Ann, an employee, has been trying to use a company-issued mobile device to access an internal fileshare while traveling abroad. She restarted the device due to a mobile OS update, but she is now unable to access company information. Ann calls the help desk for assistance, and a technician verifies she can make calls and access websites. Which of the following should the technician suggest NEXT to try to fix the issue?

A. Navigate to the VPN profile in the device settings, delete the pre-shared key, and restart the device

B. Instruct Ann to open the company’s MDM application to ensure proper functionality

C. Navigate to the corporate intranet page and use hyperlinks to access the fileshare

D. Instruct Ann to disable TLS 1.0 in the device settings

A customer is having trouble opening several files on a computer. The customer renames one of the files, but then the correct program will no longer open it.
Which of the following settings is a solution to the issue?

A. Set the view options to detail

B. Hide the extensions

C. Utilize Credential Manager

D. View the system files

A technician is cleaning malware on a Windows workstation.
Which of the following would MOST likely prevent a recurrence of the same malware?

A. Enable Shadow Copy.

B. Disable System Restore.

C. Update root certificates.

D. Modify file permissions.

Which of the following devices provides protection against brownouts?

A. battery backup

B. surge suppressor

C. rack grounding

D. line conditioner

Ann, a user, calls a technician and reports that her PC will not boot. The technician confirms the memory, power supply, and monitor are all working. The technician runs internal diagnostics on the PC, but the hard drive is not recognized.
Which of the following messages will be displayed?

A. NTLDR not found

B. No boot device available

C. Operating system not found

D. BIOS ROM checksum error

A technician is repairing a computer's motherboard in a clean environment. The technician needs to ensure all necessary safety procedures are taken prior to performing the replacement.
Which of the following should the technician employ during this process to ensure safety? (Choose two.)

A. CPU paste

B. Safety goggles

C. Self-grounding

D. ESD straps

E. Antistatic bag

F. Air filter mask

A user's antivirus recently expired, so the user downloaded and installed a free system protection application. The application found numerous rootkits, Trojans, viruses, and missing critical patches. It was unable to fix all the issues, however, and suggested the user call technical support. Which of the following is the FIRST step to begin repairing the computer?

A. Remove the rogue antivirus.

B. Install Windows Updates.

C. Reimage the computer.

D. Call the technical support number.

Which of the following is a device that stores a copy of a certificate that is used for authentication?

A. Biometric scanner

B. Soft token

C. Smart card

D. OTP token

Joe, a user, returns his computer to the technician who performed a virus removal on it the week before. Joe states that several symptoms have returned.
Which of the following should the technician have covered previously as part of the original repair?

A. End-user education

B. Pre-installation environment cleaning

C. Disabling of System Restore

D. Infected system quarantine

A user's computer was infected with malware, and a technician successfully removed the infection. However, the user reports certain web-based services are still inaccessible.
Which of the following should the technician perform FIRST to resolve the issue?

A. Turn off System Restore.

B. Update the malware signatures.

C. Reset the Internet Explorer settings.

D. Check the hosts file.

A customer's computer was turned off overnight. When the customer restarts the computer, an advanced startup menu is displayed. The startup repair option is unsuccessful and causes the computer to reboot repeatedly until the advanced startup screen reappears. Which of the following should a technician attempt
FIRST?

A. Go back to the previous build

B. Refresh the PC

C. Run System Restore

D. Perform System Image Recovery

E. Reset the PC

A Linux user reports that an application will not open and gives the error. Only one instance of the application may run at one time. A root administrator logs on to the device and opens a terminal. Which of the following pairs of tools will be needed to ensure no other instances of the software are currently running?

A. pad and chmod

B. sudo and vi

C. ls and chown

D. ps and kill

E. cp and rm

A technician needs to format a 64GB flash drive. Which of the following formats will the technician MOST likely use?

A. FAT

B. ExFAT

C. FAT32

D. CDFS

A technician receives a call from an end user in the human resources department who needs to load an older stand-alone application on a computer to retrieve employee information. The technician explains the application can be run in compatibility mode, but it will need to be removed as soon as the user obtains the required information. Which of the following BEST describes the technician's concern with loading this application on the user's computer?

A. Incompatibility

B. Impact to the network

C. Impact to the user

D. Impact to the device

A corporate network was recently infected by a malicious application on a flash drive that downloaded sensitive company files and injected a virus, which spread onto the network.
Which of the following best practices could have prevented the attack?

