Exam-1

1. What type of threat actor is most likely to be primarily motivated by money?

 Unskilled attackers
 Insider threat
 Hacktivist
 Organized crime

Organized crime organizations are threat actors that are composed of groups or networks of criminals and are
motivated primarily by financial gain. Organized crime can launch coordinated and profitable attacks against
businesses, governments, or individuals. A hacktivist is a threat actor that is motivated by philosophical or political
beliefs and often targets organizations or governments that they disagree with. Hacktivists are not motivated by
financial gain but rather by social or political change. An insider threat is a threat actor that has legitimate access
to an organization’s network, systems, or data and is motivated by revenge, greed, or ideology. Insider threats are
not composed of groups or networks but rather of individuals within an organization. An unskilled attackers are
threat actors that have little or no technical skills and are motivated by curiosity, boredom, or personal gain.
Unskilled attackers are not composed of groups or networks but rather of individuals with low resources and
capabilities.

2. What term refers to a formal examination of an organization's procedures, controls, and

operations, ensuring they comply with established guidelines, standards, or regulations?
 Risk assessment
 OSINT
 System/process audit
 Penetration testing

A system/process audit is a thorough review of an organization's operations, ensuring adherence to specific

standards and identifying potential areas for improvement. OSINT leverages publicly available data sources to
gather intelligence on targets, providing valuable insights without breaching any laws. Penetration testing is a
simulated cyberattack against a system to check for exploitable vulnerabilities, often involving a combination of
tools and manual techniques. A risk assessment involves identifying, evaluating, and analyzing risks to an
organization’s assets and operations with the aim of implementing measures to control and mitigate those risks.
While risk assessments are crucial for understanding and mitigating potential risks and vulnerabilities within an
organization, they do not specifically focus on ensuring that procedures, controls, and operations comply with
established guidelines, standards, or regulations.

3. Which of the following statements BEST explains the importance of training employees
about the incident response process?
 Training ensures that incident response team members are adequately compensated
for their efforts during an incident
 Training ensures that incident response team members quickly react to an
incident
 Training helps identify and classify incidents and determine their impact to the
organization
 Training makes it easier to prevent social engineering attacks so incidents
never occur

Training is crucial in the incident response process because it ensures that incident response team members are
knowledgeable and well-prepared to handle security incidents effectively and efficiently. Training equips them with
the necessary skills, knowledge, and best practices to recognize, contain, eradicate, and recover from incidents.
While compensating incident response team members appropriately is essential for their dedication and efforts, it is
not the primary purpose of training. Training focuses on building skills and knowledge to respond effectively to
incidents. Identifying and classifying incidents based on their severity and impact is part of the incident response
process, but it is not directly related to the importance of training. Training to avoid social engineering is a good
idea and may reduce incidents, but it is only one type of incident that may occur. Training ensures that the response
team knows what to do if an event occurs.

4. In regards to automation and orchestration, which of the following terms accurately

captures the challenges faced when dealing with a system characterized by its intricate
web of interconnected components and varied functionalities, potentially hindering
seamless integration, effortless management, and straightforward comprehension?
 Technical debt
 Complexity
 Cost
 Ongoing supportability

Complexity refers to the degree of intricacy in a system or process. In automation and orchestration, high
complexity can lead to challenges in maintenance, understanding, and implementation. While high complexity can
lead to increased costs, the term 'cost' encompasses a broader range of financial considerations, not just those
associated with intricate systems. While technical debt can be a consequence of complexity, it more specifically
refers to the implied cost of additional rework caused by choosing a quicker yet less optimal solution. Ongoing
supportability relates to the ease with which a system can be maintained and supported over time, but it doesn't
specifically address the intricacy or convolution of a system.

5. A power plant happens to utilize a specialized system to manage and monitor its daily
operations which includes centralized control over its machinery and sensory feedback.
Which of the following security concerns is most often associated with these types of
systems?
 Optimization for containerized deployments
 Your answer is correct
 Limited security update capabilities
 Runtime efficiency constraints
 Constrained memory use

SCADA systems such as this are often engineered for specific tasks and might not receive regular security updates,
making them susceptible to vulnerabilities over time. SCADA systems are not typically deployed in containers; thus,
this isn't a relevant security implication. Memory constraints are more pertinent to embedded or real-time systems,
not inherently a SCADA security concern. While important for real-time systems, runtime efficiency is not a primary
security concern for SCADA systems.

6. What is the purpose of a risk register in the risk management process?

 To provide a detailed analysis of risk impact on business operations
 To determine the risk tolerance level of an organization
 To list all identified risks and their potential impacts
 To assign probability values to identified risks

A risk register is a comprehensive document that lists all identified risks, their potential impacts, and other relevant
information related to each risk. The risk register may not directly determine the risk tolerance level of an
organization, but it provides crucial information to help decision-makers understand the risks and their potential
impacts, which can contribute to determining risk tolerance. While the risk register includes information about the
potential impacts of identified risks, it may not provide a detailed analysis of the impact on business operations.
Instead, it acts as a repository of risk-related data. While probability values can be included in the risk register,
their primary purpose is to list and track identified risks rather than assigning probability values.

7. Which of the following statements BEST explains the importance of guard rails in
automation and orchestration?
 They provide boundaries to ensure automated processes operate safely
 They slow down automation to ensure manual checks at every step
 They replace the need for any manual oversight in processes
 They convert all manual processes to automated ones

Guardrails ensure that automated processes work within set parameters to prevent unintended outcomes or
potential damage. Guardrails don't necessarily slow down processes; they provide safety mechanisms to ensure
processes run correctly. Guardrails are about safety in automation, not about converting manual processes to
automated ones. While guardrails help in safe automation, manual oversight, especially in complex systems,
remains essential.

8. When evaluating a new security tool for automation and orchestration in the
organization's infrastructure, which factor primarily addresses the potential financial
impact over the tool's lifecycle?
 ROI
 TCO
 CAPEX
 Operational Efficiency

The TCO (Total Cost of Ownership) not only includes the initial purchase price of the tool but also the ongoing
expenses related to maintenance, updates, and other associated costs over its lifecycle. Operational efficiency refers
to the effectiveness and productivity of operations but doesn't directly address the financial impact of a tool over its
lifecycle. CAPEX (Capital Expenditure) pertains to the initial costs to purchase the asset or tool, not the ongoing or
total costs throughout its lifecycle. While ROI (Return on Investment) evaluates the profitability or benefit of a
particular investment, it doesn't primarily focus on the entire financial impact over a tool's lifecycle.

9. The cybersecurity team at Pfeiffer Company is planning to conduct a security

assessment on a vendor's systems and networks to ensure compliance with their
security standards. This will include penetration testing. To help ensure the penetration
testing will run smoothly, which of the following must be set up before the penetration
testing begins?
 Rules of engagement
 Non-disclosure agreement
 Memorandum of understanding
 Service-level agreement

Rules of engagement are a set of guidelines outlining the scope, limitations, and rules for conducting a specific
security assessment, such as the assessment of the vendor's systems and networks. Setting the rules of engagement
helps ensure that the penetration testing will go smoothly and not have to be interrupted because the testers or the
vendors didn't understand what was going to take place. A Non-disclosure agreement (NDA) is a legal contract that
ensures the protection of sensitive information and maintains confidentiality between the organization and the
vendor. A vendor may request an NDA be prepared and signed, before penetration testing begins, however, it is not
always the case. A Memorandum of understanding (MOU) is a formal agreement between two or more parties
outlining their mutual understanding and cooperation on specific projects or initiatives. It isn't part of the required
materials for a penetration test of a vendor's systems. A Service-level agreement (SLA) is a formal contract that
defines the expected level of service between the organization and the vendor. It isn't part of the required materials
for a penetration test of a vendor's systems.

10. At Dion Training, Jamario observed that the web server configurations permitted the use
of the outdated SSL 3.0 encryption protocol. Aware of the inherent vulnerabilities tied to
SSL 3.0, he recognized the risk of attackers forcing weaker encryption standards. With
these concerns in mind, he planned to discuss the matter in the next security meeting.
Which potential risk is associated with Jamario's observation at Dion Training?
 Replay attack
 On-path attack
 Cryptographic downgrade attack
 Brute force attack

In a cryptographic downgrade attack, an adversary forces the communication between two parties to use a less
secure protocol or cipher suite, which is easier to compromise. In this case, by allowing SSL 3.0, an older and
flawed protocol, the web server can be manipulated by an attacker to use this outdated protocol, making the data
transmission less secure. Brute force attacks involve trying many different passwords or encryption keys until the
correct one is found. It doesn't specifically focus on exploiting vulnerabilities in encryption protocols. An on-path
attack involves an attacker secretly intercepting and possibly altering the communication between two parties.
While related, it doesn't specifically focus on downgrading encryption protocols. A replay attack involves capturing
valid data transmission and then fraudulently repeating or delaying it. This doesn't concern the strength or type of
encryption protocol being used.

11. Kelly Innovations LLC is seeking a solution to encrypt a virtual disk drive that contains
archived financial data without encrypting the entire physical disk. Which encryption
level would be BEST for this requirement?
 Volume encryption
 Database encryption
 Full-disk encryption
 File-level encryption

Volume encryption, like VeraCrypt, allows for the encryption of a specific volume or virtual drive. This means Kelly
Innovations can encrypt just the virtual disk drive without affecting the entire physical disk. Full-disk encryption
encrypts the entire physical drive, which might not be required if only a specific virtual volume needs protection.
While database encryption encrypts entire databases, it doesn't target specific volumes or virtual drives. File-level
encryption encrypts specific files or folders but doesn't cater to entire volumes or virtual drives.
12. Florence is explaining the cryptographic system to her boss. He finds it very confusing
and keeps saying that it all seems like smoke and mirrors. He doesn't think that the
system can be relied on. Florence then explains that there is a piece of hardware within
the system that can be always and completely relied upon, setting up a chain of reliable
identities. It is the foundation of the cryptographic system. What is Florence describing?
 Certificate Authorities
 Correct answer
 Root of Trust
 Online Certificate Status Protocol
 Certificate Revocation Lists

Root of Trust (RoT) is a source that can always be trusted. It is the foundation of a cryptographic system and is the
central point of the chain of trust within that system. It can be a piece of hardware (a Hardware Root of Trust) or
software based. It is important in PKI, but it doesn't provide digital certificates. Certificate Authorities (CAs) are
trusted entities that issue and manage security credentials and public keys for message encryption. This does not
describe the source that can always be trusted within a cryptographic system. Certificate Revocation Lists (CRLs)
are lists of certificates that have been revoked by a Certificate Authority before their scheduled expiration date. This
does not describe the source that can always be trusted within a cryptographic system. Online Certificate Status
Protocol (OCSP) is an internet protocol used for obtaining the revocation status of a digital certificate. This does
not describe the source that can always be trusted within a cryptographic system.

13. A manufacturing company utilizes automated systems to control and monitor processes
on their factory floor. These systems ensure precision and safety in operations. Which
term BEST describes these systems?
 ICS
 Embedded systems
 SDN
 Serverless computing

Industrial Control Systems (ICS) are integral to manufacturing and industrial environments, overseeing and
controlling processes for accuracy and safety. Software-defined networking (SDN) centralizes network control using
software, not related to controlling industrial processes. Serverless computing focuses on eliminating the need to
manage server infrastructure, not on overseeing manufacturing operations. Embedded systems are dedicated
systems performing specific tasks, not necessarily related to industrial control and monitoring.

14. Jamario, a systems administrator at Dion Training Solutions, has been asked to configure
the company's firewall to allow FTP traffic for external users, but only secure HTTPS
traffic should be allowed from the internal network to the internet. After implementing
the rules, Jason, a manager, reports that he can't access an external FTP site. Which of
the following firewall rules could be the cause of the issue?
 Allowing outbound TCP traffic on port 21 (FTP) from all internal addresses
 Blocking inbound TCP traffic on port 21 (FTP) to all internal addresses
 Allowing outbound TCP traffic on port 443 (HTTPS) from all internal addresses
 Blocking inbound TCP traffic on port 443 (HTTPS) to all external addresses

Blocking inbound FTP traffic can prevent users like Jason from accessing external FTP sites. This might be the
reason he can't connect. Blocking inbound HTTPS traffic for external addresses does not impact FTP access for
internal users. Allowing outbound TCP traffic on port 21 (FTP) from all internal addresses permits external FTP
traffic, so it's not the cause of the issue. Allowing outbound TCP traffic on port 443 (HTTPS) from all internal
addresses permits secure HTTPS traffic from the internal network to the internet, so it aligns with Jamario's
objective.

15. At Dion Training, the management team is preparing to conduct both internal and
external compliance reporting. They aim to ensure that stakeholders are appropriately
informed about the company's compliance status. Which of the following statements
accurately reflect the distinct purposes of internal and external compliance reporting at
Dion Training? (Select TWO).
 Adheres to regulatory requirements
 Supports internal decision-making
 Enhances marketing strategies
 Improves product development
 Facilitates team assignments

External compliance reporting is crafted to meet the mandatory disclosures and inform external stakeholders such
as regulators and shareholders about the company's compliance status at a high level. Internal compliance
reporting is designed to give detailed insights to internal stakeholders like executives and security analysts,
assisting in strategic planning and operational improvements. While compliance can indirectly affect product
development by ensuring that products meet legal standards, it is not the direct aim of either internal or external
reporting. Compliance reporting does not primarily aim to enhance marketing strategies but rather to ensure
transparency and accountability regarding compliance. The goal of compliance reporting is not directly linked to
the facilitation of team assignments, which is more related to internal operational management than compliance
reporting.

16. As part of a new building initiative, Dion Training Solutions plans to connect two office
buildings via a direct physical link. Which of the following measures will BEST protect the
physical infrastructure connectivity?
 Securing the cable inside the building walls at both ends
 Running the connection on overhead poles
 Installing the cable in a conduit buried underground
 Placing the cable in an on-ground pipe between buildings

Burying the connection underground within a protective conduit offers protection from environmental factors and
unauthorized tampering. Overhead poles expose the connection to environmental factors, interference, and potential
tampering, making it less secure. Securing the cable at each end offers some protection within the buildings, which
is a good start, but it does not address the vulnerability of the cable for the majority of the distance between the
buildings, leaving it exposed to potential damage or tampering along the way. An on-ground pipe leaves the cable
vulnerable to environmental elements (e.g., flooding, heat), tampering, and physical damage, which could disrupt
connectivity.

17. Reed, a cybersecurity specialist at Dion Training Solutions, is optimizing the company's
IPS. He notes that while signature-based detection is highly effective against known
threats, it has some limitations. Which of the following BEST describes a limitation of
signature-based detection in an IPS?
 It requires substantial network bandwidth to operate
 It encrypts network traffic to hide malicious signatures
 It automatically updates with behavioral patterns of users
 It might not detect zero-day exploits

Signature-based detection relies on a database of known threat patterns. Therefore, it might not recognize or stop
new threats or zero-day exploits because their signatures aren't in the database yet. Automatically updating with
behavioral patterns of users describes behavior-based or heuristic detection, not signature-based detection.
Signature-based detection relies on predefined patterns of known threats. While an IPS does process traffic, the
bandwidth consumption is not a direct limitation of signature-based detection. The bandwidth concern is more
about the throughput of the IPS device itself. Signature-based detection doesn't encrypt traffic. Instead, it matches
traffic patterns against known threat signatures.

