which helps to protect memory against malicious software.

Wikipedia

The NX bit (no-execute) is a technology used in CPUs to segregate areas of a virtual address space for use by either storage of processor instructions or for storage of data. An operating system with support for the NX bit may mark certain areas of an address space as non-executable. The processor will then refuse to execute any code residing in these areas of the address space. The general technique, known as executable space protection, also called Write XOR Execute, is used to prevent certain types of malicious software from taking over computers by inserting their code into another program's data storage area and running their own code from within this section; one class of such attacks is known as the buffer overflow attack. The term NX bit originated with Advanced Micro Devices (AMD), as a marketing term. Intel markets the feature as the XD bit (execute disable). The MIPS architecture refers to the feature as XI bit (execute inhibit). The ARM architecture refers to the feature, which was introduced in ARMv6, as XN (execute never). The term NX bit itself is sometimes used to describe similar technologies in other processors.

Answer Description

Notifying Law Enforcement (LE) is the safe thing to do, then do not touch anything else on the machine. Making a copy of the drive could disturb forensic artifacts and metadata that would be useful to LE. Alerting management is a big risk, you don't know who the computer belongs to and if they may not report it. Powering the machine off is a big no-no, especially if the system already had problems starting or if encryption is involved.

Answer Description

Of the options, only Scheduled Backups will prevent data loss after corruption or drive failure.

Wikipedia

In information technology, a backup, or data backup is a copy of computer data taken and stored elsewhere so that it may be used to restore the original after a data loss event. The verb form, referring to the process of doing so, is "back up", whereas the noun and adjective form is "backup". Backups can be used to recover data after its loss from data deletion or corruption, or to recover data from an earlier time.  Backups provide a simple form of disaster recovery; however not all backup systems are able to reconstitute a computer system or other complex configuration such as a computer cluster, active directory server, or database server.A backup system contains at least one copy of all data considered worth saving. The data storage requirements can be large. An information repository model may be used to provide structure to this storage. There are different types of data storage devices used for copying backups of data that is already in secondary storage onto archive files. There are also different ways these devices can be arranged to provide geographic dispersion, data security, and portability. Data is selected, extracted, and manipulated for storage. The process can include methods for dealing with live data, including open files, as well as compression, encryption, and de-duplication. Additional techniques apply to enterprise client-server backup. Backup schemes may include dry runs that validate the reliability of the data being backed up. There are limitations and human factors involved in any backup scheme.

Answer Description

BYOD (Bring your own device) is the correct answer. MITM is a type of attack. Embedded systems are systems that serve a specific purpose and are part of a larger system, thus this is not correct. iCloud is a storage/synchronization service offered by Apple.

Wikipedia

Bring your own device (BYOD )—also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own personal computer (BYOPC)—refers to being allowed to use one's personally owned device, rather than being required to use an officially provided device. There are two major contexts in which this term is used. One is in the mobile phone industry, where it refers to carriers allowing customers to activate their existing phone (or other cellular device) on the network, rather than being forced to buy a new device from the carrier.The other, and the main focus of this article, is in the workplace, where it refers to a policy of permitting employees to bring personally owned devices (laptops, tablets, smartphones, etc.) to work, and to use those devices to access privileged company information and applications. This phenomenon is commonly referred to as IT consumerization.BYOD is making significant inroads in the business world, with about 75% of employees in high-growth markets such as Brazil and Russia and 44% in developed markets already using their own technology at work. Surveys have indicated that businesses are unable to stop employees from bringing personal devices into the workplace. Research is divided on benefits. One survey shows around 95% of employees stating they use at least one personal device for work.

Answer Description

Configuring MAC Filtering will only allow approved MAC Addresses to connect to the router. In addition, proper encryption and security settings should be verified.