A. Implementing strong passwords

B. Changing default credentials

C. Disabling AutoRun

D. Removing Guest account

E. Encrypting data

A user's smartphone is making the camera shutter noise even when the user is not taking pictures. When the user opens the photo album, there are no new pictures.
Which of the following steps should be taken FIRST to determine the cause of the issue?

A. Uninstall the camera application

B. Check the application permissions

C. Reset the phone to factory settings

D. Update all of the applications on the phone

E. Run any pending OS updates

Users notify the help desk of an email that was just received. The email came from the help desk's email address and asked the users to click on an embedded link.
This email is BEST described as:

A. phishing.

B. zombie.

C. whaling.

D. spoofing.

Joe, a user, cannot read encrypted email messages on a corporate smartphone, but he has been able to read them in the past. A technician restarts Joe's smartphone, but the issue remains. The technician deletes the corporate email account and has Joe re-add it, verifying all settings are correct. Despite these steps, the issue persists.
Which of the following is MOST likely causing the issue?

A. The certificate is expired.

B. The TPM is bad.

C. The phone is not encrypted.

D. The incorrect mail server is selected in settings.

In which of the following operating systems has the publisher removed the ability to turn off automatic updates with the Control Panel applet?

A. Windows Server 2012 R2

B. Windows Server 2016

C. Windows 7

D. Windows 8.1

E. Windows 10

A user calls the help desk to report issues with multiple pop-ups and degraded PC performance. The user is out of the area, and assistance can only be provided remotely. Which of the following steps should a technician perform?

A. Establish a remote connection, install free third-party malware software, scan the machine for malware, and restart the machine.

B. Explain the steps to access safe mode with networking, establish a remote connection, run approved malware tools, and restart the machine.

C. Establish a remote connection, install a free third-party backup tool, back up the user’s software, and instruct the user on how to reinstall Windows.

D. Explain the steps to access safe mode with networking, set a restore point, run company-approved malware tools, and restart the machine.

A user reports malware activity on an isolated workstation used for testing. It is running an end-of-life OS, and a USB drive is the only method used to transfer files. After removing the malware and replacing the USB drive with a brand new one, the technician gives the approval to use the equipment. The next day the user reports the same malware activity is present after powering on the system.
Which of the following did the technician forget to do to prevent reinfection?

A. Connect to the network and update the OS with the latest security patches

B. Scan and clean the USB device used to transfer data from the equipment

C. Disable System restore and remove all restore points from the system

D. Update the local antivirus and set it to scan automatically every evening

A small office's wireless network was compromised recently by an attacker who brute forced a PIN to gain access. The attacker then modified the DNS settings on the router and spread malware to the entire network.
Which of the following configurations MOST likely allowed the attack to take place? (Choose two.)

A. Guest network

B. TKIP

C. Default login

D. Outdated firmware

E. WPS

F. WEP

Which of the following must be enabled to configure 20 new machines to be booted over a network?

A. Multi-boot

B. Dynamic

C. PXE

D. GPT

A technician has been asked to review the configuration of an executive's SOHO network following a recent news report regarding home Internet routers that are being added to botnets for malicious purposes. Which of the following would be BEST to prevent the router from being added to a botnet? (Choose two.)

A. Upgrading to an enterprise-grade router

B. Enabling WPA2-Enterprise encryption

C. Changing the default credentials

D. Updating to the latest firmware

E. Reducing the transmit power levels

F. Disabling the SSID from being broadcast

A technician is troubleshooting a network connectivity issue on a Linux workstation. Which of the following commands would help the technician gain information about the network settings on the machine?

A. chmod

B. grep

C. ifconfig

D. sudo

Which of the following is an example of PHI?

A. Phone number

B. Credit card number

C. Salary information

D. Employer information

A technician is setting up a kiosk. The technician needs to ensure the kiosk is secure and users will have access to only the application needed for customer interaction. The technician must also ensure that whenever the computer is rebooted or powered on it logs in automatically without a password.
Which of the following account types would the technician MOST likely set up on this kiosk machine?

A. Guest

B. Administrator

C. Power User

D. Remote Desktop User

A company recently experienced a security incident in which an unauthorized user was able to insert a USB flash drive into a kiosk, launch a non-native OS, and deliver malicious payloads across the network.
Which of the following security measures would have been BEST to prevent the attack from being executed in the first place? (Choose two.)