18. An organization with a significant online presence is concerned about potential security
threats and wants to enhance its cybersecurity measures. Which modification to
enterprise capabilities would be the most suitable for the organization to enhance
network security and proactively block access to known malicious or inappropriate
websites?
 Disabling file sharing for all employees
 Implementing DNS filtering
 Deploying next-generation firewalls with deep packet inspection
 Implementing biometric authentication for all employees

DNS filtering is an effective security measure that blocks access to malicious or inappropriate websites by
controlling DNS queries, preventing threats from reaching the network, and improving security. Biometric
authentication strengthens user verification by using unique characteristics, like fingerprints or facial recognition,
and offers greater security than traditional passwords; however, it does not proactively block malicious websites.
Next-generation firewalls (NGFWs) with deep packet inspection add security by identifying and blocking malicious
content at the application layer, though they don’t specifically block known harmful websites. While file sharing
supports collaboration, it also presents security risks. Properly configured firewall rules can help control access,
balancing security needs with the necessity of data sharing.

19. Which of the following mitigation techniques would be most effective in reducing the
security risks associated with a BYOD (Bring Your Own Device) policy in your
corporation?
 Network Access Control
 Endpoint Detection and Response
 Device Encryption
 Configuration Enforcement

For mitigating security risks associated with a BYOD (Bring Your Own Device) policy, Configuration Enforcement
is the most effective technique. Configuration enforcement ensures that each device complies with corporate
security policies before connecting to the network, reducing vulnerability exposure from non-compliant devices.
Network Access Control manages device connectivity but doesn’t enforce security configurations. Device Encryption
secures stored data but doesn’t ensure compliance with configuration standards. Endpoint Detection and Response
focuses on identifying and responding to threats, rather than enforcing device configurations, which is critical for
BYOD security.

20. Which of the following terms describes the qualitative frequency of a risk occurring
within a specified period?
 ARO
 Risk frequency
 Likelihood
 Probability

Likelihood measures how probable it is that a risk will occur, which is crucial for risk analysis and management.
Risk frequency could be seen as similar to likelihood but is less specifically defined in risk management terminology.
Probability also indicates the chance of a risk occurring but does not necessarily tie it to a specific time frame as
likelihood does within the context of risk assessment. While ARO (Annualized rate of occurrence) is a measurement
of how often a risk event is expected to happen annually, it doesn't describe the general probability or frequency as
broadly as the term likelihood does.
21. At Griffin Management, a cybersecurity team has been tasked with enhancing the
organization's security awareness program. They are focusing on creating and executing
effective phishing campaigns to educate employees about recognizing and responding
to phishing attempts. Which phase of their security awareness program is Griffin
Management in?
 Reporting and monitoring
 Development
 Initial
 Execution

The development phase in the security awareness program at Dion Training involves the creation and planning of
phishing campaigns and training materials. During this phase, the cybersecurity team designs realistic phishing
emails, identifies potential training topics, and develops educational materials to raise awareness among employees
about phishing risks. The reporting and monitoring phase focuses on collecting data about employees' responses to
phishing campaigns and their overall security awareness. It includes tracking metrics related to the number of
reported suspicious emails and the success of the training materials. The execution phase comes after the
development phase, where the cybersecurity team implements the planned phishing campaigns and training
materials. They send simulated phishing emails to employees and analyze their responses to identify areas for
improvement in the security awareness program. The term "initial" is not associated with a specific phase in the
security awareness program. It does not describe any specific activities related to the creation and planning of
phishing campaigns and training materials.

22. Sophie, an IT specialist at Dion Training Solutions, observed a sudden spike in login
attempts on their remote access portal. Multiple users reported receiving login success
notifications despite not attempting to log in. Sophie verified that these attempts used
valid usernames and old passwords that were changed a few weeks ago. Which of the
following terms BEST describes the malicious activity Sophie detected?
 Password spraying
 Credential replay
 Session hijacking
 Password brute-forcing

Credential replay attacks involve attackers reusing previously captured user credentials to gain unauthorized
access. The old passwords being used in the attempts suggest that they might have been captured earlier and are
now being replayed. Password brute-forcing is an attack method where numerous combinations are tried until the
correct password is identified. The use of valid usernames and previously valid passwords does not fit this method.
Session hijacking involves taking over an already established user session. Sophie's observations were about login
attempts, not overtaking ongoing sessions. In password spraying, the attacker tries a few common passwords
against many accounts. This scenario describes specific, formerly valid passwords being used, not common
passwords against multiple accounts.

23. Which of the following activities is MOST crucial for ensuring that known vulnerabilities
in software or hardware are addressed before they can be exploited by attackers?
 Regular system monitoring
 Baseline configuration establishment
 Applying security updates
 Penetration testing

Actively monitoring for and applying security updates is an essential activity in vulnerability management. It helps
in addressing and rectifying known vulnerabilities in software and hardware, thereby reducing the chances of
exploitation. Setting a baseline configuration is vital for determining system changes and anomalies. However, it
doesn't directly involve rectifying vulnerabilities in software or hardware. While continuously observing system
activities is essential for detecting anomalies or potential threats, regular system monitoring doesn't directly deal
with addressing known vulnerabilities in systems. Although penetration testing can help identify vulnerabilities by
simulating cyberattacks, the act itself doesn't address the vulnerabilities that are already known.

24. In a large financial institution, like Kelly Financial Solutions, which of the following BEST
describes an example of a task that an IT technician might be prohibited from doing
without special authorization due to security concerns?
 Checking their corporate email.
 Using the office printer for printing documents.
 Downloading and installing third-party software from the internet.
 Installing a recommended software update.

Downloading and installing third-party software from the internet is typically categorized as Restricted Activities
within corporate environments, especially in sensitive sectors like finance, due to the potential security risks
associated. Malicious software can easily be introduced into the system through unverified third-party software
installations. In most institutions, using the office printer for printing documents is a regular task and isn't
categorized as a restricted activity unless it involves printing sensitive data without proper authorization. While
installing a recommended software update could be restricted in certain scenarios, the term "recommended" implies
that it's an endorsed activity. Checking their corporate email is a standard activity for most employees and wouldn't
be restricted in a typical business setting.

25. Which of the following statements BEST explains the importance of environmental
variables in regard to vulnerability management?
 Environmental variables are factors that impact the physical security of an
organization's premises
 Environmental variables refer to the unique characteristics of an
organization's infrastructure that can affect vulnerability assessments and
risk analysis
 Environmental variables are specific conditions that trigger an automated response
when a vulnerability is detected in an organization's systems
 Environmental variables are parameters used in vulnerability scanning tools to assess
the security posture of an organization's network and infrastructure

Environmental variables refer to the unique characteristics of an organization's infrastructure, business

environment, and operational context that can impact vulnerability assessments and risk analysis. Understanding
these variables is crucial to conducting effective vulnerability management and developing appropriate risk
mitigation strategies. While vulnerability scanning tools may use various parameters, environmental variables refer
to different aspects related to an organization's infrastructure and business environment. These variables are not
specific conditions triggering automated responses; rather, they are factors related to an organization's
infrastructure and business environment that impact vulnerability management processes. While physical security
factors are important, environmental variables in this context have a different focus.

26. What is the purpose of monitoring and revision as part of ensuring information security?
 To enforce strict access control policies
 To establish centralized governance structures
 To implement industry-specific regulations
 To continuously improve security measures
The purpose of monitoring and revision in information security is to continuously monitor the effectiveness of
security measures, identify weaknesses or vulnerabilities, and make necessary improvements to enhance the overall
security posture of the organization. Monitoring and revision are not directly related to establishing governance
structures. Governance structures define the decision-making and authority in the organization, whereas monitoring
and revision are about assessing and enhancing security practices. While monitoring and revision may play a role
in ensuring access control policies are effective, it is not their primary purpose. Access control policies focus on
managing and controlling user access to resources based on their roles and responsibilities. Monitoring and
revision may be used to ensure compliance with industry-specific regulations, but it is not their primary purpose.
Compliance with regulations is a separate aspect of information security management.

27. You are the security administrator for a medium-sized company that handles sensitive
customer information. As part of your security measures, you are implementing the
principle of Least Privilege for all employees to reduce the risk of unauthorized access to
critical systems and data. Which of the following actions best aligns with the concept of
Least Privilege?
 Providing the privileges that are needed for the least important of their tasks, which
ensures they will have the higher privileges they may need to complete tasks
 Implementing role-based access controls (RBAC) to restrict employees'
access to only the resources and data necessary to perform their job
functions
 Granting employees access to all resources and data required for their current role
and potential future roles
 Providing employees with administrative access to their workstations to install
software and updates without IT intervention

Implementing role-based access controls (RBAC) aligns with the principle of least privilege. RBAC ensures that
each employee is granted the minimum necessary privileges and permissions based on their job function, reducing
the risk of unauthorized access to sensitive data and systems. Granting employees access to all resources and data
beyond their current role would violate the principle of least privilege. It increases the attack surface and potential
damage if their credentials are compromised or misused. Least Privilege focuses on the privileges an employee
needs to complete assigned tasks. It doesn't rank the privileges or tasks to provide a bottom or lower level of
privileges. Providing employees with administrative access on their workstations is not in line with the principle of
least privilege. Administrative access should be limited to a select few individuals who require it to perform specific
administrative tasks.

28. Dwayne has told his friends to always turn off geolocation on their device application
settings due to security concerns. Which of the following best explains why he would
suggest his friends turn off geolocation?
 The data can be used to tracking a person's movements
 Data is collected and use to improve the computational efficiency of algorithms
 Having geolocation data tracked can drain the device's battery
 The data can be used to show what applications a person uses most often

Geolocation data is information that can identify the physical location of a device and, by extension, its user. When
collected, stored, and analyzed without proper consent or transparency, it can infringe upon an individual's privacy.
Users might not be aware of how frequently their location is being tracked, who has access to this data, and for
what purposes it might be used, leading to potential misuse and violation of personal privacy. While having
geolocation on may affect the device's performance or battery life, it is not a security concern that would be as
concerning to Dwayne as tracking a user's movement. Geolocation data is about determining physical location. It
doesn't have a direct influence on the graphic or visual quality of an application. Geolocation data can be used to
personalize content or services based on location, but it does not inherently improve the computational efficiency of
algorithms.

29. Question 29CorrectAs a security analyst, you are inspecting the IPS and IDS logs to
investigate a possible network intrusion attempt. Which of the following pieces of
information is NOT typically available in this sort of log?
 The signature or behavior that triggered the alert
 The patch level of each of the targeted systems
 Timestamps for when alerts were generated
 Source and destination IP addresses related to the alert

IPS (Intrusion Prevention System) and IDS (Intrusion Detection System) logs typically do not capture the patch level
of the targeted system. While the patch level can be important for understanding system vulnerabilities, it is not
directly logged by IPS/IDS technology, which focuses on network behavior and traffic patterns. The source and
destination IP addresses related to the alert are documented in the IPS/IDS logs. These details help in
understanding the path and direction of the potential intrusion, which is fundamental for any network security
investigation. Timestamps are an important element in IPS/IDS logs. They provide a chronological context that can
be a significant factor when correlating events and investigating security incidents. One of the crucial pieces of
information provided in IPS/IDS logs is the signature or behavior that led to the alert. Having these details is vital
for effective incident response and threat mitigation.

30. Which of the following BEST describes data that is considered sensitive under the EU's
General Data Protection Regulations (GDPR)?
 Personal data that includes religious beliefs and political opinions
 Data that relates to an individual's employment history and salary
 Data that contains an individual's favorite movies, books, and hobbies
 Personal data that includes an individual's online purchase history

Under the EU's GDPR, sensitive personal data refers to specific categories of personal information that could harm
an individual if made public. This includes, but is not limited to, religious beliefs, political opinions, trade union
membership, gender, sexual orientation, racial or ethnic origin, genetic data, and health information. The intention
behind categorizing such data as sensitive is to ensure its protection and prevent its misuse. While employment
history and salary details are personal data, they are not specifically categorized as sensitive under the GDPR.
However, they should still be protected, but they don't fall under the specially protected categories. Preferences like
favorite movies or hobbies, while personal, are not considered as sensitive under the GDPR's specific criteria.
Online purchase history is a form of personal data, but it isn't classified as sensitive in the context of the GDPR's
specialized categories.

31. Which element of the risk management process involves identifying the individuals or
departments responsible for managing and mitigating specific risks?
 Risk threshold
 Risk indicators
 Risk tolerance
 Risk owners

Risk owners are individuals or departments who are responsible for managing and mitigating specific risks
identified during the risk management process. Risk tolerance refers to an organization's willingness to accept the
level of risk, but it does not pertain to the identification of risk owners. Risk indicators are specific metrics used to
monitor and assess the level of risk in an organization, but they do not directly involve identifying responsible
parties. Risk threshold refers to the level of risk that an organization is willing to accept, but it does not address the
identification of individuals or departments responsible for managing risks.
32. Jamario, a security analyst at Dion Training Solutions, is configuring a new network
architecture. He’s considering using a screened subnet to enhance security. How does a
screened subnet MOST enhance network security when implemented with a firewall?
 It encrypts all data between the internal and external networks
 It compresses traffic to speed up the network
 It creates an isolated zone
 It automatically updates firewall rules

A screened subnet, often referred to as a DMZ (Demilitarized Zone), acts as a buffer between the untrusted external
network (like the Internet) and the trusted internal network. By doing so, it prevents direct access to internal
resources, adding an extra layer of security. While encryption is crucial for data security, a screened subnet itself
doesn't encrypt data. Its primary purpose is to segregate network zones. A screened subnet doesn't automatically
update firewall rules. Firewall configurations and updates are managed separately. Screened subnets are not
designed for traffic compression. Their role is to enhance security by creating a separate network zone.

33. Which of the following is a type of assessment of a vendor's security posture that is
conducted by a third party?
 Right-to-audit clause
 Independent assessments
 Evidence of internal audits
 Internal penetration testing

Independent assessments involve hiring an external third-party organization to evaluate and assess the vendor's
security posture and controls. Penetration testing is a type of assessment that involves authorized simulated attacks
on a vendor's systems and infrastructure to identify potential security weaknesses. It will test the security posture of
a company, but an internal penetration test would not involve a third-party. Evidence of internal audits refers to
documentation or proof that the vendor has conducted its internal security audits to assess and maintain the
effectiveness of its security measures. It is an internal audit conducted by the vendor, not by a third party A right-to-
audit clause is a provision in a vendor contract that grants the organization the authority to conduct audits on the
vendor's security controls and practices. This allows the organization to do the audits. It doesn't involve a third-
party.

34. Which of the following mitigation techniques involves replacing factory-set

authentications on devices or software to prevent unauthorized individuals from gaining
access using widely known credentials?
 Role-based Access Control
 Default Credential Management
 Encryption
 Multi-factor Authentication

The best mitigation technique for preventing unauthorized access through widely known credentials is Default
Credential Management. This involves replacing factory-set usernames and passwords, which are often publicly
available and easily exploited by attackers. While Multi-factor Authentication adds security layers, it does not
address the issue of default credentials. Role-based Access Control assigns permissions based on user roles, but it
doesn’t mitigate risks related to factory-set credentials. Encryption protects data but does not directly prevent
unauthorized access due to weak, default authentication settings.