Wikipedia

In computer networking, MAC address filtering is a security access control method whereby the MAC address assigned to each network interface controller is used to determine access to the network. MAC addresses are uniquely assigned to each card, so using MAC filtering on a network permits and denies network access to specific devices through the use of blacklists and whitelists. While the restriction of network access through the use of lists is straightforward, an individual person is not identified by a MAC address, rather a device only, so an authorized person will need to have a whitelist entry for each device that they would like to access the network. While giving a network some additional protection, MAC filtering can be circumvented by using a packet analyzer to find a valid MAC and then using MAC spoofing to access the network using that address. MAC address filtering can be considered as security through obscurity because the effectiveness is based on "the secrecy of the implementation or its components".

Answer Description

PaaS provide high level services like web and database servers without allowing access to the underlying operating system (Azure and Amazon web services are two examples of this). SaaS provides a software or application that is shared among all users (no dedicated server for your company, think Google Docs or Office 365). IaaS provides lower level services such as networking and a hypervisor, the OS would need to be installed and built up. (Azure, Amazon and many other providers exist for IaaS). iCloud is proprietary to Apple and is more of a filesharing/synchronization service.

Wikipedia

Platform as a service (PaaS) or application platform as a service (aPaaS) or platform-based service is a category of cloud computing services that allows customers to provision, instantiate, run, and manage a modular bundle comprising a computing platform and one or more applications, without the complexity of building and maintaining the infrastructure typically associated with developing and launching the application(s), and to allow developers to create, develop, and package such software bundles.

Answer Description

Zero-day exploits (ZDE) are very difficult to defend against since they exploit unpatched vulnerabilities. Firewalls (port blocking, and ACLs) do not typically rely on vulnerability patching to enhance security posture, thus it is the correct answer. Windows Update will not necessarily help against ZDEs as patches are not available yet. Anti-virus (AV) also suffers from solutions not being available, though AV vendors may push out patches quicker than OS vendors. Advanced attackers also work to avoid AV. BIOS/UEFI passwords do not really impact ZDEs.

Wikipedia

A zero-day (also known as a 0-day) is a computer-software vulnerability previously unknown to those who should be interested in its mitigation, like the vendor of the target software. Until the vulnerability is mitigated, hackers can exploit it to adversely affect programs, data, additional computers or a network. An exploit taking advantage of a zero-day is called a zero-day exploit, or zero-day attack. The term "zero-day" originally referred to the number of days since a new piece of software was released to the public, so "zero-day software" was obtained by hacking into a developer's computer before release. Eventually the term was applied to the vulnerabilities that allowed this hacking, and to the number of days that the vendor has had to fix them. Once the vendors learn of the vulnerability, they will usually create patches or advise workarounds to mitigate it. The more recently that the vendor has become aware of the vulnerability, the more likely it is that no fix or mitigation has been developed. Once a fix is developed, the chance of the exploit succeeding decreases as more users apply the fix over time. For zero-day exploits, unless the vulnerability is inadvertently fixed, such as by an unrelated update that happens to fix the vulnerability, the probability that a user has applied a vendor-supplied patch that fixes the problem is zero, so the exploit would remain available. Zero-day attacks are a severe threat.

Answer Description

Partitioning is the act of logically separating a single physical disk. Allowing an Operating System to perceive a hard drive as multiple hard drives.

Wikipedia

Disk partitioning or disk slicing is the creation of one or more regions on secondary storage, so that each region can be managed separately. These regions are called partitions. It is typically the first step of preparing a newly installed disk, before any file system is created. The disk stores the information about the partitions' locations and sizes in an area known as the partition table that the operating system reads before any other part of the disk. Each partition then appears to the operating system as a distinct "logical" disk that uses part of the actual disk. System administrators use a program called a partition editor to create, resize, delete, and manipulate the partitions. Partitioning allows the use of different filesystems to be installed for different kinds of files. Separating user data from system data can prevent the system partition from becoming full and rendering the system unusable. Partitioning can also make backing up easier. A disadvantage is that it can be difficult to properly size partitions, resulting in having one partition with too much free space and another nearly totally allocated.