12.13 Security Troubleshooting – Flashcards
Unlock all answers in this set
Unlock answersquestion
Your antimalware software has detected a virus on your Windows 10 system. However, the antimalware software is unable to remove it, and when you try to delete the files, you can't because they are in use. What should you try first?
answer
Boot into Safe Mode and try removing the malware
question
A user reports that his machine will no longer boot properly. After asking several questions to determine the problem, you suspect the user unknowingly downloaded malware from the Internet, and that the malware corrupted the boot block. Based on your suspicions, what actions could you take to correct the problem? (Select two.)
answer
-Reimage the machine. -Boot from the Windows 7 installation DVD and use the Recovery Environment to run a startup repair.
question
A user reports that her machine is behaving erratically. She suspects something is wrong because lately a firewall alert keeps indicating programs are trying to access the Internet, and several files have disappeared or have been renamed. What do you suspect is causing these problems?
answer
Malware infection
question
You discover that a system on your network has been infected with a worm. What is the best way to prevent the spread of the worm to other systems while you work on removing the worm?
answer
Quarantine the computer
question
You have installed antimalware software on computers at your business. Within a few days, however, you notice that one computer has a virus. When you question the user, she says she did install some software a few days ago, but it was supposed to be a file compression utility. She admits she did not scan the file before running it. What should you add to your security measures to help prevent this from happening again?
answer
Use awareness training
question
Which of the following is the process of fixing problems detected by antivirus software so that the computer is restored to its original state?
answer
Remediation
question
While browsing the Internet, a popup browser window is displayed warning you that your system is infected with a virus. You are directed to click a link to remove the virus. What should you do? (Select two.)
answer
Run a full system scan using the antimalware software installed on your system. Update the virus definitions for your locally installed antimalware software
question
Which techniques are used in a pharming attack to redirect legitimate web traffic to malicious websites? (Select two.)
answer
Changing the hosts file of a user's computer Exploiting DHCP servers to deliver the IP address of poisoned DNS servers
question
Which of the following are likely symptoms of malware infection? (Select two.)
answer
Changed file permissions Renamed system files
question
A user reports that his machine will no longer boot properly. After asking several questions to determine the problem, you suspect the user unknowingly downloaded malware from the Internet, and that the malware has infected the system. Based on your suspicions, what actions could you take to correct the problem? (Select two.)
answer
Revert the system to a restore point created before the malware infection occurred. Use an antimalware scanner to scan for and remove the infection
question
A user within your organization received an email relating how an account containing a large sum of money has been frozen by the government of a small Middle Eastern nation. The user was offered a 25% share of this account if she would help the sender transfer it to a bank in the United States. The user responded and was instructed to wire $5,000 to the sender to facilitate the transfer. She complied, but has not heard from the sender since. What type of attack occurred in this scenario?
answer
Nigerian 419 scam
question
Which of the following describes a Man-in-the-Middle attack?
answer
An attacker intercepts communications between two network hosts by impersonating each host.
question
A router on the border of your network receives a packet with a source address that shows it originating from a client on the internal network. However, the packet was received on the router's external interface, which means it originated somewhere on the Internet. What form of attack has occurred in this scenario?
answer
Spoofing
question
The TCP/IP session state between two computers on a network is being manipulated by an attacker such that she is able to insert tampered packets into the communication stream. What type of attack has occurred in this scenario?
answer
Hijacking