35. Priyanka wants to capture a copy of network traffic for analysis without affecting the
data flow or altering the traffic. Which device attribute would be MOST applicable for her
to consider?
 Tap/monitor mode
  Active analysis
 In-line mode
 Passive analysis

Tap/monitor mode refers to a device that copies network traffic for analysis without interrupting or altering the data
flow, allowing administrators to monitor and capture traffic in real time for diagnostic or security purposes. Passive
analysis refers to monitoring without interference; however, it is a broader term that doesn't explicitly involve
capturing or duplicating the traffic for analysis. Active analysis involves interacting with or potentially modifying
the network traffic during the monitoring process, which could disturb the data flow, whereas the scenario requires
a read-only, non-intrusive method of capturing traffic for analysis. In-line mode involves placing the device directly
within the data path, meaning it actively processes or filters traffic as it passes through, which could disrupt or alter
the flow of network traffic, contrary to the requirement of capturing traffic without interference.

36. You are a security analyst tasked with investigating a suspected security breach
involving an employee's device. You decide to examine the endpoint logs. Which of the
following pieces of information would be MOST valuable in these logs to investigate the
incident?
 Unusual or unauthorized activities involving file access, and network
connections
 The number of times the endpoint device has been restarted in the past month
 Applications installed and subsequently uninstalled on the device over the past week
 The total number of files currently stored on the device

From an endpoint perspective, details regarding unusual or unauthorized activities, such as unexpected processes,
unauthorized file access, and suspicious network connections, could provide critical evidence during a security
investigation. While frequently restarting a device could be an indication of technical issues with the endpoint
device, it is not directly useful for investigating a specific security incident unless correlated with other suspicious
activities. Although tracking installed and uninstalled applications could be useful in some investigations, without
contextual details (such as who made the changes and why), this data alone would not likely suffice to pinpoint a
specific security incident. Simply having the total number of files on an endpoint would not provide useful
information for a specific security investigation. It is the access and modification details of the files that would be
more valuable, especially if suspicious activity is detected.

37. What is the term for a type of open service port that is commonly used for email servers
and can be exploited by attackers to perform spamming, spoofing, or phishing attacks?
 IMAP
 HTTP
 SMTP
 POP

Simple Mail Transfer Protocol (SMTP) port is a type of open service port that is commonly used for email servers. It
is most commonly used to perform spamming, spoofing, or phishing attacks because it is used to send and email
messages. Hypertext Transfer Protocol (HTTP) port is a type of open service port that is commonly used for web
servers and can be exploited by attackers to perform injection attacks, such as SQL injection or cross-site scripting.
It is the default port for HTTP, the protocol used to transfer web pages and data. Post Office Protocol (POP) port is
a type of open service port that is commonly used for email clients. It is most commonly used to perform
eavesdropping, data theft, or malware delivery attacks because it is used to retrieve email messages from a server.
Internet Message Access Protocol (IMAP) port is a type of open service port that is commonly used for email
clients. It is most commonly used to perform eavesdropping, data theft, or malware delivery attacks because it is
used to retrieve email messages on a server.
38. Kendra is testing the security of a web application and finds that it is vulnerable to a
type of attack that involves capturing and retransmitting data, such as authentication
tokens or credentials, to impersonate a legitimate user. Which of the following
application attacks is BEST able to exploit this vulnerability?
 Injection
 Replay
 Buffer overflow
 Privilege escalation

A replay attack is a type of application attack that involves capturing and retransmitting data, such as
authentication tokens or credentials, to impersonate a legitimate user or session. A buffer overflow attack is a type
of application attack that involves sending more data than expected to a function, causing it to overwrite adjacent
memory locations and execute arbitrary code. An injection attack is a type of application attack that involves
inserting malicious code or commands into an application or database to execute unauthorized actions or access
sensitive data. A privilege escalation attack is a type of application attack that involves exploiting a vulnerability or
misconfiguration to gain higher privileges or access than intended on a system or application.

39. In the context of Zero Trust architecture, what is the role of the Data Plane?
 To manage identity and authentication requests
 To analyze and detect potential threats in real time
 To enforce security policies across the network
 To process and transmit data between systems

In Zero Trust architecture, the Data Plane’s role is to handle the processing and transmission of data between
systems, managing the flow of network traffic. It focuses on the movement of data rather than enforcing security
policies or managing authentication. Security policies are enforced by the Control Plane, which makes decisions on
access and controls based on set policies. The Data Plane does not analyze threats in real-time; instead, it operates
as the pathway for data, ensuring efficient delivery while the Control Plane maintains security oversight.

40. You are a web developer for an online gaming website that hosts various games for
different platforms and devices. You want to use a mitigation technique that can help
you prevent unauthorized or malicious programs from running on your web server.
Which of the following mitigation techniques can help you achieve this goal?
 Access control lists
 Segmentation
 Patching
 Application allow list

Application allow list is a mitigation technique that can help enforce compliance with security standards and
policies on a system or network. It does this by comparing applications to a list of applications that are allowed to
run. These applications have been verified and authorized by the system or network administrator. Any application
that is not on the list is not allowed to run. Segmentation is a mitigation technique that involves dividing a network
into smaller segments. Each has its own security policies and controls. Segmentation can limit the scope of an
attack by preventing the attacker from gaining access to an entire network because it will help isolate the
compromised segment. This will not help you prevent unauthorized applications from running on your system.
Access control lists (ACL) are a mitigation technique that involves using a list of rules to limiting access to
resources on a network. ACLs can restrict access based on various criteria, such as IP addresses, port numbers, and
protocols. Limiting IP addresses and other user criterial to a particular list will likely cause problems for new users
and shrink your company's user base. Patching is a mitigation technique that can help prevent exploitation of
known vulnerabilities on systems and devices by updating them with the latest security fixes and enhancements.
Patching involves applying patches or updates to software and systems. You will need to keep your software up to
date, but this won't prevent unauthorized software from being installed on your servers.

41. Which of the following techniques would be most suitable for a developer at Dion
Training to ensure user passwords, once transformed, cannot be reverted back to their
original state?
 Tokenization
 Encryption
 Hashing
 Private

Hashing provides a one-way, irreversible technique for securing data, making it appropriate for securing
passwords. In other words, a person who gains access to the hashed password won't be able to discover the original
password Private data relates to data classification and privacy but neither elaborates a method to secure data like
passwords. Encryption is the process of converting information or data into a code to prevent unauthorized access.
It often uses an algorithm to replace the original data with other data. If a person figures out or acquires the
algorithm, the data can be decrypted. While tokenization can provide security, it wouldn’t be the best choice for
passwords since it is essentially reversible, providing a mapping back to the original data. A person who has access
to the database where the token and the password that is linked to the token, can use the token to find the original
password.

42. You are visiting a website that is related to your hobby and you see an article that
interests you. You click on the article and it takes you to another website that asks you
to install a browser extension to view the content. However, the browser extension is
actually malware that steals your browsing history and personal information. What type
of attack is this an example of?
 Brand impersonation
 Impersonation
 Business email compromise
 Watering hole

Watering hole is a form of cyberattack that involves compromising a legitimate website that is frequented by a
specific group of users, such as employees of a certain organization. The goal is to infect the users’ systems with
malware when they visit the website. Brand impersonation is a form of cyberattack that involves creating fake
websites, emails, or social media accounts that mimic legitimate ones. The goal is to deceive users into trusting the
fake entity and revealing their information or performing malicious actions. Impersonation is a form of social
engineering that involves pretending to be someone else in order to obtain information or access from a victim.
Business email compromise is a form of cyberattack that involves compromising an email account of a person in
authority, such as a CEO or a manager, and using it to send fraudulent requests or instructions to other employees
or partners. The goal is to trick them into transferring money or disclosing confidential information.

43. Kelly Innovations LLC is setting up a new office and wants to ensure only authenticated
devices can access the wired network. Which of the following solutions would be MOST
effective in enforcing this requirement?
 VPN
 Implementing 802.1X
 Stateful firewall
 IDS
802.1X is a standard for port-based network access control that allows a network device to be authenticated based
on credentials provided by the device before it can access the network. A virtual private network (VPN) provides a
secure connection between remote users and an organization's network that encrypts traffic and can require user
authentication; it doesn't enforce device-level authentication for wired connections. A stateful firewall filters
network traffic based on state, port, and protocol. While it offers advanced security features, it does not specifically
authenticate devices before granting access. An Intrusion Detection System (IDS) monitors network traffic for signs
of malicious or suspicious activity. While important for security, it doesn't enforce device authentication before
granting network access.

44. Which of the following is a pre-defined period during which planned changes and
upgrades to an IT system are implemented to minimize disruption to users?
 Recovery point objective
 Baseline configuration
 Maintenance window
 Standard operating procedure

A maintenance window is a scheduled timeframe during which system updates, patches, or changes are
implemented. This period is specifically chosen to reduce the impact on users and ensure business continuity. A
Recovery Point Objective is a metric used in disaster recovery that defines the maximum allowable amount of lost
data measured in time. It does not pertain to scheduled maintenance periods. A baseline configuration represents a
set of specifications for a system, against which all future changes are measured. It doesn't refer to the time frame
for implementing changes. An SOP (Standard Operating Procedure) is a set of step-by-step instructions compiled by
an organization to help workers carry out complex routine operations. It doesn't specify when these operations
should be performed.

45. Which of the following activities take place during the lessons learned phase in the
incident response process?
 Classifying issues base on their impact
 Conducting regular training and drills so that employees know what to do if an
incident occurs
 Examining the effectiveness of the incident response process
 Analyzing the evidence and determining the root cause of the incident

The lessons learned phase in the incident response process involves documenting the incident response process,
identifying areas for improvement, and implementing changes to enhance future incident response efforts. It
includes analyzing the incident response actions taken, evaluating their effectiveness, and applying knowledge
gained from the incident to improve incident response procedures and security measures. Identifying and classifying
incidents based on their severity and impact to the organization is part of the Detection phase in the incident
response process. This phase involves recognizing that an incident has occurred and understanding its potential
implications but does not directly address lessons learned. Analyzing the evidence and determining the root cause of
the incident falls under the Analysis phase of the incident response process. This phase aims to understand how the
incident occurred and what vulnerabilities were exploited but does not directly relate to lessons learned. Developing
an incident response plan, defining roles and responsibilities, and conducting regular training and drills belong to
the Preparation phase of the incident response process. This phase ensures that the organization is ready to respond
effectively to incidents but does not directly involve the lessons learned from a specific incident.

46. Which of the following backup methods involves real-time replication of every
transaction made within a system?
 Full backup
 Differential backup
  Journaling
 Incremental backup

Journaling is a form of backup that involves recording all transactions in a system, which can be used to restore the
system to a previous state. Differential backups capture all changes made since the last full backup. Like
incremental backups, differential backups are not done in real-time but at specific intervals, and they accumulate
changes since the last full backup. A full backup involves making a complete copy of all data in the system. While
comprehensive, it's typically scheduled to occur at regular intervals (e.g., nightly or weekly) and does not provide
real-time replication of each transaction. Incremental backups save only the changes made since the last backup,
whether that was a full or another incremental backup. This method doesn't replicate transactions in real-time but
rather at scheduled intervals.

47. In security architecture, which approach is the most effective for safeguarding data at
rest?
 Utilizing backups
 Applying access control policies
 Implementing parallel processing
 Using encryption

Encryption is the best option as it transforms data into an unreadable format for unauthorized users, thereby
safeguarding it from unauthorized access. Access control limits who can view or edit data but does not protect the
data at rest from being accessed if the storage medium itself is compromised. Encryption is needed to secure the
data itself. While backups are essential for data recovery, they do not directly secure the data. Backups provide
redundancy but don’t protect data from unauthorized access or breaches. Parallel processing is a computational
technique to speed up tasks but does not protect data; it’s unrelated to security or the protection of stored data.

48. Dion Training is researching cryptographic solutions that distribute transactional data
across a peer-to-peer network, ensuring that no single entity controls the entire
transaction history. What solution emphasizes this peer-to-peer distribution?
 Asymmetric encryption
 Digital certificates
 Open public ledger
 Hashing algorithms

An open public ledger, especially when associated with blockchain, is decentralized and distributed across a peer-
to-peer network, ensuring no single entity has control over the entire transactional history. While digital certificates
authenticate the identity of the certificate holder, they don't ensure a distributed transactional record. Hashing
converts input data of any size into a fixed-length value, but doesn't specify how data is distributed. Asymmetric
encryption involves using a pair of keys – a public key and a private key – for encryption and decryption,
respectively.

49. Dion Training Solutions wants to implement a security system that can inspect incoming
network traffic in real-time, detect malicious activities, and then take action to block
those activities immediately. Which of the following would be the MOST appropriate
solution?
 IDS
 Proxy server
 IPS
 WAF
An IPS actively analyzes network traffic for signs of malicious activity. If it detects any threats, it can take
immediate action, such as dropping the malicious packets or blocking traffic from the offending IP address. While a
WAF can inspect and block malicious web traffic, its scope is specifically geared towards web applications and
doesn't necessarily cover all types of network traffic. An Intrusion Detection System (IDS) monitors traffic and can
log and provide alerts; however, it does not actively prevent any potentially malicious content like an IPS would. A
proxy server acts as an intermediary for requests from clients seeking resources from other servers. Its primary role
is to forward web requests and may cache data, but it doesn't actively block malicious activities based on real-time
traffic analysis.

50. Several employees at Dion Training Solutions reported being unable to access their
accounts early in the morning, even though they were sure they inputted their
passwords correctly. After investigating, the IT team found that the accounts had been
locked automatically after multiple failed login attempts during the night. Which of the
following policies is MOST likely responsible for the employees' inability to log in?
 Password Expiration Policy
 Password Complexity Policy
 Account Lockout Policy
 Multi-Factor Authentication Policy

The account lockout policy is designed to lock a user's account after multiple failed login attempts, which explains
why employees were unable to log in after the system detected several incorrect password entries during the night. A
password complexity policy enforces rules for creating strong passwords but does not cause account lockouts.
Multi-factor authentication (MFA) adds extra security layers but is not responsible for locking accounts after failed
attempts. Similarly, a password expiration policy requires users to update their passwords periodically but does not
automatically lock accounts after failed logins.

Exam-2
1. Which of the following is a security concern when dealing with virtual machines?
 Symmetric multiprocessing
 Resource pooling
 Virtual NIC
 Rogue VM

The process of developing, testing, and deploying images brings about the first major security concern with the
virtual platform itself. This is the problem of rogue VMs. A rogue VM is one that has been installed without
authorization. The uncontrolled deployment of more and more VMs is referred to as VM sprawl. After all, it is a lot
easier to add a guest image to a server than it is to plug a new hardware server into the network. Resource pooling
refers to the concept that allows a virtual environment to allocate memory and processing capacity for a VMs use.
Symmetric multiprocessing (SMP) is the processing of programs by multiple processors that share a common
operating system and memory. A virtual network interface card (vNIC) represents the configuration of a VM
connected to a network. A VM can be configured to have multiple vNICs.

2. You are configuring a workstation to be used as a point of sale (POS) device. Which of
the following peripherals should you install with the device?
 Flatbed scanner
 Signature pad
 Webcam
 Memory card reader
A signature pad is a common peripheral used with a point-of-sale workstation. This allows a customer to sign a
contract or sales receipt digitally. A webcam is a video camera that feeds or streams an image or video in real-time
to or through a computer to a computer network, such as the Internet. Webcams are typically small cameras that sit
on a desk, attach to a user's monitor, or are built into a laptop, desktop, or mobile device. A memory card reader is a
device containing one or more slots to accommodate reading (and writing) memory cards. A scanner is a type of
photocopier that can convert the image of a physical object into an electronic data file. The two main components of
a scanner are the lamp, which illuminates the object, and the recording device, an array of CCDs (Charge Coupled
Devices). There are flatbed and sheet-fed versions, with sheet-fed versions typically being incorporated with a
printer and fax machine into a multifunction device.

