119 Questions
What can rob resources from other applications and services, causing slow performance?
Viruses, worms, and other malware
How can you identify applications that are slowing performance of the operating system?
Using Task Manager and Resource Monitor
What should be done if an unidentified program is robbing performance?
Terminate the program
What could be the cause of Internet connectivity issues in a networked computer?
Malfunctioning network interface card (NIC) or improperly installed network software
What is the biggest indicator in Windows that some component of the network software is nonfunctional?
Inability to log in to the network or access any network service
What should be done first to fix Internet connectivity issues related to hardware problems?
Fix the underlying hardware problem
What is the most common remediation process for ransomware?
Removing the malware and restoring user data from a backup
What is a limitation of antivirus research in documenting the payload of a virus or malware?
The payload is often encrypted and changes based on the creator's needs
How can the chances of a system being infected by malware be reduced?
Scheduling regular scans and updates
What is the purpose of enabling system restore and creating a restore point?
To revert back in case of future problems
What is the final step in dealing with malware infestation according to the text?
Educating the end user
What is a common practice for large companies to ensure end-user training for threats?
Requiring annual or bi-annual end-user training
What is the purpose of VirusTotal?
To scan potentially unsafe applications against more than 70 antivirus engines
What tool can identify malicious processes, such as ransomware disguising itself as legitimate utilities?
Process Explorer
What is the purpose of quarantining infected systems?
To prevent the spread of viruses or malware through network connections
What is the recommended action to prevent infected systems from creating or reverting to restore points where the infection exists?
Disabling System Restore in Windows
What is the purpose of Windows Defender Security Center in relation to remediation of viruses and malware?
To automatically perform an offline scan
In what scenario may no remediation be performed?
Ransomware attacks with encrypted user files
What can cause Internet connectivity issues by acting as a proxy for network traffic?
Malicious programs
What can lead to larger problems such as viruses and worms if users visit infected sites advertised in spam?
Spam
What utility for intercepting error conditions was removed in Windows 7 and replaced with Problem Reports?
Dr. Watson
What can cause system lockups by robbing resources and causing memory leaks?
Malware and viruses
What can change network settings, such as DNS servers, causing browser redirections?
Malware
What can disguise themselves as legitimate antivirus software, tricking users into interacting with them and causing damage?
Rogue antivirus programs
What is the purpose of User Account Control (UAC) in Windows Vista?
To make it more difficult to change system files
What can an invalid certificate indicate?
Expired or insecure digital certificates
What does the System File Checker (SFC) do?
Manually heal missing or modified system files
How can malware spread through hijacked email contacts?
The recipient is likely to open the attachment as it seems to come from a trusted source
What does Event Viewer (eventvwr.exe) provide detailed information about?
The operating system, with detailed logs about security and application issues
What is crucial in preventing successful malware attacks?
Educating users about malware and how to respond
Viruses, worms, and other malware can slow performance because they rob resources from the other applications and services forced to share them.
True
Internet connectivity issues are never related to security threats.
False
The biggest indicator in Windows that some component of the network software is nonfunctional is that you can’t log in to the network or access any network service.
True
Slow performance can only be addressed through operating system issues.
False
If an application is identified as slowing the performance of the operating system and it is not a known program installed on the system, it may be considered benign and should not be terminated.
False
In most cases, Internet connectivity issues can be attributed either to a malfunctioning network interface card (NIC) or improperly installed network software.
True
Enabling system protection in Windows allows for automatic removal of malware from the operating system.
False
Most of the time, antivirus research can document the payload of a virus or malware.
False
Scheduling regular scans and updates can significantly reduce the chances of a system being infected by malware.
True
Creating a restore point is only important if a future problem occurs and there is a need to revert back.
False
Education of the end user is not considered a crucial step in preventing malware infestation.
False
If an employee falls for a phishing attempt, they are automatically exempted from mandatory training.
False
Spam can only be delivered through email and cannot come through instant messaging or Internet telephony.
