A user notices a small USB drive is attached to the user's computer after a new vendor visited the office. The technician notices two files named grabber.exe and output.txt. Which of the following attacks is MOST likely occurring?
A. Trojan
B. Rootkit
C. Cryptominer
D. Keylogger
Correct Answer: D
A keylogger is a type of malware that records the keystrokes of a user and sends them to a remote attacker. The attacker can use the captured information to steal passwords, credit card numbers, or other sensitive data. A keylogger can be
installed on a computer by attaching a small USB drive that contains a malicious executable file, such as grabber.exe . The output.txt file may contain the recorded keystrokes. The user should remove the USB drive and scan the computer for
malware.
References: What is grabber.exe? (https://www.freefixer.com/library/file/grabber.exe-55857/)
What is a keylogger? (https://www.kaspersky.com/resource-center/definitions/keylogger)
Question 182:
A user requires local administrative access to a workstation. Which of the following Control Panel utilities allows the technician to grant access to the user?
A. System
B. Network and Sharing Center
C. User Accounts
D. Security and Maintenance
Correct Answer: C
User Accounts is a Control Panel utility that allows the technician to manage user accounts and groups on a workstation. The technician can use User Accounts to grant local administrative access to a user by adding the user to the
Administrators group. The Administrators group has full control over the workstation and can perform tasks such as installing software, changing system settings, and accessing all files.
References:
User Accounts (Control Panel) (https://docs.microsoft.com/en-us/windows/win32/shell/user-accounts)
Local Users and Groups (https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/local-users-and-groups)
Question 183:
Which of the following options should MOST likely be considered when preserving data from a hard drive for forensic analysis? (Select TWO).
A. Licensing agreements
B. Chain of custody
C. Incident management documentation
D. Data integrity
E. Material safety data sheet
F. Retention requirements
Correct Answer: B
Chain of custody and data integrity are two options that should most likely be considered when preserving data from a hard drive for forensic analysis. Chain of custody refers to the documentation and tracking of who has access to the data and how it is handled, stored, and transferred. Data integrity refers to the assurance that the data has not been altered, corrupted, or tampered with during the preservation process
Question 184:
A technician is finalizing a new workstation for a user. The user's PC will be connected to the internet but will not require the same private address each time. Which of the following protocols will the technician MOST likely utilize?
A. DHCP
B. SMTP
C. DNS
D. RDP
Correct Answer: A
DHCP stands for Dynamic Host Configuration Protocol and it is used to assign IP addresses and other network configuration parameters to devices on a network automatically. This is useful for devices that do not require the same private address each time they connect to the internet.
Question 185:
The audio on a user's mobile device is inconsistent when the user uses wireless headphones and moves around. Which of the following should a technician perform to troubleshoot the issue?
A. Verify the Wi-Fi connection status.
B. Enable the NFC setting on the device.
C. Bring the device within Bluetooth range.
D. Turn on device tethering.
Correct Answer: C
Bringing the device within Bluetooth range is the best way to troubleshoot the issue of inconsistent audio when using wireless headphones and moving around. Bluetooth is a wireless technology that allows devices to communicate over short distances, typically up to 10 meters or 33 feet. If the device is too far from the headphones, the Bluetooth signal may be weak or interrupted, resulting in poor audio quality or loss of connection.
Question 186:
A technician needs to remotely connect to a Linux desktop to assist a user with troubleshooting. The technician needs to make use of a tool natively designed for Linux. Which of the following tools will the technician MOST likely use?
A. VNC
B. MFA
C. MSRA
D. RDP
Correct Answer: A
The tool that the technician will most likely use to remotely connect to a Linux desktop is VNC. VNC stands for Virtual Network Computing and is a protocol that allows remote access and control of a graphical desktop environment over a network. VNC is natively designed for Linux and can also support other operating systems, such as Windows and Mac OS. VNC can be used to assist users with troubleshooting by viewing and interacting with their desktops remotely. MFA stands for Multi-Factor Authentication and is a method of verifying identity using two or more factors, such as something you know, something you have or something you are. MFA is not a tool that can be used to remotely connect to a Linux desktop but a technique that can be used to enhance security for systems or services. MSRA stands for Microsoft Remote Assistance and is a feature that allows remote access and control of a Windows desktop environment over a network. MSRA is not natively designed for Linux and may not be compatible or supported by Linux systems. RDP stands for Remote Desktop Protocol and is a protocol that allows remote access and control of a Windows desktop environment over a network. RDP is not natively designed for Linux and may not be compatible or supported by Linux systems. References: CompTIA A+ Core 2 (220-1002) Certification Exam Objectives Version 4.0, Domain 1.6
Question 187:
A neighbor successfully connected to a user's Wi-Fi network. Which of the following should the user do after changing the network configuration to prevent the neighbor from being able to connect again?