3. Which of the following is NOT considered part of the Internet of Things?

 SCADA
 Smart television
 ICS
 Laptop

Supervisory control and data acquisition (SCADA) systems, industrial control systems (ICS), internet-connected
televisions, thermostats, and many other things examples of devices classified as the Internet of Things (IoT). A
laptop would be better classified as a computer or host than part of the Internet of Things. The Internet of things
(IoT) is a system of interrelated computing devices, mechanical and digital machines provided with unique
identifiers (UIDs), and the ability to transfer data over a network without requiring human-to-human or human-to-
computer interaction.

4. An auto mechanic needs to purchase a new printer for their shop. The printer will be
used to create estimates and invoices for their customers. The printer must support the
ability to create duplicate invoices using multiple sheets of paper separated by carbon
paper using tractor-fed paper. Which of the following types of printers should be used?
 Laser
 Inkjet
 Thermal
 Impact

An impact or dot-matrix printer is an older type of printer that works by pressing a ribbon of ink onto the top sheet
of paper using a series of dots. This is called an impact printer because it pushes the ribbon against the paper to
create the image or text using a series of dots to create the image or text. These printers are most commonly used
when multiple copies of a document must be created at once (like a 3-part form or contract to be signed). As these
older printers are being retired and it is harder to find impact printers to purchase, most organizations are now
switching to laser or inkjet printers and requiring customers to sign multiple copies of the same invoice after they
are printed using a laser printer. Thermal printers are commonly used for receipts such as those at the grocery store
or a restaurant.

5. An employee's workstation will operate for a short period of time, but then it
unexpectedly shuts down. When you check the workstation, you hear the hum of the
cooling fans. What is most likely the issue?
 CPU overheated
 GPU overheated
 Defective case fan
 Defective NIC card
If a computer's CPU becomes overheated, the system will unexpectedly shut down the computer to protect the
processor from damage. This usually occurs if the CPU's cooling fan isn't working properly, the heat sink is
dislodged, or the thermal paste breaks down. In this case, you would need to remove the heat sink, remove the
processor, reseat the processor, reapply thermal paste, reattach the heat sink, and reconnect the processor fan before
rebooting the computer to solve this issue.

6. A customer is trying to configure an 802.11b wireless card in an old laptop to connect to

an 802.11g wireless router. When the customer scans for the wireless network's SSID
(Dion-Corp), it is not displayed within Windows. What is the MOST likely reason that the
SSID is not being displayed?
 802.11g and 802.11b use different frequencies
 The wireless router is not configured for DHCP support
 The wireless router is configured with WPA2 encryption
 The broadcast is disabled on the wireless router

If the SSID (Secure Set Identifier) is disabled, then the wireless network name will not be broadcast to any available
devices within range. Both Wireless B and G use the same frequency band (2.4 GHz) and would not cause this issue.
Similarly, encryption that is enabled or disabled would not affect the SSID broadcast since the SSID is sent out in
cleartext. DHCP support is used once a device connects to the network. Therefore it would not affect the SSID
broadcast.
7. Which of the following cellular technologies was not widely used outside of the United
States?
 3G
 4G
 GSM
 CDMA

The code division multiple access (CDMA) communication standard for cellular radio communications and data
transfer uses a method of multiplexing a communications channel using a code to key the modulation of a particular
signal. CDMA was only popular in the United States with a few providers (Verizon and Sprint). Most of the world
instead uses GSM. The global system for mobile (GSM) communication standard for cellular radio communications
and data transfer uses a SIM card to identify the subscriber and network provider. 3G cellular technology is made
up of two different technologies: HSPA+ and EV-DO. HSPA+ (Evolved High-Speed Packet Access) is a 3G standard
used for GSM cellular networks and can support up to a theoretical download speed of 168 Mbps and a theoretical
upload speed of 34 Mbps. In the real world, though, HSPA+ normally reaches speeds around 20 Mbps. EV-DO
(Evolution-Data Optimized) is a 3G standard used for CDMA cellular networks and can support up to 3.1 Mbps
downloads. 4G cellular technology is made up of LTE and LTA-A. Long Term Evolution (LTE) is a packet data
communications specification providing an upgrade path for both GSM and CDMA2000 cellular networks. LTE has
a theoretical speed of 150 Mbps and a real-world speed of around 20 Mbps. LTE Advanced (LTE-A) has a
theoretical speed of 300 Mbps and a real-world speed of around 40 Mbps.

8. You are troubleshooting a network connection issue between the wall jack in a user's
office and the switch in the communications closet. When you plug a network cable into
the wall jack, there is no connection. You check the switch in the communications closet
to determine if the wall jack is properly connected to the switch. Unfortunately, none of
the cables in the communication closet are labeled. Which of the following tools should
you use to determine which cable in the communications closet is connected to the wall
jack in the user's office since none of the cables are properly labeled?
 Tone generator and probe
 Multimeter
 Punchdown tool
 Loopback plug

A tone generator is connected to a wall jack and sends a repeating signal over the cable. The probe can then be
used to detect which cable is attached to the wall jack by detecting the signal being sent by the tone generator. The
probe needs to be near or touch the cable with the tone generator attached to identify it positively. While a
multimeter could be used (in resistance mode) to determine if two ends of a cable are attached to the same cable, the
distance between the user's office and the communication closet would prevent a multimeter from being used in this
case. A tone generator is connected to a wall jack and sends a repeating signal over the cable. The probe can then
be used to detect which cable is attached to the wall jack by detecting the signal being sent by the tone generator.
The probe needs to be near or touch the cable with the tone generator attached to identify it positively. Punchdown
tools are used to connect an ethernet cable to the back of a patch panel, a punchdown block, or the back of a
network wall jack.

9. Which of the following is the virtualization technology supported by most modern Intel
processors?
 HT
 AMD-V
 VT
 Intel-V
To use virtualization and have virtual machines running on a single workstation, you need to have a CPU
specifically designed to support virtualization. For Intel processors, they must support VT or Virtualization
Technology. If you are using an AMD processor, it should support AMD-V (AMD's virtualization technology).
HyperThreading (HT) is an Intel CPU architecture implemented to expose two or more logical processors to the OS
to deliver performance benefits. Intel-V is a made-up term used as a distractor on this question.

10. Jason is printing out a copy of Dion Training's new logo on his color laser printer. When
the logo is printed, the blue color does not appear to be the same as the one on the
screen. Jason believes the issue is an incorrect chroma display between the monitor and
the printer. Which of the following solutions would best fix this issue?
 Replace the toner cartridge since the printout is faded
 Calibrate the monitor and printer to use the same color profile
 Set the color profile to a sepia tone to eliminate the issue
 Update the print drivers to ensure they are operating properly

Incorrect chroma display occurs when the printer and the monitor are using different color profiles. To fix this issue,
it is important to calibrate both the printer and the monitor to the same standard so that the colors will match.
Changing the color to a sepia tone would make the printout appear brown which would not solve this issue.
Replacing the toner would help if the printout is faded, but that is not occurring in this scenario. The print drivers
would not cause the color to be incorrect, only the incorrect chroma settings and calibration would.

11. Which of the following network configurations on a virtual machine are used to prevent
the VM from accessing the internet, but still allow it to communicate with other VMs on
the host and the host itself?
 External
 Private
 Internal
 Localhost

Virtual machines can have their network configured as internal to prevent them from communicating with the
internet. When configured to internal, the VMs can communicate with each other and the host machine. The private
network connection type will create a switch that is usable only by the VMs. The VMs cannot use the switch to
communicate with the host. If you select external, the VMs would have internet access. If you select localhost, each
VM could only communicate with itself.

12. A user has reported that their workstation is running slowly. You perform a reboot of
their workstation and receive a S.M.A.R.T. error during the boot-up process. Which of the
following actions should you perform FIRST?
 Backup the hard drive
 Run diskpart
 Run chkdsk
 Reformat the hard drive

S.M.A.R.T. is an acronym for Self-Monitoring and Repair Tool. It is a feature in all modern magnetic hard drives
(non-SSD drives) that monitors the hard drive to ensure it performs properly. S.M.A.R.T. can detect when the failure
of a drive is imminent and can alert the user so that they can back up the drive before a complete failure occurs. If
your hard drive produces a S.M.A.R.T. failure, you should immediately back up the drive. Once a backup has been
completed, you can instead focus on repairing the drive using chkdsk.
13. Your company uses a virtual desktop infrastructure (VDI) environment for employees to
access their desktop applications. To allow employees access to the VDI environment,
the company is installing thin clients in each employee's office. Which THREE of the
following tasks must you first complete to install a thin client for a new employee?
 Connect the thin client to the network
 Connect the device to a second monitor
 Install the operating system
 Install the necessary applications
 Install the latest security updates
 Connect the thin client to a printer

A thin client is a stateless, fanless desktop terminal that has no hard drive. All features typically found on the
desktop PC, including applications, sensitive data, memory, etc., are stored back in the data center when using a
thin client, most typically in a VDI or other environment. To set up a thin client, you will first connect it to the
network, update its security software, and then install/configure any applications needed to access the VDI
environment.

14. A client claims that their computer keeps rebooting itself without warning. Which of the
following is the BEST action you should take to investigate and troubleshoot this issue?
 Replace the power supply
 Replace the cooling fan
 Test the power supply
 Reinstall the operating system

A computer that keeps rebooting itself is a symptom of a faulty power supply or a computer that is overheating. If
the power supply is faulty, the computer will reboot itself. If the issue is caused by an overheating issue (such as a
cooling fan failure), the computer will usually reboot itself after running for 15-20 minutes (once enough heat is
built-up). Therefore, you should test the power supply first to determine if that is the root cause of the issue, and
then replace the power supply, if required.

15. A technician is troubleshooting a newly installed WAP that is sporadically dropping

connections to devices on the network. Which of the following should the technician
check FIRST during troubleshooting?
 WAP placement
 Encryption type
 Bandwidth saturation
 WAP SSID

For optimal network performance, the placement of the Wireless Access Point (WAP) guidelines should be taken
into consideration to ensure that the building's construction doesn't cause interference with the wireless signals. To
determine if adequate coverage and signal strength is being received in the building, you can conduct a wireless site
survey. The service set identifier (SSID) is a group of wireless network devices which share a common natural
language label, such as a network name. The SSID would not affect the devices and cause sporadic connection
drops. Bandwidth saturation is a phenomenon that occurs when all of a circuit's available bandwidth in a given
direction is being utilized by a large upload or download which can result in high latency and performance issues.
Bandwidth saturation would not cause the wireless connection to drop, though. Encryption type refers to the type of
security used on a wireless network, such as WEP, WPA, WPA2, or WPA3. The security type used on a network
would not cause sporadic drops of the network connection, though.
16. Which of the following describes the IP address of a router to which packets destined for
a remote network should be sent by default?
 Subnet mask
 Dynamic IP
 Gateway
 Static IP

The default gateway parameter is the IP address of a router to which packets destined for a remote network should
be sent by default. This setting is not required, but if you do not have one included, your network traffic can never
leave the local area network. A static IP address is used when the DHCP server is disabled and clients are
configured manually to join the network properly. A dynamic IP address is configured automatically by a DHCP
server when a new host joins the network. The subnet mask is used in IPv4 to distinguish these two components
within a single IP address. The subnet mask differentiates the two portions of an IP address into the Network ID and
the Host ID.

17. What is the fifth step of the CompTIA troubleshooting methodology?

 Test the theory to determine the cause
 Verify full system functionality and, if applicable, implement preventative
measures
 Document findings, actions, and outcomes
 Establish a plan of action to resolve the problem and implement the
solution

For the exam, it is important that you can list and identify the 6 steps of the CompTIA troubleshooting methodology
in order. (1) Identify the problem. (2) Establish a theory of probable cause (question the obvious). (3) Test the theory
to determine the cause. (4) Establish a plan of action to resolve the problem and then implement the solution. (5)
Verify full system functionality and, if applicable, implement preventative measures. (6) Document findings, actions,
and outcomes.

18. You are working at the service desk when a customer calls up and complains that their
laptop's monitor looks strange. When pressed for further details, they state that there
are black bars on the left and right sides of the screen and that the image appears
squashed and distorted. What is MOST likely the cause of this issue?
 Incorrect color depth
 External RF interference
 Incorrect display resolution
 Bad video card

This is likely a screen resolution problem. Each LCD/LED has a native resolution that fits perfectly on the screen. If
a resolution other than the native resolution is used, the screen could become squished, distorted, or have black
vertical or horizontal lines filling up the excess space. For example, most laptops operate as a 16:9 or 16:10 aspect
ratio. Older VGA monitors relied on a 4:3 aspect ratio using 1024x768 pixels whereas newer monitors use a 16:9
ratio at 1920x1080 pixels.
19. Which of the following components of a color laser printer is used to combine the 4
colors before printing them to the paper in one pass?
 Transfer belt
 Pickup roller
 Transfer roller
 Duplexing assembly

The transfer belt is the component in a color laser printer that combines the 4 colors before printing it to the paper
in one pass. The transfer roller is the component in a laser printer that applies an electric charge to the paper to
attract toner from the photoconductor during the imaging process. The pickup roller is the component in a laser
printer that turns above a stack of paper to feed a sheet into the feed roller. The duplexing assembly is a component
that enables a printer or scanner to use both sides of a page automatically.

20. Which of the following is used when a CDMA smartphone attempts to connect to the
cellular network while traveling? (Select ANY that apply)?
 Baseband
 PRL
 Firmware
 PRI

The PRI and PRL must be updated and referenced when traveling. The preferred roaming index (PRI) is an index
that works with the PRL to provide the best data/voice quality to a phone while roaming. The preferred roaming list
(PRL) is a database built by CDMA service carriers to indicate which radio bands should be used when connecting
to a cell tower. The baseband is the embedded operating system in the firmware of a smartphone or other cellular
device. The firmware is a set of software instructions stored semi-permanently (embedded) on a hardware device.
Modern types of firmware are stored in flash memory and can be updated more easily than legacy programmable
Read-Only Memory (ROM) types. The baseband and firmware would not be updated or changed based on your
location. The baseband is changed or updated when a security update is needed.

21. Which of the following ports should you block at the firewall if you want to prevent a
remote login to a server from occurring?
 22
 21
 143
 80

Secure shell (SSH) is the protocol used for remote administration and file copying using TCP port 22. SSH is
considered secure since it uses authenticated and encrypted sessions for communication. The file transfer protocol
(FTP) is the protocol used to transfer files across the internet over ports 20 and 21. The hypertext transfer protocol
(HTTP) is a protocol used to provide web content to browsers using port 80. The internet message access protocol
(IMAP) is a TCP/IP application protocol that provides a means for a client to access email messages stored in a
mailbox on a remote server using TCP port number 143. Unlike POP3, messages persist on the server after the
client has downloaded them. IMAP also supports mailbox management functions, such as creating subfolders and
access to the same mailbox by more than one client at the same time.
22. Jason's new iPhone has locked up, and the touchscreen is unresponsive. He tries to tap
the screen, press the buttons, and still, nothing happens. What should he do next?
 Hold down power and volume down buttons simultaneously for 10 seconds,
then slide to power off
 Hold down power and home buttons simultaneously for 10 seconds, then slide to
power off
 Hold down the home button for 10 seconds, then slide to power off
 Hold down the power button and then the sleep/wake button
simultaneously for about 10 seconds

Smartphones can become frozen, hung up, or locked up to the point they are unresponsive to touch or some button
presses. The best solution is to hold down the power and volume down buttons simultaneously on an iPhone and
then slide to power off.