False
Windows Vista introduced User Account Control (UAC) to make it easier to change system files.
False
The System File Checker (SFC) is a user tool that can be used to manually heal missing or modified system files.
True
An invalid certificate can indicate expired or insecure digital certificates, potentially leading to security risks when visiting secured websites.
True
Event Viewer (eventvwr.exe) provides detailed information about the operating system, with the Security log reporting object audit attempts and the Application and System logs highlighting potential security-related problems.
True
Identifying malware is not crucial in preventing successful attacks.
False
Antivirus/anti-malware software is always sufficient to identify and deal with viruses and malware without the need for third-party tools.
False
Process Explorer is a tool used to visualize performance problems in Windows OS, but it cannot isolate these problems.
False
Websites like VirusTotal can scan potentially unsafe applications against 30 antivirus engines to validate malicious applications.
False
Infected systems should be quarantined to prevent the spread of viruses or malware through network connections only, not through other means like emails.
False
Disabling System Restore in Windows is not necessary to prevent infected systems from creating or reverting to restore points where the infection exists.
False
Windows Defender Security Center can automatically perform an offline scan to remediate viruses and malware without requiring a reboot.
False
Malicious programs can cause Internet connectivity issues by acting as a proxy for network traffic, often aiming to steal credentials or banking information.
True
Dr. Watson, a utility for intercepting error conditions, was removed in Windows 7 and replaced with Problem Reports, which allow developers to identify application problems, including those caused by malware or viruses.
True
Rogue antivirus programs disguise themselves as legitimate antivirus software, tricking users into interacting with them and causing damage, often mimicking the Windows Action Center interface to appear trustworthy.
True
Spam, defined as unwanted, unsolicited email, can lead to larger problems, such as viruses and worms, if users visit infected sites advertised in spam; antispam programs can help mitigate these issues but may produce false positives.
True
The sheer volume of spam, in addition to the risk of opening the door to larger problems, makes it one of the most annoying issues for administrators to contend with.
True
Antispam programs are available to help mitigate the annoyance and potential risks associated with spam, but administrators should routinely check for false positives to ensure legitimate email is not being flagged and held.
True
What tools can be used to identify applications that are slowing the performance of the operating system?
Task Manager and Resource Monitor
What are some reasons for slow performance mentioned in the text?
Viruses, worms, and other malware robbing resources from other applications and services
What are the potential causes of internet connectivity issues mentioned in the text?
Malfunctioning network interface card (NIC) or improperly installed network software, and security threats
What should be done to fix internet connectivity issues related to hardware problems?
First fix the underlying hardware problem (if one exists) and then properly install or configure the network software
How can you determine if an application identified as slowing the performance of the operating system is malicious?
If the application identified is not a known program installed on the system and is robbing performance, it may be malicious and should be terminated
Why can viruses, worms, and other malware slow performance?
They rob resources from the other applications and services forced to share them
What is the purpose of VirusTotal?
VirusTotal can scan potentially unsafe applications against more than 70 antivirus engines to validate malicious applications.
What is the recommended action to prevent infected systems from creating or reverting to restore points where the infection exists?
Disabling System Restore in Windows is necessary to prevent infected systems from creating or reverting to restore points where the infection exists.
What tool can identify malicious processes, such as ransomware disguising itself as legitimate utilities?
Process Explorer can identify malicious processes, such as ransomware disguising itself as legitimate utilities.
What are some methods for detecting and identifying viruses and malware on a computer?
Antivirus/anti-malware software, third-party software, and built-in tools like netstat.exe can help detect and identify viruses and malware on a computer.
What is the purpose of quarantining infected systems?
Infected systems should be quarantined to prevent the spread of viruses or malware through network connections, emails, etc.
What are some steps involved in the remediation of infected systems?
Remediation of infected systems involves updating antivirus and anti-malware software, using appropriate scan and removal techniques, and potentially booting into Safe Mode or the Windows Recovery Environment.
