1. A technician receives a ticket stating that the Net Logon service is not running. The technician attempts to start the service, but it immediately stops. The technician notices that no scripts have run at logon and standard applications are not installed. Which of the following is most likely the issue?
A. The GPO has not installed all applications.
B. The Net Logon service needs to be reinstalled.
C. The computer needs to be joined to a domain. Correct
D. The Net Logon service has been configured for manual startup.
Explanation
The Net Logon service requires domain membership to function properly, and its failure to start, along with missing scripts and applications, suggests the computer is not joined to the domain. GPO issues or manual startup would not cause the service to stop immediately. Reinstalling the service is unnecessary without confirming domain status.
2. A technician follows the proper procedure for malware removal on an infected computer. However, the technician is unable to remove all the malware and decides to reload the OS. Which of the following should the technician select?
A. Version upgrade
B. System restore
C. OS repair
D. Clean install Correct
Explanation
A clean install wipes the system and installs a fresh OS, ensuring all malware is removed. Version upgrades or repairs may leave malware remnants, and system restore could reinstate infected files. This approach guarantees a malware-free system.
3. Thousands of compromised machines are attempting to make fake purchases from an online store. Which of the following is taking place?
A. Brute-force attack
B. Spoofing
C. DDoS Correct
D. SQL Injection
Explanation
A Distributed Denial of Service (DDoS) attack involves multiple compromised machines overwhelming a system, here with fake purchases. Brute-force attacks target passwords, spoofing mimics identities, and SQL injection exploits databases. This matches the scale and intent of a DDoS.
4. Which of the following security technologies is designed to enable security visibility and respond to traffic outside of the host and at the network level?
A. RADIUS
B. UAC
C. XDR Correct
D. Antivirus
Explanation
Extended Detection and Response (XDR) monitors and responds to threats across network and endpoints, providing visibility beyond the host. RADIUS handles authentication, UAC controls user permissions, and antivirus focuses on host-based threats. XDR is designed for network-level security.
5. A user reports some single sign-on errors to a help desk technician. Currently, the user is able to sign in to the companys application portal but cannot access a specific SaaS-based tool. Which of the following would the technician most likely suggest as a next step?
A. Reenroll the users mobile device to be used as an MFA token.
B. Use a private browsing window to avoid local session conflicts. Correct
C. Bypass single sign-on by directly authenticating to the application.
D. Reset the device being used to factory defaults.
Explanation
Using a private browsing window avoids local session conflicts that may interfere with single sign-on (SSO) for the SaaS tool. Reenrolling MFA or resetting the device is excessive, and bypassing SSO may not be supported. This is a simple troubleshooting step.