A. Using a host-based antivirus with real-time scanning

B. Implementing automatic screen locks after 60 seconds of inactivity

C. Creating a strong BIOS/UEFI password

D. Disabling AutoRun for USB devices

E. Enabling the Secure Boot option

F. Changing the default administrator credentials

A technician is working on a desktop computer that is not performing as expected. Program windows sometimes open and close without user intervention.
Windows cannot check for OS updates, and some websites are not accessible. Which of the following tasks should the technician perform FIRST?

A. Roll back recent driver updates.

B. Replace the defective keyboard.

C. Reset all the settings in the Internet Options.

D. Unplug the Ethernet cable.

The Chief Executive Officer at a bank recently saw a news report about a high-profile cybercrime where a remote access tool that the bank uses for support was also used in this crime. The report stated that attackers were able to brute force passwords to access systems.
Which of the following would BEST limit the bank's risk? (Choose two.)

A. Enable multifactor authentication for each support account.

B. Limit remote access to destinations inside the corporate network.

C. Block all support accounts from logging in from foreign countries.

D. Configure a replacement remote-access tool for support cases.

E. Purchase a password manager for remote tool users.

F. Enforce account lockouts after five bad password attempts.

After a virus outbreak due to USB usage, a technician must deny users access to removable hard drives via USB ports as soon as possible. The technician has been asked to avoid interrupting any users. Which of the following is the BEST way for the technician to perform this security feature?

A. Push a group policy

B. Assign a local security policy

C. Create a network login script

D. Update the AUP

A user browses to a company's intranet page and receives an invalid certificate message. A technician discovers the certificate has expired. A new certificate is put in place and installed on the user's computer; however, the user still receives the same message when going to the intranet page. The technician tries with a third-party browser and connects without error. The technician needs to make sure the old certificate is no longer used in Internet Explorer. Which of the following
Internet Options should the technician use to ensure the old certificate is removed?

A. Advanced

B. Clear SSL state

C. Publishers

D. Certificates

A contract technician is working on a network printer when a print job starts and completes. The technician notices it is a spreadsheet that appears to be an annual salary report. Which of the following actions should the technician take?

A. Continue to work on the assigned task

B. Take the print job to the office manager

C. Remove the print job from the output tray

D. Disconnect the printer from the network to prevent further print jobs

A user has changed the MAC address of a laptop to gain access to a network. This is an instance of:

A. spoofing

B. brute force

C. man-in-the-middle

D. a botnet

A technician performs a risk assessment and determines a requested change has low risk and low impact.
Which of the following best practices should the technician follow to proceed with implementing the change?

A. Update the ticket with the results of the risk assessment and implement the change.

B. Reference the business policy and follow all change management procedures.

C. Obtain approval from the department and implement the change.

D. Provide a risk assessment to colleagues for peer review.

A technician is removing malware from a workstation. The malware was installed via a phishing attack, which was initiated from a link that was included in an email.
Which of the following should the technician do to address this issue? (Choose two.)

A. Ensure the anti-rootkit utility is up to date and run it to remove the threat.

B. Update the host firewall to block port 80 on the workstation.

C. Restore the system using the last known-good configuration from the recovery console.

D. Ensure antivirus is up to date and install the latest patches.

E. Educate the user on verifying email links by hovering over them before clicking.

F. Ensure endpoint protection is up to date and run the utility to remove the threat.

A technician recently updated a printer driver on all the computers in an office. Shortly after the update, several users' accounts and passwords were compromised. Which of the following MOST likely explains the compromised accounts?

A. Botnet

B. Ransomware

C. Antivirus definitions

D. Keylogger

A company seized an employee's laptop due to illegal activity. The computer has been locked in an office until it can be turned over to authorities, and no one is allowed to log on to it.
Which of the following policies is this an example of?

A. PCI compliance

B. Proper reporting

C. Data preservation

D. Chain of custody

A technician is working on a computer that has the following symptoms:
* Unable to access the Internet
* Unable to send email
* Network connection (limited or no connectivity)
The technician runs hardware diagnostics on the computer and verifies the computer's NIC is functioning correctly. The technician attempts to access the Internet and receives the message: page cannot be displayed. The technician runs a command to verify the computer network settings and sees the following information:
IP address: 192.168.0.100 -
Subnet mask: 255.255.255.0 -
Gateway: 192.168.0.1 -
DNS: 192.168.0.1 -
The technician confirms other computers on the network can access the Internet.
Which of the following is MOST likely causing the issues?

