CompTIA Server+ Practice Test (SK0-005)

The correct choice explains that $serviceState is a variable used to store the value of the Status property (such as "Running" or "Stopped") from the ServiceController object returned by Get-Service for the wuauserv service. The parentheses ensure that the Get-Service command runs first, then its Status property is accessed and the resulting value is assigned to the variable.

The other answers are incorrect for these reasons:

• Selecting an entire object or multiple properties without expansion would return a ServiceController object-or a collection if multiple objects were targeted-not a single property value.
• A command alias is a symbolic shortcut (for example, gsv for Get-Service) and never begins with $.
• Environment variables require the env: drive prefix (for example, $Env:PATH). Variables that begin with $ alone are ordinary PowerShell variables that reside in the current scope unless an explicit scope modifier ($script:, $global:) is used.

The correct answer is SC (Subscriber Connector). This connector is characterized by its square-shaped body and a simple push-pull locking mechanism, which directly matches the physical description provided in the scenario. LC (Lucent Connector) connectors are smaller, more rectangular, and feature a retaining latch. ST (Straight Tip) connectors are round and use a bayonet-style twist-lock mechanism. MPO (Multi-fiber Push On) connectors are rectangular and much larger, as they terminate multiple fibers in a single connector for high-density backbone connections.

The correct answer is the server hosting the CRM database with PII. Data value prioritization requires evaluating the business impact if data is compromised. Data containing PII has the highest value and represents the greatest risk due to severe regulatory fines (e.g., GDPR, CCPA), legal liability, and significant reputational damage from a breach. Therefore, it must be the top priority for advanced security controls. The development server contains test data, the internal file server has a lower operational impact, and the public web server contains data that is already public. While the availability of these other systems is important, the data they contain is of significantly lower value and risk compared to customer PII.

The virsh utility is the native command-line interface for libvirt on a KVM host. It connects to the local or a remote libvirt daemon so that administrators-or automation tools-can issue VM lifecycle commands entirely from a shell script, making it ideal for headless servers managed over SSH. virt-manager needs a local X-based desktop session; Hyper-V Manager runs only on Windows and manages Hyper-V hosts; VMware's Direct Console User Interface appears on an ESXi server's physical console and is intended for local manual use, not scripted automation.

PowerShell supports multi-line (block) comments that begin with the characters "<#" and end with the characters "#>". Any text between those two markers is ignored by the interpreter, regardless of how many lines it spans. Replacing the incorrect "/" terminator with "#>" creates a properly formed <# … #> block comment and allows the script to run. The other delimiters shown are used in other languages ("/" in C-style languages, "//" for single-line comments in C/C++, "--" in SQL) and will still generate a syntax error in PowerShell.

The correct answer is that the server's data volume has insufficient disk space. A full disk volume explains all the reported symptoms. Database backups will fail if there is no space to write the backup file. A database service may crash if it cannot write to its logs or temporary files, and it will fail to restart for the same reason. An attempt to open a log file could also fail if the operating system or text editor needs to create a temporary file to display the content but cannot due to lack of space. The combination of failing backups, a crashing service, and the inability to perform a simple file operation strongly points to a lack of storage space on the critical volume.

In a DNS zone file, a name that ends with a trailing dot is treated as an absolute (fully qualified) domain name. The dot represents the root of the DNS hierarchy, so BIND will not append the current $ORIGIN. "app05.finance.example.com." therefore resolves exactly as written. If the dot were omitted, BIND would treat the name as relative and append finance.example.com again, producing an invalid duplicate. The shorter labels lack the parent domain and are not fully qualified.

The client-diagnostics action Collect Client Logs instructs the selected SCCM client to compress all of its CCM log files (up to 100 MB) and upload them to the management point, where they can be opened from Resource Explorer on the site server. This provides immediate access to the logs needed for troubleshooting without requiring interactive login.

• Enable verbose logging only changes the detail level of future log entries and does not retrieve existing logs.
• Evaluate software update deployments launches a compliance scan but does not copy log files to the site server.
• Download computer policy forces a policy refresh; again, no log files are transferred.

Therefore, Collect Client Logs is the correct action.

Block-level replication runs every 30 minutes, so the most recent off-site copy was created at 14:00-only 15 minutes before the failure. Losing 15 minutes of work is well inside the 2-hour RPO, so the objective is met. Relying on the 12:00 snapshot would have lost more than two hours of data, and the 2-hour target applies to data-loss tolerance, not the time it takes to restore service (which is covered by the RTO).

Transparent Data Encryption works at the storage layer of SQL Server, encrypting database and log files that reside on disk; therefore, it addresses the data-at-rest paradigm. IPsec's Encapsulating Security Payload encrypts IP packets while they traverse the network, protecting confidentiality as the data moves between sites, so it falls under the data-in-transit paradigm. The other options either reverse the paradigms or claim both controls protect only one state of data, which is inaccurate.

In a signature-based model, the vendor signs the license data with its private key. When the application starts, it uses the vendor's public key to validate the digital signature inside the file. Any modification to the expiry date, feature list, or seat count changes the file's hash, causing signature verification to fail and the software to refuse to run. Node-locked licensing binds a license to specific hardware but does not necessarily protect the file from editing. Per-core licensing is simply a counting metric, and concurrent (floating) licensing relies on a network license server rather than local cryptographic validation. Therefore, signature-based licensing is the only option that meets the vendor's requirement for local, tamper-evident enforcement.