23. A computer technician is configuring a NAS for a company to store their corporate data.
The technician has only two hard drives available for use and needs to ensure that the
data's fault tolerance and redundancy. Which of the following would be is the best
configuration to implement?
 RAID 1
 RAID 10
 RAID 5
 RAID 0

While either a RAID 0 or RAID 1 can be used with only two drives, only a RAID 1 will provide redundancy and fault
tolerance. A RAID 0 provides disk striping (speed/performance) but not mirroring with a minimum of two disks. A
RAID 1 provides mirroring (redundancy) but not disk striping with a minimum of two disks. With a RAID 1, one of
the hard drives can fail while the other drive can still operate until the bad drive is replaced. A RAID 5 provides
block-level striping with distributed parity to provide redundancy using a minimum of three disks. A RAID 10
combines disk mirroring and disk striping to protect data stored in the array and required a minimum of four disks.
A RAID 5 requires at least three hard drives to operate, and a RAID 10 requires at least four hard drives to operate;
therefore, neither is an acceptable solution to this problem.

24. What ports do FTP and SFTP utilize?

 21, 23
 22, 23
 21, 22
 20, 21

FTP (File Transfer Protocol) uses ports 20 and 21. SFTP (Secure File Transfer Protocol) uses port 22. Port 23 is
used by Telnet. If this were a question on the real exam, you would see a list of ports on one side and a list of
protocols on the other, and you would drag and drop each one to match them up. (It might also have 4-6 different
pairs to match up.)
25. Which of the following network standards allows a networking device to provide up to
15.4W of power to a connected device?
 802.3at
 802.11s
 802.3af
 802.11ac

Power over Ethernet (POE) switches provide power over ordinary data cabling to devices such as VoIP handsets
and wireless access points. PoE can support up to 15.4W and PoE+ can support up to 25W. The 802.3af (PoE)
standard can support up to 15.4W of power at a distance of up to 100 meters. PoE can support low-powered devices
such as VoIP handsets. The 802.3at (PoE+) standard can support up to 25W of power at a distance of up to 100
meters. PoE+ can support higher-powered devices such as PTZ cameras, door controllers, and thin client
computers. The 802.11ac standard defines a 5 GHz wireless networking standard. The 802.11s standard defines the
usage of wireless mesh technology.

26. Your company has decided to upgrade its legacy phone system to use VoIP devices
instead. The new phones will download the configurations from a server each time they
boot up. Which of the following ports needs to be opened on the firewall to ensure the
phones can communicate with the TFTP server and download their boot-up
configurations?
 69
 53
 161
 21

Trivial File Transfer Protocol (TFTP) is a simple protocol that provides a basic file transfer function with no user
authentication. TFTP uses port 69 to communicate. TFTP is intended for applications that do not need the
sophisticated interactions that File Transfer Protocol (FTP) provides. The File Transfer Protocol is a standard
communication protocol used for the transfer of computer files from a server to a client on a computer network.
FTP uses port 21 to communicate. The Domain Name System (DNS) is used to translate requests for names into IP
addresses, controlling which server an end-user will reach when they type a domain name into their web browser.
DNS uses port 53 to communicate. The Simple Network Management Protocol (SNMP) is a networking protocol
used for the management and monitoring of network-connected devices in Internet Protocol networks. SNMP uses
port 161 to communicate.

27. Tim's laptop was recently upgraded to Windows 11 but is now running more slowly due
to the increased memory requirements. He has decided to install some additional RAM
to speed up the laptop. Which of the following should he install?
 GDDR5
 VRAM
 SODIMM
 DIMM

Laptops and integrated PCs usually use SODIMM memory due to the memory module's smaller footprint. A small
outline dual inline memory module (SODIMM) can be purchased in various types and sizes to fit any laptop. A dual
in-line memory module (DIMM) comprises a series of dynamic random-access memory integrated circuits. A DIMM
is used in workstations and printers due to its larger size and shape. VRAM (video RAM) refers to any type of
random access memory (RAM) specifically used to store image data for a computer display. GDDR5 is the DDR5
memory for a graphics card, not a laptop. For the exam, if you are ever asked about installing memory in a small
form factor device or a laptop, the answer will usually be SODIMM.
28. Which of the following ports are used by the NetBIOS protocol to share files and printers
on a Windows network? (Select ANY that apply)?
 21
 443
 139
 110

The network basic input/output system (NetBIOS)/NetBIOS over TCP/IP (NetBT) is a session management protocol
used to provide name registration and resolution services on legacy Microsoft networks and those using WINS.
NetBIOS/NetBT operates on TCP/UDP ports 137 and 139. The hypertext transfer protocol secure (HTTPS) is a
secure protocol used to provide web content to browsers using SSL/TLS encryption over port 443. The file transfer
protocol (FTP) is the protocol used to transfer files across the internet over ports 20 and 21.

29. Which of the following is true of a dedicated video card in a computer system?
 Share the use of the system's memory
 Less expensive than an integrated video card
 Can be upgraded or replaced
 Cannot be upgraded or replaced

It is more expensive to have a dedicated GPU or video card, but it does provide higher performance than an
integrated GPU. A dedicated GPU also can be upgraded with a newer graphics card in the future to increase
performance. An integrated video card is built as part of the main system motherboard or CPU. An integrated GPU
is cheaper than a dedicated GPU, but it has limited performance and shares the use of the computer system's RAM.
An integrated video card cannot be upgraded since it is part of the processor or motherboard. If a system is being
designed for gaming, video editing, or 3D rendering, it should use a separate video card with a dedicated GPU.

30. Tom, a salesman, is trying to print a 3-page report to the network printer located in the
Sales department’s office space. He walks over to the printer but doesn’t see the pages
in the printer’s output tray. He checks the on-screen display of the printer, but he
doesn’t see any errors listed. Tom tries a few more times, but he gets the same results.
Frustrated, Tom selects the network printer for the Customer Service department and
sends his print job there. He walks over to their offices and finds his 3-page report
sitting in that printer’s output tray. Tom asks you to help him solve this printing problem.
What action should you take FIRST to help solve Tom’s problem?
 Stop and restart the PC's print spooler service using your administrator account
 Log in to the network's print server, stop and restart all of the shared
printer queues, and then try to reprint the document
 Ask one of Tom's coworkers to attempt to print something to the Sales department's
printer to verify it is working properly
 Verify that Tom has been sending the document to the correct network
printer's queue

The first thing you should do is verify that this problem is not caused by user error. To do this, you should verify
which network printer queue Tom had been sending the document to the first few times. You may wish to ask a
coworker to print to the Sales department's printer, but that would be your second step AFTER verifying the user
was printing to that print queue properly first. Since the print job was successful once Tom switched to another
printer, the PC's print spooler worked properly, so you don't need to restart it. You should not restart all of the
shared printer queues unless it is necessary because this would affect all company employees and is not necessary
to solve this issue.
31. Which of the following is an APIPA or link-local address?
 169.254.64.23
 192.168.1.34
 127.0.0.1
 33.52.7.83

IP addresses are either public, private, localhost, or APIPA addresses. Automatic Private IP Addressing (APIPA) is
a feature of Windows-based operating systems that enables a computer to automatically assign itself an IP address
when there is no Dynamic Host Configuration Protocol (DHCP) server available to perform that function. When a
host uses an APIPA address, it can communicate with other hosts on the same network using APIPA. Still, it cannot
reach other networks or communicate with hosts who have managed to obtain a valid DHCP lease. Any address
from 169.254.1.0 to 169.254.254.255 is considered an APIPA address. An APIPA address is also referred to as a
link-local address. A private IP address is in the range of 10.x.x.x, 172.16-31.x.x, or 192.168.x.x. A localhost IP is
127.0.0.1. All others are considered public IP addresses.

32. The projector in the Dion Training conference room is creating a distorted image when in
use. The technician measures the top of the screen at 72” wide and the bottom of the
screen at only 66” wide. The technician checks the projector’s resolution and the
resolution in the operating system’s display settings. They notice that they are both set
correctly to HDTV (1920 x 1080) mode. Which of the following settings on the project
should the technician adjust to fix this distortion?
 Color depth
 Brightness
 Keystone
 Contrast

A keystone effect occurs when the top of a projected image is wider or narrower than the bottom of the image. This
creates a trapezoid instead of a rectangular image and leads to distortion. To fix the keystone effect in an image, you
need to adjust the keystone setting in the projector. The brightness setting will increase or decrease the number of
lumens of the projected image to make it lighter or darker. The contrast is the amount of difference between the
whiteness and darkness in a projected image. Color depth defines how many unique colors can be displayed by the
projected image at once. Brightness, contrast, and color depth do not affect the size or shape of the image being
projected.

33. You have just installed a second monitor for a salesperson's workstation. The user wants
to clone the display so that both monitors show the exact same image. This will allow
them to see one of the displays while their customer sees the other from across their
desk. When you connect the second monitor and clone the display, the second monitor
displays text twice as large as the other monitor. Which of the following settings should
you configure?
 Extended mode
 Resolution
 Refresh rate
 Color depth

Most monitors have a default or native resolution. When you first connect a monitor to a Windows workstation, this
native resolution is detected, and Windows attempts to configure itself automatically. If this creates an imbalance
between the two monitors, a technician can adjust the screen's resolution by changing it in the Display settings area
of Windows 10. Color depth defines how many unique colors can be displayed by the projected image at once.
Refresh rate is the measure of how fast an image can be updated on a monitor or display. If a monitor has a lower
refresh rate, then blurring and ghosting can occur. The extended mode allows the Windows output to be stretched
across two or more monitors as if they were a single monitor. This can be configured under the Display settings in
Windows 10.

34. Which RAID solution will provide the BEST speed and redundancy for a backup and
disaster recovery server?
 RAID 5
 RAID 10
 RAID 0
 RAID 1

RAID 10 provides the system with both speed and efficiency. With RAID 10, the system has a mirror of striped disks
for full redundancy and double fault tolerance. RAID 10 configuration (also known as RAID 1+0) requires a
minimum of four disks and mirrors data across a striped disk pair. This is not only the best option presented in this
question but also the most expensive option. A RAID 0 provides disk striping (speed/performance) but not mirroring
with a minimum of two disks. A RAID 1 provides mirroring (redundancy) but not disk striping with a minimum of
two disks. A RAID 5 provides block-level striping with distributed parity to provide redundancy using a minimum of
three disks.

35. What type of expansion bus technology uses lanes with point-to-point communication
paths between two components on the motherboard?
 PCI
 AGP
 PCI-X
 PCIe

PCIe (Peripheral Component Interconnect Express) uses lanes between any two intercommunicating devices. This
utilizes a separated pair of wires for both directions of traffic. This increases the bus lanes' speed since there is no
possibility of collisions or waiting for other devices to finish communicating. PCIe (peripheral component
interconnect express) is an interface standard for connecting high-speed components. Every desktop PC
motherboard has some PCIe slots you can use to add GPUs (video cards or graphics cards), RAID cards, network
adapters, Wi-Fi cards, or SSD (solid-state drive) add-on cards. The types of PCIe slots available in your PC will
depend on your motherboard and are designated as PCIe x1, x4, x8, and x16. Graphics cards almost exclusively
rely on PCIe x16 expansion slots for their connectivity. AGP, PCI, and PCI-X are older technologies that rely on
shared busses for communication.

36. When using a Type 1 hypervisor virtualized environment, which of the following
hardware types is necessary to connect the VMs to the corporate network?
 VDI
 VNC
 Virtual NIC
 VPN

A virtual machine includes a virtual NIC. A virtual NIC is a type of virtual adapter that can be configured on logical
partitions to provide a network interface. This virtual NIC can be paired and mapped to a physical NIC to get the
VM onto the network. Virtual Desktop Infrastructure (VDI) is a software technology that separates the desktop
environment and associated application software from the physical client device that is used to access it. A virtual
private network (VPN) extends a private network across a public network and enables users to send and receive
data across shared or public networks as if their computing devices were directly connected to the private network.
Virtual Network Computing (VNC) is a cross-platform screen sharing system that was created to remotely control
another computer from a distance by a remote user from a secondary device as though they were sitting right in
front of it.

Exam-3
1. Which of the following is a connection-oriented protocol that utilizes TCP?
 TFTP
 SSH
 DHCP
 SNMP

The transmission control protocol (TCP) is a protocol in the TCP/IP suite that operates at the transport layer to
provide connection-oriented, guaranteed delivery of packets. Hosts must first establish a session to exchange data
and then confirm the delivery of packets using acknowledgments when using TCP. TCP is relatively slow in
comparison to UDP. Secure shell (SSH) is the protocol used for remote administration and file copying using TCP
port 22. SSH is considered secure since it uses authenticated and encrypted sessions for communication. The trivial
file transfer protocol (TFTP) is a protocol used to get a file from a remote host or put a file onto a remote host.
TFTP is commonly used with embedded devices or systems that retrieve firmware, configuration information, or a
system image during the boot process. TFTP operates over UDP port 69. The simple network management protocol
(SNMP) is a protocol for monitoring and managing network devices over UDP ports 161 and 162. A management
system collates data sent by agents running on each device. The agents maintain a Management Information Base
of configuration and usage data. An agent can also generate a trap, alerting the management system of some
notable event (such as a printer that is out of paper). The dynamic host control protocol (DHCP) is a protocol used
to allocate IP addresses to a host when it joins a network. DHCP utilizes UDP ports 67 and 68.

2. Which of the following technologies combines the functionality of a firewall, malware

scanner, and other security appliances into one device?
 UTM
 IDS
 Syslog
 IPS

A Unified Threat Management (UTM) appliance enforces a variety of security-related measures, combining the
work of a firewall, malware scanner, and intrusion detection/prevention. A UTM centralizes the threat management
service, providing simpler configuration and reporting than isolated applications spread across several servers or
devices. An intrusion detection system (IDS) is a device or software application that monitors a network or system
for malicious activity or policy violations. Any malicious activity or violation is typically reported to an
administrator or collected centrally using a security information and event management system. Unlike an IPS,
which can stop malicious activity or policy violations, an IDS can only log these issues and not stop them. An
intrusion prevention system (IPS) conducts the same functions as an IDS but can also block or take actions against
malicious events. A Syslog server is a server that collects diagnostic and monitoring data from the hosts and
network devices across a given network.

3. Jason, a computer technician, is troubleshooting a motherboard. He has determined that

the motherboard needs to be replaced in the laptop. Which of the following next step
should be performed next? (Choose TWO)?
 Disconnect laptop keyboard before disconnecting the battery
 Documentation of all screws and locations
 Read owners' manual for procedures and steps to avoid breaking the
warranty
  Use portable power driver to remove screws

It is essential to read the owner's manual before starting anything. The next step is to document all screws and
locations because lots of these tiny screws are not equal and have different depths. If you don't document which
screws go into which holes, you could insert them into the wrong place and waste a lot of time or cause damage to
the laptop. You should avoid using a portable power drive to remove screws as they can generate electromagnetic
interference due to their electrical motors. The laptop's keyboard would be disconnected after disconnecting the
battery, not before.