A. Disable the SSID broadcast.
B. Disable encryption settings.
C. Disable DHCP reservations.
D. Disable logging.
Correct Answer: A
A. Disable the SSID broadcast: The SSID broadcast is a feature that allows a Wi-Fi network to be visible to nearby devices. Disabling the SSID broadcast can make the network harder to find by unauthorized users, but it does not prevent them from accessing it if they know the network name and password.
Question 188:
An implementation specialist is replacing a legacy system at a vendor site that has only one wireless network available. When the specialist connects to Wi-Fi. the specialist realizes the insecure network has open authentication. The technician needs to secure the vendor's sensitive data. Which of the following should the specialist do FIRST to protect the company's data?
A. Manually configure an IP address, a subnet mask, and a default gateway.
B. Connect to the vendor's network using a VPN.
C. Change the network location to private.
D. Configure MFA on the network.
Correct Answer: B
The first thing that the specialist should do to protect the company's data on an insecure network with open authentication is to connect to the vendor's network using a VPN. A VPN stands for Virtual Private Network and is a technology that creates a secure and encrypted connection over a public or untrusted network. A VPN can protect the company's data by preventing eavesdropping, interception or modification of the network traffic by unauthorized parties. A VPN can also provide access to the company's internal network and resources remotely. Manually configuring an IP address, a subnet mask and a default gateway may not be necessary or possible if the vendor's network uses DHCP to assign network configuration parameters automatically. Manually configuring an IP address, a subnet mask and a default gateway does not protect the company's data from network attacks or threats. Changing the network location to private may not be advisable or effective if the vendor's network is a public or untrusted network. Changing the network location to private does not protect the company's data from network attacks or threats. Configuring MFA on the network may not be feasible or sufficient if the vendor's network has open authentication and does not support or require MFA. Configuring MFA on the network does not protect the company's data from network attacks or threats. References: CompTIA A+ Core 2 (220-1002) Certification Exam Objectives Version 4.0, Domain 3.3
Question 189:
A user receives the following error while attempting to boot a computer.
BOOTMGR is missing press Ctrl+Alt+Del to restart
Which of the following should a desktop engineer attempt FIRST to address this issue?
A. Repair Windows.
B. Partition the hard disk.
C. Reimage the workstation.
D. Roll back the updates.
Correct Answer: A
The error "BOOTMGR is missing" indicates that the boot sector is damaged or missing . The boot sector is a part of the hard disk that contains the code and information needed to start Windows. To fix this error, one of the possible methods
is to run Startup Repair from Windows Recovery Environment (WinRE). Startup Repair is a tool that can automatically diagnose and repair problems with the boot process.
References: "Bootmgr is missing Press Ctrl+Alt+Del to restart" error when you start Windows (https://support.microsoft.com/en-us/topic/-bootmgr-is-missing-press-ctrl-alt-del-to-restart-error-when-you-start-windows-8bc1b94b-d243-10275410-aeb04d5cd5e2)
Antivirus software indicates that a workstation is infected with ransomware that cannot be quarantined. Which of the following should be performed FIRST to prevent further damage to the host and other systems?
A. Power off the machine.
B. Run a full antivirus scan.
C. Remove the LAN card.
D. Install a different endpoint solution.
Correct Answer: A
Ransomware is a type of malware that encrypts the files on a system and demands a ransom for their decryption. Ransomware can also spread to other systems on the network or exfiltrate sensitive data to the attackers. Therefore, it is important to isolate the infected machine as soon as possible to contain the infection and prevent further damage. Powering off the machine is a quick and effective way of disconnecting it from the network and stopping any malicious processes running on it. The other options are not directly related to preventing ransomware damage or may not be effective. Running a full antivirus scan may not be able to detect or remove the ransomware, especially if it is a new or unknown variant. Removing the LAN card may disconnect the machine from the network, but it may not stop any malicious processes running on it or any data encryption or exfiltration that has already occurred. Installing a different endpoint solution may not be possible or helpful if the system is already infected and locked by ransomware.
Nowadays, the certification exams become more and more important and required by more and more enterprises when applying for a job. But how to prepare for the exam effectively? How to prepare for the exam in a short time with less efforts? How to get a ideal result and how to find the most reliable resources? Here on Vcedump.com, you will find all the answers. Vcedump.com provide not only CompTIA exam questions, answers and explanations but also complete assistance on your exam preparation and certification application. If you are confused on your 220-1102 exam preparations and CompTIA certification application, do not hesitate to visit our Vcedump.com to find your solutions here.