A technician at a customer site is troubleshooting a laptop A software update needs to be downloaded but the company's proxy is blocking traffic to the update site. Which of the following should the technician perform?

1. A. Change the DNS address to 1.1.1.1
2. B. Update Group Policy
3. C. Add the site to the client's exceptions list
4. D. Verity the software license is current.

Correct Answer: C
The technician should add the update site to the client’s exceptions list to bypass the proxy. This can be done through the client’s web browser settings, where the proxy settings can be configured. By adding the update site to the exceptions list, the client will be able to access the site and download the software update.

A branch office suspects a machine contains ransomware. Which of the following mitigation steps should a technician take first?

1. A. Disable System Restore.
2. B. Remediate the system.
3. C. Educate the system user.
4. D. Quarantine the system.

Correct Answer: D
The first mitigation step that a technician should take when a machine is suspected to contain ransomware is to quarantine the system. This means isolating the infected machine from the network and other devices, to prevent the ransomware from spreading and encrypting more data. The technician can quarantine the system by disconnecting the network cable, turning off the wireless adapter, or using firewall rules to block the traffic from and to the machine12.
This step is more important than the other options because:
✑ Disabling System Restore (A) is not a priority, as it will not stop the ransomware from running or spreading. System Restore is a feature that allows users to restore their system to a previous state, but it may not work if the ransomware has encrypted or deleted the restore points. Moreover, disabling System Restore may prevent the user from recovering some data or settings in the future13.
✑ Remediating the system (B) is the ultimate goal, but it cannot be done before quarantining the system. Remediating the system means removing the
ransomware, restoring the data, and fixing the vulnerabilities that allowed the attack. However, this process requires careful analysis, planning, and execution, and it may not be possible if the ransomware is still active and communicating with the attackers. Therefore, the technician should first isolate the system and then proceed with the remediation steps12.
✑ Educating the system user © is a preventive measure, but it is not a mitigation
step. Educating the system user means raising awareness and providing training on how to avoid ransomware attacks, such as by recognizing phishing emails, avoiding suspicious links or attachments, and updating and patching the system regularly. However, this step will not help if the system is already infected, and it may not be effective if the user is not willing or able to follow the best
practices. Therefore, the technician should focus on resolving the current incident and then educate the user as part of the recovery plan14.
References:
1: How to Mitigate Ransomware Attacks in 10 Steps - Heimdal Security1 2: 3 steps to prevent and recover from ransomware | Microsoft Security Blog3 3: How to use System Restore on Windows 10 | Windows Central5 4: Ransomware Mitigation | Prevention and Mitigation Strategies - Delinea4

A remote user is experiencing issues with Outlook settings and asks a technician to review the settings. Which of the following can the technician use to access the user's computer remotely?

1. A. VPN
2. B. RDP
3. C. RMM
4. D. SSH

Correct Answer: B
One of the possible ways to access the user’s computer remotely is to use RDP, which stands for Remote Desktop Protocol. RDP is a protocol that allows a user to connect to another computer over a network and use its graphical interface. RDP is commonly used for remote desktop software, such as Microsoft Remote Desktop Connection1. To use RDP, the user’s computer must run RDP server software, and the technician must run RDP client software. The technician can then enter the user’s IP address or hostname, and provide the appropriate credentials to log in to the user’s computer. Once connected, the technician can view and control the user’s desktop, and review the Outlook settings.

A systems administrator notices that a server on the company network has extremely high CPU utilization. Upon further inspection, the administrator sees that the server Is consistently communicating with an IP address that is traced back to a company that awards digital currency for solving hash algorithms. Which of the following was MOST likely used to compromise the server?

1. A. Keylogger
2. B. Ransomware
3. C. Boot sector virus
4. D. Cryptomining malware

Correct Answer: D
Cryptomining malware is a type of malicious program that uses the CPU resources of a compromised server to generate cryptocurrency, such as Bitcoin or Ethereum. It can cause extremely high CPU utilization and network traffic to the IP address of the cryptocurrency service. Keylogger, ransomware and boot sector virus are other types of malware, but they do not cause the same symptoms as cryptomining malware. Verified References: https://www.comptia.org/blog/what-is-cryptomining https://www.comptia.org/certifications/a

A technician installed Windows 10 on a workstation. The workstation only has 3.5GB of usable RAM, even though the technician installed 8GB. Which of the following is the MOST likely reason this system is not utilizing all the available RAM?

1. A. The system is missing updates.
2. B. The system is utilizing a 32-bit OS.
3. C. The system's memory is failing.
4. D. The system requires BIOS updates

Correct Answer: B
The most likely reason that the system is not utilizing all the available RAM is that the system is utilizing a 32-bit OS. A 32-bit OS is an operating system that uses 32 bits to address memory locations and perform calculations. A 32-bit OS can only support up to 4GB of RAM, and some of that RAM may be reserved for hardware devices or system functions, leaving less than 4GB of usable RAM for applications and processes. A 32-bit OS cannot recognize or utilize more than 4GB of RAM, even if more RAM is installed on the system. To utilize all the available RAM, the system needs to use a 64-bit OS, which can support much more RAM than a 32-bit OS. The system missing updates may cause some performance or compatibility issues, but it does not affect the amount of usable RAM on the system. The system’s memory failing may cause some errors or crashes, but it does not affect the amount of usable RAM on the system. The system requiring BIOS updates may cause some configuration or compatibility issues, but it does not affect the amount of usable RAM on the system. References: CompTIA A+ Core 2 (220-1002) Certification
Exam Objectives Version 4.0, Domain 1.1