4. You are working as part of the server team for an online retail store. Due to the
upcoming holidays, your boss is worried that the current servers may not be able to
handle the increased demand during a big sale. Which of the following cloud computing
concepts can quickly allow services to scale upward during busy periods and scale down
during slower periods based on the changing user demand?
 Resource pooling
 On-demand
 Rapid elasticity
 Metered services

Rapid elasticity is used to describe scalable provisioning or the capability to provide scalable cloud computing
services. Rapid elasticity is very critical to meet the fluctuating demands of cloud users. The downside of rapid
elasticity implementations is that they can cause significant loading of the system due to the high resource number
of allocation and deallocation requests. Resource pooling refers to the concept that allows a virtual environment to
allocate memory and processing capacity for a VMs use. On-demand refers to the fact that a consumer can
unilaterally provision computing capabilities, such as server time and network storage, as needed automatically
without requiring human interaction with each service provider. Metered services are pre-paid, a-la-carte, pay-per-
use, or committed offerings. A metered service like a database may charge its users based on the actual usage of the
service resources on an hourly or monthly basis. For example, Dion Training used the AWS Lambda serverless
product in some of our automation. This service charges us $0.20 for every 1 million requests processed.

5. What type of cloud service bills consumers based on the actual usage of the service and
may charge different prices based on the time of day it was utilized?
 Resource pooling
 On-demand
 Metered services
 Measured services

Metered services are pre-paid, a-la-carte, pay-per-use, or committed offerings. A metered service like a database
may charge its users based on the actual usage of the service resources on an hourly or monthly basis. For example,
Dion Training used the AWS Lambda serverless product in some of our automation. This service charges us $0.20
for every 1 million requests processed. Resource pooling refers to the concept that allows a virtual environment to
allocate memory and processing capacity for a VMs use. Rapid elasticity is used to describe scalable provisioning
or the capability to provide scalable cloud computing services. Rapid elasticity is very critical to meet the
fluctuating demands of cloud users. The downside of rapid elasticity implementations is that they can cause
significant loading of the system due to the high resource number of allocation and deallocation requests. Measured
service is a term that IT professionals apply to cloud computing that references services where the cloud provider
measures or monitors the provision of services for various reasons, including billing, effective use of resources, or
overall predictive planning.
6. Jason is teaching a CompTIA course at a large company, but they do not allow non-
employees to connect to their network. Since Jason needs the Internet for an in-class
demonstration, he connects his laptop to his iPhone using a USB cable. He essentially
connects to the Internet using the smartphone as a modem. Which of the following
terms best describes this configuration?
 Baseband update
 Hotspot
 Tethering
 Tunneling

Tethering is the use of a mobile device’s cellular data plan to provide Internet access to a laptop or PC. The PC can
be tethered to the mobile by USB, Bluetooth, or Wi-Fi. One method of doing this is to connect the laptop to the
device using a USB cable, and then it can be used as a wired network connection. A portable hotspot is a dedicated
mobile device that connects to a cellular network and provides a wireless (Wi-Fi) network for a small number of
users. A tunneling (or encapsulation) protocol wraps up data from one protocol for transfer over a different type of
network. For example, PPP can carry TCP/IP data over a dial-up line, enabling a remote computer to communicate
with the LAN. A baseband update is the modification of the firmware of a cellular modem.

7. John is setting up 100 Windows 10 computers for a new corporate office. He wants to
ensure that unauthorized applications are prevented from being installed during the
bootup process. What feature should he ensure is enabled?
 RAM integrity checking
 Secure Boot
 Full disk encryption
 BIOS password required

The purpose of Secure Boot is to prevent malicious and unauthorized apps from loading into the operating system
(OS) during the startup process. Secure Boot is enabled by default in Windows 10. When the PC starts, the firmware
checks the signature of each piece of boot software, including UEFI firmware drivers (also known as Option
ROMs), EFI applications, and the operating system. If the signatures are valid, the PC boots and the firmware gives
control to the operating system. The OEM can use instructions from the firmware manufacturer to create Secure
boot keys and to store them in the PC firmware. When you add UEFI drivers, you'll also need to make sure these are
signed and included in the Secure Boot database. Full disk encryption is used to encrypt the user and system data
stored in the device’s internal storage. RAM integrity checking is conducted by default on most systems during the
initial boot process but it doesn't check the contents of the memory for malware. The BIOS password would prevent
the system from booting up without the correct password being entered, but this would not prevent unauthorized
applications from being installed during the bootup process.

8. Peter is attempting to print to his office printer, but nothing comes out. Yesterday, his
printer was working just fine. Peter does not notice any errors on the taskbar's printer
icon. Which of the following actions should Peter try FIRST to solve this issue?
 Check that the printer is not offline
 Check to ensure the printer selected is the default printer
 Check the status of the print server queue
 Cancel all documents and print them again

When this issue occurs, it is often because the system properly sent the print job to the print queue, but the print
queue has become stuck. If no error is shown in the taskbar's printer icon, the user should open the print queue to
determine if the print job has become stuck. If it is, then the print queue can be emptied or reset.
9. A user called the help desk to complain about an issue with their laptop's keyboard.
Every time they type a word like "help" or "none," it is displayed as something cryptic
like "he3p" or "n6ne". Which of the following is the MOST likely cause of this issue with
the laptop keyboard?
 The keyboard has some crumbs or debris that has fallen under the keys
 The NumLock has been enabled for the laptop
 The keyboard is faulty and needs to be replaced
 The keyboard driver needs to be updated

Most keyboards have a numeric side (numbers only) and an alphanumeric side (numbers and letters and symbols).
However, to minimize space usage, companies create some keyboards with the alphanumeric side only. This is quite
common in laptops that insist on minimizing space for the sake of portability, as seen on mini-laptops and
notebooks. Usually, the alphanumeric side is split into function keys (F1 to F12), followed by numeric keys (0-9),
and then alphabetic keys (A-Z). To fix this, the fastest way to do this is to turn off NumLock using your laptop
keyboard. If you hit the NumLock key, it will turn off. A light beside the key or on the laptop's top will go off to
confirm that the NumLock is disabled.

10. Your company received a large bill for file storage from your online cloud provider this
month. Upon investigation, you noticed that one of your employees has uploaded over 1
TB of data to the service. What type of plan is your company utilizing?
 A metered plan
 An on-demand plan
 A non-metered plan
 A flat-fee plan

This scenario describes a measured or metered service plan. For every file or amount of data uploaded, there is an
associated fee. It is important to understand what plan your organization is using and match your company's use
case to avoid an end of the month billing surprise. Metered services are pre-paid, a-la-carte, pay-per-use, or
committed offerings. A metered service like a database may charge its users based on the actual usage of the service
resources on an hourly or monthly basis. For example, Dion Training used the AWS Lambda serverless product in
some of our automation. This service charges us $0.20 for every 1 million requests processed.

11. Which of the following protocols operates over port 139 by default?
 IMAP
 NetBIOS
 SMB
 HTTPS

The network basic input/output system (NetBIOS)/NetBIOS over TCP/IP (NetBT) is a session management protocol
used to provide name registration and resolution services on legacy Microsoft networks and those using WINS.
NetBIOS/NetBT operates on TCP/UDP ports 137 and 139. The internet message access protocol (IMAP) is a
TCP/IP application protocol that provides a means for a client to access email messages stored in a mailbox on a
remote server using TCP port number 143. Unlike POP3, messages persist on the server after the client has
downloaded them. IMAP also supports mailbox management functions, such as creating subfolders and access to
the same mailbox by more than one client at the same time. The hypertext transfer protocol secure (HTTPS) is a
secure protocol used to provide web content to browsers using SSL/TLS encryption over port 443. The server
message block (SMB)/common internet file system (CIFS) is a protocol used for requesting files from Windows
servers and delivering them to clients. SMB allows machines to share files and printers, thereby making them
available for other machines to use. Samba software allows UNIX and Linux servers or NAS appliances to run SMB
services for Windows clients. SMB operates on port 445.
12. Which type of internet connection is terminated at a local switching center and requires
a different media type between the switching center and the end customer?
 Cable
 Fiber
 DSL
 Satellite

DSL is a technology used to transmit multimedia traffic at high-bit rates over twisted-pair copper wire (over
ordinary telephone lines). This allows the telecommunications company to connect a user's home to the local
switching center using normal telephone lines, then connect that local switching center (using a DSLAM to
multiplex the connections) to the central office over a single high-speed cable (such as a fiber connection). "Fiber to
the X" (FTTx) is commonly used to describe where the fiber connection ends between the service and the subscriber.
The closer the fiber is to the user's network, the faster the service. FTTH (fiber to the house) provides fiber directly
to the user's home network making it the fastest option. Traditionally, you will find a 1 Gbps connection or higher
with FTTH. FTTN (fiber to the node) or FTTC (fiber to the curb/cabinet) provides fiber only to the local area or
neighborhood but then uses copper cabling from the node/cabinet/curb to the home network, which slows down the
network (generally, 100-200 Mbps). HFC (Hybrid Fiber Coax) is similar to FTTN/FTTC, except that coaxial cable
is used from the cabinet to the home to increase the speed (generally 300-500 Mbps). A cable modem is a type of
network bridge that provides bi-directional data communication via radio frequency channels on a hybrid fiber-
coaxial (HFC), radio frequency over glass (RFoG), and coaxial cable infrastructure. Cable modems are primarily
used to deliver broadband internet access as cable internet, taking advantage of an HFC and RFoG network's high
bandwidth. Satellite systems provide far bigger areas of coverage than can be achieved using other technologies. A
Very Small Aperture Terminal (VSAT) microwave antenna is aligned to an orbital satellite that can either relay
signals between sites directly or via another satellite.

13. You are working as a technician for a college. One of the professors has submitted a
trouble ticket stating that the projector connected to the workstation in his classroom is
too dim. You look at the image being projected on the wall and notice it is dim, but the
image appears to be displayed clearly and correctly. What is the FIRST thing you should
do to make the image brighter?
 Update the video driver on the workstation
 Increase the contrast on the projector
 Replace the bulb in the projector
 Modify the workstation's video resolution

If the image being displayed is dim, this could be an issue with your project's contrast. By increasing the contrast,
you can increase the amount of light reflected from an all white image and an all black image. The higher the
contrast ratio, the brighter the whites will appear in the image. For example, if you have a projector with a 3000:1
contrast ratio, this means that the white image is 3000 times brighter than the black image. The higher the contrast
ratio, the more detail you can see on the projected image, regardless of whether it is numbers, pictures, graphs, text,
or video. Contrast is what makes it possible for us to see the subtle shades of colors. If the project supports the
contrast or contrast ratio adjustment, you should increase the contrast to brighten the screen's image.

14. Which of the following types of laptop displays would utilize a fluorescent backlight to
illuminate the image?
 LED
 OLED
 LCD
 Plasma
A LCD (TFT) with fluorescent backlight has been the standard display technology for the last few years. The
backlight is a fluorescent bulb that illuminates the image, making it bright and clear. An inverter supplies the
correct AC voltage to the backlight from the laptop's DC power circuits. More modern laptops use LED displays
that replace the fluorescent backlight with an LED backlight. OLED and plasma displays do not use a backlight.

15. Jonni’s laptop works perfectly when sitting at his desk. Whenever Jonni moves his laptop
from his desk to the conference room, though, the laptop unexpectedly powers off. A
technician examines the laptop and does not smell any unusual odors coming from it.
Which of the following is MOST likely causing the laptop to lose power when moved?
 The laptop’s CMOS battery has failed
 The laptop’s battery connection is loose
 The laptop has inadequate airflow and is overheating
 The laptop’s motherboard has a swollen capacitor

If the laptop loses power when moved, this is most likely a loose battery connection. Since the laptop operates
without any issues when on the user’s desk, it indicates that the connection comes loose during movement. If the
laptop had inadequate airflow, it intermittently shuts down at random times and not only when moved. If the laptop
had a swollen capacitor, the technician would smell a foul odor coming from the motherboard. If the CMOS battery
has failed, then it would cause the laptop to lose its date/time settings but the laptop would not shut down
intermittently.

16. Which of the following devices should be installed as an intermediary between your
clients and the web servers they want to connect to make an HTTP request from the
client, check it, and then forward it to its destination?
 DHCP server
 File server
 DNS server
 Proxy server

A proxy server takes a whole HTTP request from a client, checks it, then forwards it to the destination computer on
the Internet. When the reply comes back, it checks it and then shuttles it back to the LAN computer. A proxy can be
used for other types of traffic too. A proxy server can usually operate either as a transparent service, in which case
the client requires no special configuration or as a non-transparent service that requires configuration. A proxy
server is a server that acts as an intermediary between a client requesting a resource and the server that provides
that resource. A proxy server can be used to filter content and websites from reaching a user. A file server is used to
host and control access to shared files and folders for the organization. A dynamic host configuration protocol
(DHCP) server is a server configured with a range of addresses to lease. Hosts can be allocated an IP address
dynamically or be assigned a reserved IP address based on the host's MAC address. The server can also provide
other configuration information, such as the location of DNS servers. A domain name system (DNS) server is a
server that hosts the database of domain names and the IP addresses mapped to those names. Each DNS server is
authoritative for certain domain names that their organization owns.

17. Which of the following sequence of events properly identifies the steps of a laser
printer’s imaging process?
 Cleaning, charging, developing, exposing, transferring, fusing, and
processing
 Charging, processing, exposing, transferring, developing, fusing, and cleaning
 Processing, charging, exposing, developing, transferring, fusing, and
cleaning
 Developing, processing, charging, exposing, cleaning, transferring, and fusing
The proper sequence of events when printing a document using a laser printer is processing, charging, exposing,
developing, transferring, fusing, and cleaning. This is referred to as the imaging process.

18. A technician at Dion Training is troubleshooting an issue with a workstation. The

technician believes that the motherboard needs to be replaced based on the symptoms
they observed. Which of the following symptoms did the technician likely observe to
lead them to this conclusion?
 Incorrect date/time on the workstation
 Continuous reboot
 Burning smell
 Distended capacitors

A foul odor is indicative of a distended capacitor. The incorrect date/time on the workstation is indicative of a dead
CMOS battery. A burning smell is indicative of a bad power supply. Hardware failure or system instability can
cause the computer to reboot continuously. The problem could be the RAM, hard drive, power supply, graphics card,
or external devices. Based on the symptoms of a continuous reboot, the supervisor likely suspected the RAM as the
cause of the issue.

19. Which of the following provides a cryptographic authentication mechanism to positively

identify an organization as the authorized sender of email for a particular domain name?
 SPF
 DMARC
 DKIM
 SMTP

DomainKeys Identified Mail (DKIM) provides a cryptographic authentication mechanism. This can replace or
supplement SPF. To configure DKIM, the organization uploads a public key as a TXT record in the DNS server.
Sender Policy Framework (SPF) uses a DNS record published by an organization hosting an email service. The
SPF record identifies the hosts authorized to send emails from that domain, and there must be only one per domain.
SPF does not provide a cryptographic authentication mechanism like DKIM does, though. The Domain-Based
Message Authentication, Reporting, and Conformance (DMARC) framework can ensure that SPF and DKIM are
being utilized effectively. DMARC relies on DKMI for the cryptographic authentication mechanism, making it the
incorrect option for this question. The simple mail transfer protocol (SMTP) is a communication protocol for
electronic mail transmission, which does not utilize cryptographic authentication mechanisms by default.