RAID 10 (striped mirrors) has no parity overhead, so write I/O is limited only by the spindle count and controller cache; it still tolerates one disk failure per mirrored pair. RAID 50, RAID 6, and other parity-based levels must read old parity, recalculate it, and write new parity on every write, introducing significant latency-exactly the behaviour now seen on the controller. Simply changing stripe size or enabling read-ahead does not remove the parity penalty, and RAID 6 adds even more write overhead. Re-creating the volume as RAID 10 therefore resolves the performance issue while maintaining redundancy.

The correct answer is Bridged networking. In bridged mode, the virtual machine's network adapter connects directly to the physical network through the host's physical adapter. This makes the VM appear as a distinct physical device on the network, allowing it to get its own IP address from the LAN's DHCP server or be assigned a static IP within the same subnet. This configuration fulfills the requirement for the VM to be directly accessible by other clients and servers on the corporate LAN.

• NAT (Network Address Translation) is incorrect because it creates a private network for the VM and uses the host's IP address for communication with the external network. Other devices on the LAN cannot directly access services on the VM without special configuration like port forwarding.
• Host-only networking is incorrect as it creates an isolated network that only allows communication between the VM and the host computer. It does not provide connectivity to the corporate LAN.
• Private networking is also incorrect because it creates a virtual network that is isolated to only the VMs running on the host, without connectivity to the host machine or the external physical network.

Before any retired server is reused, every internal storage device must be sanitized (or replaced) so no reconstructable remnants of production data remain. NIST SP 800-88 identifies sanitization as mandatory whenever media leave their original security boundary-even for internal transfer or reuse-because residual data can be recovered with forensic tools. Overwriting, cryptographic erase, or drive replacement eliminates that risk and enables the hardware to be safely redeployed. The other actions (swapping power supplies, removing VLAN tags, or updating asset and CMDB records) may be useful later, but they do not mitigate the immediate data-exposure threat that exists as soon as the server is repowered.

The correct answer is shredding. Shredding uses specialized equipment to cut the hard drives, including the platters, into small, irregular fragments. This process directly meets the policy requirement of reducing the media to fragments, making it virtually impossible to reassemble the platters or recover data. Degaussing is incorrect because it is a magnetic sanitization method that erases data but does not physically destroy or fragment the drive. Drilling is a physical destruction method, but it only creates holes in the platters, leaving large sections of the magnetic surface intact and potentially recoverable. Wiping is a software-based data sanitization method that overwrites data and does not physically alter the drive at all.

The correct answer is a bootstrap script. Bootstrapping is the process of using a script to automate the initial configuration of a server when it is first launched. This is a common practice in cloud and virtualized environments to ensure new instances are brought to a desired, consistent state without manual intervention. The script typically handles tasks like installing software, applying security configurations, and registering the server with management systems.

A login script runs when a user logs into a system and is used to configure the user's environment, not the initial state of the server itself. A scheduled task is a script or program configured to run at predetermined times or intervals for ongoing maintenance, not for a one-time initial setup. A failover script is used in a high-availability environment to switch operations to a redundant or standby system in the event of a primary system failure, which is a different purpose from initial server configuration.

Shutdown scripts configured through Local or Domain Group Policy (Computer Configuration > Windows Settings > Scripts - Shutdown) are processed automatically whenever the operating system enters the shutdown phase. Windows executes these scripts in the Local System context, providing the elevated rights needed to stop services, install updates, and restart services without additional credentials. Once linked, no further scheduling or profile changes are required.

A Scheduled Task tied to User Logoff does not fire during a system shutdown that occurs with no interactive user session and therefore would be unreliable. PowerShell profile files run only when the specified user launches a PowerShell session, not during an unattended shutdown. Placing a script in the common Startup folder causes it to execute after boot, not during shutdown, and offers no guarantee of Local System privileges. Hence, the Group Policy shutdown-script mechanism is the most suitable solution.

VBScript honors the statement "Option Explicit" when it appears before any other code in the file. With this directive enabled, every variable must be declared with Dim, ReDim, or another declaration statement; an undeclared or misspelled identifier causes a compilation error, preventing the silent creation of a Variant. "Option Strict" is a .NET-only directive that VBScript does not recognize, and the phrases "Dim All" and "Use Strict Variable" are not valid VBScript syntax, so they have no effect on variable declaration checking.

The correct answer is a rootkit. A rootkit is a type of malicious software designed to gain privileged access to a computer while actively hiding its presence. It often modifies core operating system components or the kernel to conceal its processes, files, and network activity from standard monitoring tools like netstat or Task Manager. This aligns perfectly with the scenario where resource utilization is high, but the responsible processes are not visible to the administrator.

• A polymorphic virus is incorrect because while it changes its code to evade signature-based antivirus detection, it does not inherently hide its active processes or network connections from OS-level monitoring tools.
• Ransomware's primary goal is to encrypt files and demand a payment, a very overt and noticeable action, rather than hiding its own resource consumption.
• Adware is focused on displaying unwanted advertisements and is typically a nuisance on client machines, not a stealthy, resource-intensive threat on servers.

The described schedule creates three successive generations of media:

• Daily copies (sons) that are reused the following week.
• Weekly copies (fathers) that are retained for several weeks.
• Monthly and yearly copies (grandfathers) that are archived long-term.
  This hierarchy of daily, weekly, monthly, and annual full backups is the hallmark of the Grandfather-Father-Son (GFS) rotation scheme.
  Tower of Hanoi also reuses tapes but follows a power-of-two interval pattern rather than fixed daily/weekly/monthly sets. First-in/first-out simply overwrites the oldest tape in a fixed pool and lacks long-term archival copies. Reverse incremental is a backup file chaining method, not a tape rotation schedule. Therefore, Grandfather-Father-Son is the only option that matches the scenario.