3.2 – Troubleshooting Security - Troubleshooting Security Issues

Questions and Answers

Which of the following is the MOST effective initial response to a malware infection that affects critical system functions?

• Using online tools to identify and remove the specific malware strain.
• Disconnecting the system from the network and performing a clean installation from a known good backup. (correct)
• Attempting to manually remove suspicious files and registry entries.
• Running a full system scan using the installed anti-malware software.

A user reports receiving frequent pop-up windows in their web browser claiming their antivirus software is out of date and prompting them to download a 'security update'. What is the MOST likely cause and appropriate action?

• The user's antivirus subscription has genuinely expired, and they should renew it through the provided link.
• The user's browser settings have been compromised, and they should reset the browser to its default configuration.
• The user's operating system is outdated and requires a security update; they should proceed with the download.
• The user has visited a malicious website that is attempting to trick them into downloading malware; they should close the browser and run a scan. (correct)

A user is unable to access certain files on their computer and notices that the file permissions have been altered. What type of security threat does this MOST likely indicate?

• A network connectivity problem.
• A hardware failure affecting the hard drive.
• A malware infection. (correct)
• A user account control (UAC) misconfiguration.

A user reports that their web browser is redirecting search queries to an unfamiliar search engine. Which of the following is the BEST course of action to resolve this issue?

Wipe the system and reinstall the operating system from a clean source or restore from a known good backup. (A)

You are analyzing a computer experiencing slow network access and frequent freezing. You also notice unfamiliar programs running in the background. What is the MOST likely cause?

A malware infection. (D)

A user receives a browser notification claiming their antivirus software is out of date and prompting them to download a new version from a specific website. What action should the user take?

Verify the antivirus status through the installed antivirus program directly and disregard the notification. (A)

A website displays a warning that your connection is not private, and the certificate details show that it was not signed by a trusted certificate authority. What does this MOST likely indicate?

The website may be impersonated, or your connection may be intercepted. (B)

You are troubleshooting a computer and notice that several Windows operating system files have been modified. What does this MOST likely indicate?

A malware infection. (B)

A user visits a website and receives a pop-up message stating that their system is locked and they must pay a fee to unlock it. What type of malware is this MOST likely?

Ransomware. (C)

When encountering browser certificate errors, what is an important first step to verify the problem?

Checking the system's date and time. (C)

A user reports that they have entered their credit card information into a pop-up window that appeared while browsing a website, believing it was for a legitimate subscription renewal. What is the MOST critical immediate action they should take?

Contact their bank or credit card provider to report the fraudulent activity. (B)

What is a key difference between addressing a browser redirection issue with an anti-malware tool versus reinstalling the operating system?

Reinstalling the OS ensures a clean slate, removing all traces of the malware, whereas anti-malware tools might miss deeply embedded components. (A)

A user consistently encounters certificate errors on various websites, and other devices on the same network do not experience these issues. What is the MOST likely cause?

The user's computer has a corrupted root certificate store. (A)

You are assisting a user whose computer is exhibiting signs of a potential malware infection. Prior to initiating any remediation steps, what is the MOST important initial action?

Backing up all critical data to an external storage device. (B)

Your organization's security policy mandates that all systems be wiped and reimaged when a malware infection is detected. What is the PRIMARY reason for this requirement?

To ensure complete eradication of the malware and prevent re-infection. (B)

A user reports that their computer is running slower than usual and they are seeing more pop-up ads than normal. What should you do FIRST?

Run a full scan with анти-malware software. (A)

A user is concerned about potential malware infections from websites asking to send notifications. How can they BEST manage these?

Disable all notifications in their browser settings and only enable them for trusted sites. (A)

A user clicked a link in an email which led them to a website. The website states that their system has been infected with a virus and prompts them to call a support number for assistance. What should the user do?

Ignore the message and close the browser window. (A)

A technician discovers a system where several critical operating system files have been altered. Additionally, the system is connecting to unusual IP addresses. What remediation step BEST addresses the immediate threat?

Disconnect the system from the network and re-image it from a trusted source. (C)

A user reports their system is running very slowly and they are getting repeated certificate errors when trying to access secure websites. The date and time on the computer are correct. What is a likely cause of these issues?

A rootkit infection. (D)

Flashcards

Malware

Malicious software that can cause system instability, slow network access, and prevent normal computer operations.

False Antivirus Alerts

A deceptive tactic used by malicious websites to convince users their system is infected, prompting them to download malware.

Certificate Problems

Errors in web browsers indicating issues with a website's security certificate, such as expiration or untrusted authority.

Browser Redirection

The practice of redirecting a user's web browser to a different search engine, often to deliver malware or unwanted advertisements.

Push Notification Scam

A prompt, often resembling a system message, requesting permission to send updates or notifications through a web browser, which can lead to malware

Fresh Configuration

A method to resolve malware issues by erasing all data and reinstalling the operating system from scratch or from a clean backup

Modified System Files

Indication of an infection modifying system configurations.

Study Notes

• Slow network access, hanging, or system problems may indicate a malware infection.
• Malware symptoms include unusual messages or impaired system operations.
• Malware often prevents internet access to hinder removal efforts or OS updates.
• Recovering information from an infected computer might require a malware removal tool.
• A complete system wipe leads to a fresh configuration and is often the best malware solution.
• Malicious websites may use browser notifications to trick you into downloading malware.
• Fake notifications often falsely claim your antivirus is out of date, urging you to download malicious software.
• Browsers usually allow disabling notifications or limiting them to trusted sites.
• If unsure about malware presence, perform a system scan.
• If malware is found, delete everything and reinstall from scratch, or restore from backup.
• False antivirus alerts are a common tactic displayed through browsers or pop-up windows.
• Attackers may ask for money to renew a subscription or unlock a supposedly locked system.
• Specialized malware may require third-party removal tools.
• As a last resort, delete everything and reinstall from scratch when all else fails.
• Modifications to Windows OS files can indicate malware.
• Malware can change or delete files and alter permissions to gain access, or restrict user access.
• Such changes warrant deleting everything and reinstalling from a backup.
• Certificate errors in browsers may indicate an unsafe site or a non-private connection.

Browser Certificate Problems

• Clicking the lock icon in the browser provides certificate details.
• Expired certificates or certificates for different domain names can trigger errors.
• Certificates not signed by trusted authorities may also cause warnings.
• Verify the domain name and trusted certificate authorities in the certificate details.
• Incorrect date and time settings on your computer can cause certificate errors.

Browser Redirection

• Browser search results that do not come from the expected search engine indicate redirection.
• This redirects search results and attempts to provide malware or advertising.
• Instead of using antivirus software, the best solution is to delete everything, reinstall the OS, or restore from a clean backup.