20. Which type of cloud service provides users with an end-to-end application solution for a
recurring monthly or yearly fee?
 PaaS
 SaaS
 DaaS
 IaaS

Software as a service (or SaaS) is a way of delivering applications over the Internet as a service. Instead of
installing and maintaining software, you access it via the Internet, freeing yourself from complex software and
hardware management. It allows a company to pay a monthly or yearly fee to receive access to the software without
managing the software locally within their own network. For example, many small businesses use Shopify to create
an online e-commerce store that is classified as a SaaS product. Other examples include G Suite, Office 365, or
Adobe Creative Cloud. Platform as a Service (PaaS) is a cloud computing service that enables consumers to rent
fully configured systems that are set up for specific purposes. Infrastructure as a Service (IaaS) is a cloud computing
service that enables a consumer to outsource computing equipment purchases and running their own data center.
Desktop as a Service (DaaS) provides a full virtualized desktop environment from within a cloud-based service. This
is also known as VDI (Virtualized Desktop Infrastructure) and is coming in large enterprise businesses focused on
increasing their security and minimizing their operational expenses.

21. Which type of internet connection allows for high-speed bi-directional data
communication over a hybrid fiber-coaxial (HFC) connection?
 Fiber
 DSL
 Cable
 Satellite

A cable modem is a type of network bridge that provides bi-directional data communication via radio frequency
channels on a hybrid fiber-coaxial (HFC), radio frequency over glass (RFoG), and coaxial cable infrastructure.
Cable modems are primarily used to deliver broadband internet access as cable internet, taking advantage of an
HFC and RFoG network's high bandwidth. "Fiber to the X" (FTTx) is commonly used to describe where the fiber
connection ends between the service and the subscriber. The closer the fiber is to the user's network, the faster the
service. FTTH (fiber to the house) provides fiber directly to the user's home network making it the fastest option.
Traditionally, you will find a 1 Gbps connection or higher with FTTH. FTTN (fiber to the node) or FTTC (fiber to
the curb/cabinet) provides fiber only to the local area or neighborhood but then uses copper cabling from the
node/cabinet/curb to the home network, which slows down the network (generally, 100-200 Mbps). Satellite systems
provide far bigger areas of coverage than can be achieved using other technologies. A Very Small Aperture Terminal
(VSAT) microwave antenna is aligned to an orbital satellite that can either relay signals between sites directly or via
another satellite. DSL is a technology used to transmit multimedia traffic at high-bit rates over twisted-pair copper
wire (over ordinary telephone lines). This allows the telecommunications company to connect a user's home to the
local switching center using normal telephone lines, then connect that local switching center (using a DSLAM to
multiplex the connections) to the central office over a single high-speed cable (such as a fiber connection).

22. Which cloud computing concept allows users to store files on a cloud-based server when
necessary and copy that data from the cloud, and put it back on the device when space
once again becomes available on the device?
 Resource pooling
 Shared resources
 On-demand
 Synchronization application

On-demand refers to the fact that a consumer can unilaterally provision computing capabilities, such as server time
and network storage, as needed automatically without requiring human interaction with each service provider. In
this question, the cloud storage is provisioned and deprovisioned automatically for the user, and thereby it would be
categorized as on-demand. Resource pooling refers to the concept that allows a virtual environment to allocate
memory and processing capacity for a VMs use. Using a synchronization app can allow the files to be stored on
both the laptop and the cloud service while maintaining the latest versions in both places. This allows a user to
synchronize content between all of their own devices as well as share their cloud storage content with other users.
Multiple users can simultaneously access the content to work collaboratively, or they can access it at different times.
Each user's changes are typically marked with a flag or color highlighting to indicate who made changes to what
content. Shared resources are any resources shared by multiple users or systems within an internal or cloud-based
network.
23. You are troubleshooting an issue on a client's computer and need to make some
computer changes to test your theory of probable cause. What should you do BEFORE
you make any changes to the computer to test your theory?
 Provide the customer with an invoice for the work
 Verify that a recent backup of all of the client's important files has been
created
 Order a spare power supply in case you need to replace it
 Create a system restore point in the operating system

You should always ensure that a recent backup of all of the client's important and critical files has been created
before making any changes to the computer. After all, it is easy to replace hardware if you break the computer, but
the client's personal files may be irreplaceable. For example, if you accidentally delete or remove the customer's
pictures of their baby, you can't just take new baby pictures to replace them!.

24. You are working as a laptop repair technician. You just received a laptop that was
reported to have a glass of water spilled on it. You want to examine the components in
the laptop to begin troubleshooting it. What are the first steps you should take as part of
your troubleshooting process?
 Consult your coworkers for suggestions and advice
 Remove the external casing of the laptop and document the screw locations
 Watch a YouTube video for tutorials on how to fix this model of laptop
 Submerge the laptop in a large bowl of rice to fully dry out the inner
components

When you are taking apart a laptop, it is important to keep track of each of the screws and the location that they
were removed from. Many of the screws may appear to be the same height or width, but they may be different. One
easy way to keep track of these parts is to create a grid on a sheet of printer paper and place the screws on this
makeshift diagram. While the other options may be useful, the question asks you what you should do first to examine
the laptop components. To perform that examination, you must remove the external casing and its screws.

25. Dion Training has just installed a new web server and created an A record for
DionTraining.com. When users try entering www.DionTraining.com, though, they get an
error. You tell their network administrator that the problem is because he forgot to add
the appropriate DNS record to create an alias for www to the domain's root. Which type
of DNS record should be added to fix this issue?
 PTR
 NS
 AAAA
 CNAME

A CNAME record is a canonical name or alias name, which associates one domain name as an alias of another
(like beta.diontraining.com and www.diontraining.com could refer to the same website using a CNAME). An AAAA
record associates your domain name with an IPv6 address. A Name Server (NS) is for identifying authoritative name
servers. A Pointer (PTR) is for reverse DNS lookups.
26. The large multi-function network printer has recently begun to print pages that appear
to have a dust-like coating when handled by the users. Which of the following
components should be replaced based on this description?
 Scanner assembly
 Drum
 Toner cartridge
 Fuser

The printer passes the paper through the fuser, a pair of heated rollers. As the paper passes through these rollers,
the loose toner powder melts, fusing with the paper's fibers. The fuser rolls the paper to the output tray, and you
have your finished page. The fuser also heats the paper itself, of course, which is why pages are always hot when
they come out of a laser printer or photocopier. If the paper feels dusty or the toner doesn't adhere to the printer,
this usually indicates a failing fuser that needs to be replaced.

27. A computer technician is configuring a NAS for a company to store their corporate data.
The technician has installed two 1 TB hard drives operating at 7200 RPM in a RAID 1
configuration. How much usable storage space is contained in the NAS?
 1.5 TB
 1 TB
 2 TB
 0.5 TB

A RAID 1 provides mirroring (redundancy) but not disk striping with a minimum of two disks. Since the NAS is
using a RAID 1 configuration, it is a mirrored array. Both 1 TB HDDs are installed, but a full copy of the data must
be contained on each drive. Therefore, there is still only 1 TB of usable storage capacity in the NAS.

28. Which of the following metrics should you consider to compare the performance of an
SSD or HDD?
 Seek time
 Latency
 Bandwidth
 IOPS

The input/output operations per second (IOPS) is a measurement of performance used to compare a hard disk drive
(HDD) and solid-state device (SSD). The IOPS is calculated based on the physical constraints of the media being
used. For a hard disk drive, the IOPS is calculated by dividing 1000 milliseconds by the combined average seek
time and average latency. The seek time only applies to a traditional hard drive since it calculates the time it takes
to move the head to the proper storage location on the platter. For an SSD, there is no seek time used since it can
instantly access any portion of the memory without physically moving a read head.

29. What RAID level requires at least three hard disks to operate?
 RAID 0
 RAID 5
 RAID 10
 RAID 1

RAID 5 requires at least three hard disks to operate. There is no maximum number of disks required. The parity data
is spread across all drives to provide redundancy, which allows the array to operate even with one of the drives
fails. RAID 5 is considered one of the most popular and widely used RAID configurations. A RAID 5 provides block-
level striping with distributed parity to provide redundancy using a minimum of three disks. A RAID 0 provides disk
striping (speed/performance) but not mirroring with a minimum of two disks. A RAID 1 provides mirroring
(redundancy) but not disk striping with a minimum of two disks. A RAID 10 combines disk mirroring and disk
striping to protect data stored in the array and required a minimum of four disks.

30. What type of cloud service would provide you with a complete development and
deployment environment in the cloud for you to create customized cloud-based apps?
 DaaS
 PaaS
 IaaS
 SaaS

Platform as a service (PaaS) is a complete development and deployment environment in the cloud, with resources
that enable you to deliver everything from simple cloud-based apps to sophisticated, cloud-enabled enterprise
applications. You purchase the resources you need from a cloud service provider on a pay-as-you-go basis and
access them over a secure Internet connection. PaaS includes infrastructure (servers, storage, and networking) and
middleware, development tools, business intelligence (BI) services, database management systems, and more. PaaS
allows you to avoid the expense and complexity of buying and managing software licenses, the underlying
application infrastructure and middleware, container orchestrators, or the development tools and other resources.
You manage the applications and services you develop, and the cloud service provider typically manages everything
else. Infrastructure as a Service (IaaS) is a cloud computing service that enables a consumer to outsource
computing equipment purchases and running their own data center. Software as a Service (SaaS) is a cloud
computing service that enables a service provider to make applications available over the Internet to end-users.
This can be a calendar, scheduling, invoicing, word processor, database, or other programs. For example, Google
Docs and Office 365 are both word processing SaaS solutions. Desktop as a Service (DaaS) provides a full
virtualized desktop environment from within a cloud-based service. This is also known as VDI (Virtualized Desktop
Infrastructure) and is coming in large enterprise businesses focused on increasing their security and minimizing
their operational expenses.
 Exam-5
1. The large multi-function printer in your office is shared between 12 people.
Unfortunately, it has stopped working, and the technicians have determined it must be
replaced. A new printer has been ordered, but it will be 2 weeks until it arrives. The only
other printer available in your office is the manager’s printer, but it is connected via USB
to their workstation. One of the technicians would like to share the manager’s printer
with the other 12 employees for the next 2 weeks as a temporary workaround.
Unfortunately, there are no spare wired network jacks available in the office to connect
the printer to the network directly, but there is a wireless access point nearby. Which of
the following is the BEST way for the technician to allow the 12 employees to access the
manager’s printer?
 Configure a new printer on each user's workstation and point it to the manager's IP
address
 Purchase a portable wireless print server and connect the printer to it
using USB
 Share the printer directly from the manager's computer by creating a share
and giving the other employee's access rights to the share
 Provide a USB thumb drive to each employee so that they can transfer their files to
the manager's computer for direct printing

The BEST solution would be to use a wireless print server to connect the printer to it using USB. This wireless print
server can then receive the print jobs directly from all of the network users. It is not recommended that the
technician create a share on the manager's computer or set the printer configuration to the manager's IP address
since all print jobs would fail anytime the manager shut down or restarted their computer. Using a USB drive to
transfer the files to the manager's computer each time someone wanted to print is also not a good solution since this
is difficult for the users and will be disrupting the manager's work every time someone needed to print something.

2. Which of the following network performance metrics is used to represent variable delay
experienced by a client when receiving packets from a sender?
 Throughput
 Bandwidth
 Jitter
 Latency

Jitter is a network condition that occurs when a time delay in the sending of data packets over a network connection
occurs. Jitter is a big problem for any real-time applications you may be supporting on your networks, like video
conferences, voice-over IP, and virtual desktop infrastructure clients. Latency is the measure of time that it takes for
data to reach its destination across a network. Usually, we measure network latency as the round-trip time from a
workstation to the distant end and back. Throughput is an actual measure of how much data is successfully
transferred from the source to a destination. Bandwidth is the maximum rate of data transfer across a given
network. Now, bandwidth is more of a theoretical concept that measures how much data could be transferred from a
source to a destination under ideal conditions. Therefore, we often measure throughput, instead of bandwidth, to
monitor our network performance.
3. You are attempting to install a full-sized PCIe network interface card into a 1U server,
but it is too tall to fit into the machine. Which of the following do you need to install first
to install the full-sized PCIe network interface card into the server?
 PCIe x16 card
 Riser card
 SCSI card
 AGP card

A riser card is a right-angle expansion card used to extend a slot for a card in a computer to make room to plug it
in. They are most commonly used in low-profile, 1U and 2U rackmount chassis or embedded systems. Riser cards
plug into their respective bus (they are available for PCI, PCI-X, AGP, AGP Pro, PCI Express, ISA, or other busses)
and rotate the peripheral cards plugged into the riser card so that they are parallel with the motherboard. Riser
cards are available in 1-slot passive risers up to 3-slot passive riser cards for 2U rackmounts. An AGP, SCSI, or
PCIe x16 expansion card is a fixed size and shape that cannot be reduced to fit in a 1U server.

4. Which cloud computing concept is BEST described as focusing on replacing the

hardware and software required when creating and testing new applications and
programs from a customer's environment with cloud-based resources?
 PaaS
 SECaaS
 SaaS
 IaaS

Platform as a Service (PaaS) is a cloud computing service that enables consumers to rent fully configured systems
that are set up for specific purposes. Platform as a Service (PaaS) provides the end-user with a development
environment without all the hassle of configuring and installing it themselves. If you want to develop a customized
or specialized program, PaaS helps reduce the development time and overall costs by providing a ready to use
platform. Infrastructure as a Service (IaaS) is a cloud computing service that enables a consumer to outsource
computing equipment purchases and running their own data center. Software as a Service (SaaS) is a cloud
computing service that enables a service provider to make applications available over the Internet to end-users.
This can be a calendar, scheduling, invoicing, word processor, database, or other programs. For example, Google
Docs and Office 365 are both word processing SaaS solutions. Security as a service is a business model in which a
service provider integrates their security services into a corporate infrastructure on a subscription basis more cost-
effectively than most individuals or corporations can provide on their own when the total cost of ownership is
considered.

5. Which of the following components of a laser printer is used to apply an electric charge
to the paper so that the paper attracts toner to it during the imaging process?
 Separation pad
 Transfer roller
 Fuser assembly
 Pickup roller

The transfer roller is the component in a laser printer that applies an electric charge to the paper to attract toner
from the photoconductor during the imaging process. The pickup roller is the component in a laser printer that turns
above a stack of paper to feed a sheet into the feed roller. The separation pad is the component in a laser printer
that acts as a stationary pad in the paper tray to push the stack of paper backward to allow only a single sheet to be
fed into the printer. The fuser assembly is the component in a laser printer that fixes toner to media. This is typically
a combination of a heat and pressure roller, though non-contact flash fusing using xenon lamps is found on some
high-end printers.

6. There is a crinkling sound coming from the laser printer in the Dion Training offices.
During their investigation, a technician observes that the images are printing at an
angle on the pages. Which of the following should the technician do to fix this problem?
 Clean the transfer drum
 Clear the page counter
 Replace the toner
 Replace the rollers

If the rollers become unevenly worn, they will feed the pages in at an angle causing the misalignment in the printed
output. To fix this issue, the rollers should be replaced. The page country, toner, and transfer drum will not affect the
angle of the printed images on the paper.