A. Rogue antivirus

B. Firewall rule

C. Ransomware

D. Proxy settings

A network administrator has noticed unusual activity with a user's login credentials on the network. The user is attempting multiple simultaneous login across the network, some of which are attempting to access workstations and servers to which the user does not have access.
Which of the following should the network administrator do NEXT?

A. Delete the user’s AD account.

B. Decrease the user’s AD privileges.

C. Disable the user’s AD account.

D. Reset the password on the user’s AD account.

A technician was alerted by IT security of a potentially infected desktop, which is at a remote location. The technician will arrive on site after one hour.
Which of the following steps should be performed prior to traveling to prevent further infection? (Choose two.)

A. Start system updates

B. Back up PC data

C. Run antivirus

D. Install the firewall

E. Turn off System Restore

F. Install a keylogger

A technician receives the Chief Executive Officer's (CEO's) Windows 10 laptop, which has been infected with malware. The technician wants to make sure best practices are followed for troubleshooting and remediating the malware. Which of the following best practices should the technician perform FIRST in this scenario? (Choose three.)

A. Disconnect the device from the network

B. Identify and research the symptoms

C. Restore the computer to the previous checkpoint

D. Scan and use removal techniques

E. Create a restore point

F. Educate the end user

G. Schedule scans and run updates

When hackers execute code against a vulnerability in the hope that it has not yet been addressed, this is known as a:

A. zero-day attack

B. spoofing attack

C. DDoS attack

D. brute force attack

A user notices recent print jobs are not printing to the local printer despite printing fine yesterday. There are no errors indicated on the taskbar printer icon.
Which of the following actions should the user take FIRST?

A. Check to ensure the printer selected is the default printer

B. Check the status of the print server queue

C. Cancel all documents and print them again

D. Check that the printer is not in offline print mode

A macOS user reports seeing a spinning round cursor on a program that appears to be frozen.
Which of the following methods does the technician use to force the program to close in macOS?

A. The technician presses the Ctrl+Alt+Del keys to open the Force Quit menu, selects the frozen application in the list, and clicks Force Quit.

B. The technician clicks on the frozen application and presses and holds the Esc key on the keyboard for 10 seconds which causes the application to force quit.

C. The technician opens Finder, navigates to the Applications folder, locates the application that is frozen in the list, right-clicks on the application, and selects the Force Quit option.

D. The technician opens the Apple icon menu, selects Force Quit, selects the frozen application in the list, and clicks Force Quit.

A technician needs to install Windows 10 on a 4TB hard drive. Which of the following should the technician perform to accomplish this task?

A. Format the drive to use exFAT.

B. Configure the drive to use the GPT.

C. Configure the drive to use an MBR.

D. Format the drive to use CDFS.

Which of the following built-in accounts was removed in Windows 10?

A. Power User

B. Administrator

C. Guest

D. Standard User

A user's Windows laptop has become consistently slower over time. The technician checks the CPU utilization and sees that it varies between 95% and 100%.
After the technician closes some running applications, the CPU utilization drops to approximately 20%, and the laptop runs much faster. The next day the same user calls again with the same problem.
Which of the following is a tool the technician can use to resolve the issue?

A. Task Manager

B. MSTSC

C. MSConfig

D. PerfMon

A user's corporate email is missing the shared inbox folders that were present before the user went on vacation. The technician verifies the user is connected to the domain and can still send and receive email.
Which of the following is MOST likely causing the missing folders issue?

A. The Internet security options have changed

B. The operating system updates have changed

C. The network directory permissions have changed

D. The user account permissions have changed

A user calls a technician to report issues when logging in to a vendor's website. The technician is able to log in successfully before going to the office. However, the technician is unable to log in when in the user's office. The user also informs the technician of strange pop-up notifications.
Which of the following are the MOST likely causes of these issues? (Choose two.)

A. System files have been deleted

B. Proxy settings are configured improperly

C. The OS has been updated recently

D. There are disabled services on the vendor website

E. Program file permissions have changed recently

F. There is a rogue anti-malware program