7. You have been dispatched to a customer's office to help them fix their printer. You have
asked the customer what the issue is, and the customer states, "The printer will not
work." You ask a few follow-up questions to understand the situation better and ask if
any error messages were displayed. Which of the following steps of the CompTIA
troubleshooting methodology best describes the actions you are currently taking?
 Identify the problem
 Establish a plan of action to resolve the problem and then implement the solution
 Test the theory to determine the cause
 Verify full system functionality and, if applicable, implement preventative measures

Based on the description in the question, it appears you are trying to gather more information about the problem
and its symptoms for you to identify the problem. For the exam, you must be able to list and identify the 6 steps of
the CompTIA troubleshooting methodology in order:

(1) Identify the problem.

(2) Establish a theory of probable cause.
(3) Test the theory to determine the cause.
(4) Establish a plan of action to resolve the problem and then implement the solution.
(5) Verify full system functionality and, if applicable, implement preventative measures.
(6) Document findings, actions, and outcomes.

8. Which of the following hard drive form factors would be connected to your laptop
internally using a Micro SATA connection?
 M.2
 1.8"
 2.5"
 3.5"

A laptop hard drive usually comes in either the 2.5" form factor or the 1.8" form factor. When a 1.8" form factor is
used, the drive is connected to the laptop using a Micro SATA connector since a regular SATA connector will not fit
due to the connector's larger size. An M.2 is a new set of form factors for an SSD that uses a mini card interface that
is faster than a SATA connection. A 3.5" drive is only used in desktops and some networked file servers.
9. What printer concept is a page description language that produces faster outputs at the
expense of quality?
 PostScript
 Line Printer Daemon
 Internet Printing Protocol
 Printer control language

Both the printer control language (PCL) and PostScript (PS) are page description languages, but PCL produces
faster outputs that are of lower quality. The printer control language (PCL) is a page description language used to
tell printers how to properly layout and print the contents of a document on a page. PCL is a common printing
language that is supported by many different printer manufacturers. PostScript (PS) is a page description language
used in the electronic publishing and desktop publishing business. PCL is faster to print than PS. PS is slower but
produces higher quality outputs. The Internet Printing Protocol (IPP) is a specialized Internet protocol for
communication between client devices and printers (or print servers) using the HTTP protocol for data transport.
The Line Printer Daemon (LPD) protocol is a network printing protocol for submitting print jobs to a remote
printer. LPD is an older protocol than IPP.

10. You are building a virtualization environment to practice your penetration testing skills.
This will require that you install several vulnerable Linux distributions as VMs. The VMs
need to have access to a virtualized network but should not communicate with the host
operating system or the internet. Which of the following types of network connections
should you configure for each VM?
 External
 Private
 Localhost
 Internal

The private network connection type will create a switch that is usable only by the VMs. The VMs cannot use the
switch to communicate with the host. If you select internal, it can communicate between the host and the VMs. If you
select external, the VMs would have internet access. If you select localhost, each VM could only communicate with
itself.

11. Which type of technology imitates hardware without relying on the CPU being able to
run the software code directly?
 Emulator
 Simulator
 Hypervisor
 Virtual machine

Emulators emulate hardware without relying on the CPU being able to run code directly. Virtual machines use CPU
self-virtualization, to whatever extent it exists, to provide a virtualized interface to the real hardware. A simulator is
a limited scope that is usually used in training to mimic a real system's functionality. Emulators were created before
virtualization and operate much slower than a true virtualization environment with a hypervisor.

12. You are troubleshooting a Windows 10 workstation for a customer. You have identified
the problem and performed a quick backup of the system. What is the NEXT step in the
troubleshooting methodology?
 Test the theory to determine the cause
 Establish a plan of action to resolve the problem and implement the solution
 Document findings, actions, and outcomes
 Establish a theory of probable cause
For the exam, it is important that you can list and identify the 6 steps of the CompTIA troubleshooting methodology
in order. (1) Identify the problem. (2) Establish a theory of probable cause (question the obvious). (3) Test the theory
to determine the cause. (4) Establish a plan of action to resolve the problem and then implement the solution. (5)
Verify full system functionality and, if applicable, implement preventative measures. (6) Document findings, actions,
and outcomes.

13. You have been asked to install a network cable in the crawl space between the ceiling in
your office and the roof. You need to choose the right type of cable to ensure you do not
violate the local fire codes. Which of the following cable types should you choose?
 Coaxial
 Shielded
 Plenum
 Fiber

Plenum-rated cable has a special insulation that has low smoke and low flame characteristics. Plenum cable is
mandated to be installed in any air handling space. For example, most large office buildings use the space between
the ceiling and the roof to return air to the AC unit. This qualifies this area as a plenum ceiling, and all the cables
that go through that ceiling must be plenum rated. It is important to check your local building codes to see if you
need to use plenum cable. These plenum cables cost more because the insulation material must meet the standards
for plenum cables while also meeting the standards for their ethernet category such as 5e, 6a, or 7. Shielded cables
contain a braided foil shield around the inner cabling to protect the data from the effects of electromagnetic
interference (EMI). Coaxial cables are a specialized type of copper cabling that uses a copper core to carry the
electrical signal while being enclosed by plastic insulation and shielding to protect the data transmission from the
effects of electromagnetic interference (EMI). An optical fiber consists of an ultra-fine core of glass to carry the
light signals surrounded by glass or plastic cladding that guides the light pulses along the core and a protective
coating.

14. Jason's laptop is having some issues when he is typing. He opened a Word document
and attempted to type "The quick brown fox jumped over the lazy dog," but the screen
displayed "Theqickbrwnfxjmpedverthelazydg" instead. It appears the O, U, and space
bar are not functioning. What is most likely the issue?
 Defective backlight
 Incorrect keyboard drivers
 Sticky keys are enabled
 Stuck keys on the laptop

Based on the keyboard only acting incorrectly with a few keys, it is likely the keyboard has some stuck keys caused
by dirt or debris. If crumbs get under a key, it will cause it not to work properly. Due to the large size of the space
bar key, it is often the first key to get stuck. To fix this, you should hold the laptop at a 90-degree angle to the desk
and spray compressed air under the keys while rapidly clicking the stuck key to dislodge any dirt or debris. Stuck
keys are different than sticky keys, though. Sticky keys are a Windows function that ignores a certain key is pressed
and held for too long, such as the shift key being held down for 10 seconds. Whether working or defective, the
backlight would not affect the keyboard typing and displaying the right keys to the screen. A keyboard's drivers
would usually affect special keys (like volume or brightness), not standard keys like letters or the space bar.

15. Which of the following ports should a client use to automatically request an IP address
from the server?
 67  DHCP
 123  NTP
 69  TFTP
  25  SMTP

The Dynamic Host Configuration Protocol (DHCP) uses port 67 and is a network management protocol used on
Internet Protocol (IP) networks for automatically assigning IP addresses and other communication parameters to
devices connected to the network using a client-server architecture. Network Time Protocol (NTP) uses port 123 and
is a networking protocol for clock synchronization between computer systems over packet-switched, variable-
latency data networks. Trivial File Transfer Protocol (TFTP) uses port 69 and is a simple lockstep File Transfer
Protocol that allows a client to get a file from or put a file onto a remote host. The Simple Mail Transfer Protocol
(SMTP) uses port 25 and is an internet standard communication protocol for electronic mail transmission.

16. A user is complaining that they are hearing a grinding noise coming from their
workstation. You begin to troubleshoot the issue and determine that it is not an issue
with the hard drive but is instead caused by the power supply's fan. Which of the
following actions would BEST solve this issue?
 Spray the fan with compressed air to remove any dirt, debris, or dust
 Replace the power supply's fan
 Spray a little bit of WD-40 into the fan to lubricate it
 Replace the power supply

If the fan in the power supply is faulty, replace the entire power supply. You should never attempt to repair or fix a
broken power supply or broken power supply cooling fan due to the power supply's high voltage electrical
components. When a fan creates grinding sounds, this is evidence of an impending failure, and the device needs to
be replaced. Technicians should never open a power supply or replace any of its internal components, therefore the
entire power supply should be replaced in this scenario.

17. Which type of wireless network utilizes the 2.4 GHz or 5 GHz frequency bands and
reaches speeds of 108 Mbps to 600 Mbps?
 802.11g
 802.11ax
 802.11ac
 802.11b
 802.11n
 802.11a

The 802.11n (Wireless N) standard utilizes a 2.4 GHz frequency to provide wireless networking at speeds up to 108
Mbps or a 5.0 GHz frequency to provide wireless networking at speeds up to 600 Mbps. Wireless N supports the use
of multiple-input-multiple-output (MIMO) technology to use multiple antennas to transmit and receive data at
higher speeds. Wireless N supports channel bonding by combining two 20 MHz channels into a single 40 MHz
channel to provide additional bandwidth. The 802.11a (Wireless A) standard utilizes a 5 GHz frequency to provide
wireless networking at speeds up to 54 Mbps. The 802.11b (Wireless B) standard utilizes a 2.4 GHz frequency to
provide wireless networking at speeds up to 11 Mbps. The 802.11g (Wireless G) standard utilizes a 2.4 GHz
frequency to provide wireless networking at speeds up to 54 Mbps. The 802.11ac (Wireless AC or Wi-Fi 5) standard
utilizes a 5 GHz frequency to provide wireless networking at theoretical speeds up to 3.5 Gbps. Wireless AC uses
channel bonding to create a single channel of up to 160 MHz to provide additional bandwidth. Wireless AC uses
multi-user multiple-input-multiple-output (MU-MIMO) technology to use multiple antennas to transmit and receive
data at higher speeds. The 802.11ax (Wireless AX or Wi-Fi 6) standard utilizes 2.4 GHz and 5.0 GHz frequencies to
provide wireless networking at theoretical speeds up to 9.6 Gbps. Wireless AC uses orthogonal frequency-division
multiple access (OFDMA) to conduct multiplexing of the frequencies transmitted and received to each client to
provide additional bandwidth. Wireless AC uses channel bonding to create a single channel of up to 160 MHz to
provide additional bandwidth. Wireless AC uses multi-user multiple-input-multiple-output (MU-MIMO) technology
to use multiple antennas to transmit and receive data at higher speeds. Wireless AC also has a version called Wi-Fi
6E that supports the 6GHz frequency instead of the 2.4 GHz and 5.0 GHz frequencies used in Wi-Fi 6.

18. A car dealer recently set up an impact printer in their automotive repair shop.
Unfortunately, the printer's output is now starting to crease the paper as it is printed
which can lead to a paper jam during feeding. Which of the following might be causing
these issues? (Choose TWO)
 The print head needs to be replaced
 Excess paper in the feed path
 Incorrect paper size
 Incorrect tension setting

An impact printer is widely used in situations where multi-part documents, invoices, or contracts need to be
produced on carbon paper. These printers use specialized paper fed through the printer by holes on the edges of the
paper on what is called a tractor. The paper can crease if the wrong size paper is used or excess paper in the feed
path causes bunching up of the paper being fed. The print head does not affect the feeding of the paper in an impact
printer. The tension setting being incorrect will lead to the paper pooling or bubbling up during feeding, but it
wouldn’t necessarily cause creasing.

19. As a PC Technician, you are on the road most of the day and use a laptop. When you get
back to your office at the end of the day, you would like to be able to quickly connect a
larger external monitor, keyboard, and mouse to your laptop through a single USB port
to perform additional work on the larger screen. Which type of device should you choose
to provide all the functionality above?
 Docking station
 Port replicator
 Thunderbolt
 USB 4-port hub

A port replicator is a simple device to extend the range of ports (for example, USB, DVI, HDMI, Thunderbolt,
network, and so on) available for a laptop computer when it is used at a desk. A docking station is a sophisticated
type of port replicator designed to provide additional ports (such as network or USB) and functionality (such as
expansion slots and drives) to a portable computer when used at a desk. The difference between a docking station
and a port replicator is that a docking station can add additional capabilities beyond what is already integrated into
the laptop whereas a port replicator can only reproduce the same ports that already exist on the laptop. Thunderbolt
is a connector type that can be used either as a display interface (like DisplayPort) or as a general peripheral
interface (like USB 3). Thunderbolt 3 uses USB-C connectors. A USB hub is a device that connects to a USB port to
allow additional USB devices to be connected to the PC, essentially increasing the number of USB ports available.

20. Dion Training wants to order some new laptops for their video editors. The video editors
want to ensure the display has the best color accuracy when using a 60 Hz refresh rate.
Which of the following types of displays should the company purchase to meet this
requirement?
 VA
 Plasma
 TN
 IPS

An in-plane switching (IPS) LCD panel uses technology designed to resolve the quality issues inherent in TN panel
technology, including strong viewing angle dependence and low-quality color reproduction. IPS displays have great
color accuracy, but they do not support higher refresh rates sought after by gamers. A twisted nematic (TN) LCD
panel uses technology where the panel is black when no electric current is running through the liquid crystal cells
because the cells align themselves in a twisted state. When an electric current is applied, the liquid crystal cells
untwist, allowing light to pass through, resulting in a white display screen. TN displays can be made with high
refresh rates of 120 Hz or 144 Hz which makes them popular with gamers. A vertical alignment (VA) LCD panel
uses technology designed to have liquid crystals lay perpendicular to the glass substrate when power is removed
and in a vertical position when voltage is applied. This allows light to move through the liquid pixels when voltage
is applied and the image is then produced. VA displays are a good middle-ground between IPS and TN panel
displays. A plasma display is a type of flat panel display that uses small cells containing plasma with ionized gas
that responds to electric fields. Plasma displays create excessive heat and are not as energy efficient as an LCD,
LED, or OLED display.

21. A user wants to print a spreadsheet horizontally on a piece of paper instead of vertically
to fit more columns on a single page. What setting should the user enable on the printer
for this print job to achieve this result?
 Collate
 Duplex
 Orientation
 Transparency

By default, Microsoft Excel prints worksheets in portrait orientation (taller than wide). You can change the page
orientation to landscape on a worksheet-by-worksheet basis. Page orientation is how a rectangular page is oriented
for normal viewing. The two most common types of orientation are portrait (taller rather than wider) and landscape
(wider rather than taller). The collate setting allows the gathering and arranging of individual sheets or other
printed components into a pre-determined sequence. Collating creates consistent, logical sets from multiple parts,
such as printing a series of pages in a report like pages 1, 2, 3 before printing the second copy. This makes it easier
to staple and distribute to people after coming out of the printer. Duplex printing is a feature of some computer
printers, multi-function printers (MFPs), and copy machines that allow the printing of a sheet of paper on both
sides automatically. Without this capability, print devices can only print on a single side of the paper, sometimes
called single-sided printing or simplex printing. With duplex printing, information is printed on the front side of a
piece of paper, and then the paper is automatically fed back through the printer to print the information on the
backside of the paper. The term transparency was made up as a distractor for this question.

22. What are the dimensions of a MicroATX motherboard?

 9.6" x 9.6"
 3.6" x 2.9"
 11" x 9.6"
 6.7" x 6.7"

The mATX (microATX) motherboard's form factor is 9.6" x 9.6" in size (24 cm x 24 cm). The mATX form factor is
commonly used in smaller computer systems with a small form factor (SFF) case. An mATX motherboard is
backward-compatible with the larger ATX motherboard since it contains the same mounting point locations as the
full-size board. An ATX motherboard's form factor is 12" x 9.6" in size (305mm x 244mm). ITX is a series of form
factors that began with the mini-ITX, but there is no specific size called ITX. The mITX (Mini-ITX) form factor is
6.7" x 6.7" in size (17 cm x 17cm). The mITX is commonly used in smaller computer systems with a small form
factor (SFF) case. These motherboards are usually used in computers designed for passive cooling and a low power
consumption architecture, such as a home theater PC system.