Explain how malware can cause Internet connectivity issues and what its aim may be.
Malware can act as a proxy for network traffic, aiming to steal credentials or banking information.
What can malware do to change network settings and what is the result of these changes?
Malware can change DNS servers, causing browser redirections by controlling resolved DNS queries or changing system proxies to route all requests through their remote proxy.
What are the potential causes of system lockups, and how can malware contribute to this issue?
System lockups can occur due to hardware-related problems, persistent software problems, or malware and viruses causing memory leaks and robbing resources.
What are the possible reasons for application crashes, and how can malware be involved in causing them?
Application crashes may result from compatibility issues, hardware problems, or malware and viruses attempting to hook into applications, making them crash unexpectedly.
What utility was removed in Windows 7 and what replaced it, and how can it help developers identify application problems caused by malware?
Dr. Watson was removed and replaced with Problem Reports, which allow developers to identify application problems, including those caused by malware or viruses.
How can misconfigured settings lead to OS update failures, and what tool can help solve these issues?
Misconfigured settings can cause the system to report the need for an update that has already been installed; Windows Update Troubleshooter can help solve these issues.
Explain the purpose and functionality of the System File Checker (SFC) in Windows operating systems.
The System File Checker (SFC) is a user tool that can be used to manually heal missing or modified system files. It scans and verifies the integrity of all protected system files and replaces incorrect versions with correct Microsoft versions.
What is the significance of educating users about malware and how to respond?
Educating users about malware and how to respond is crucial in preventing successful attacks. Users who are aware of potential threats and know how to identify and respond to them can help mitigate the spread and impact of malware.
What is the purpose of Event Viewer (eventvwr.exe) and how can it aid in identifying and addressing potential security-related problems in an operating system?
Event Viewer provides detailed information about the operating system, with the Security log reporting object audit attempts and the Application and System logs highlighting potential security-related problems. Checking these logs can provide clues when suspecting an issue with the operating system or an application that interacts with it.
Explain the concept of identifying and researching malware symptoms as a best practice for malware removal.
Identifying and researching malware symptoms is crucial as it helps ensure that the right issue is addressed before taking major actions for malware removal. It involves identifying the type of malware (spyware, virus, etc.) and looking for evidence to substantiate its presence.
What is the importance of an invalid certificate as an indicator of potential security risks when visiting secured websites?
An invalid certificate can indicate expired or insecure digital certificates, potentially leading to security risks when visiting secured websites. It is important to be cautious when encountering invalid certificates to avoid potential security threats.
Discuss the significance of Windows Vista's User Account Control (UAC) in protecting system files and preventing unauthorized modifications.
Windows Vista introduced User Account Control (UAC) by default, making it more difficult to change system files. Only the Trusted Installer has access to modify these files, enhancing the security measures to protect against unauthorized modifications and potential malware attacks.
Explain the process of enabling System Protection and creating a restore point in Windows.
To enable System Protection and create a restore point in Windows, you would click the Start menu, then type Recovery and select it from the results, then Configure System Restore, then select the System drive, then Configure, then Turn on System Protection, and finally select OK. You can then manually create a restore point by clicking Create…, then type a description (such as after remediation - date), then Close (confirmation dialog box), and finally select OK to close the System Properties.
What are the challenges faced by antivirus researchers in documenting the payload of a virus or malware?
The payload of a virus or malware is often encrypted and can change depending on the need of its creator, making it difficult for antivirus researchers to document.
Describe the process of scheduling a Windows Defender Security scan.
To schedule a Windows Defender Security scan, you can use Task Scheduler by clicking the Start menu, then typing Task Scheduler and then select Task Scheduler from the results, then open the Task Scheduler Library, then Microsoft, then Windows, then Windows Defender, then double-click Windows Defender Scheduled Scan, then the Triggers tab, then New… , then select Weekly, then choose the day of the week, and then finally select OK.
Why is educating the end user considered an important step in addressing malware infestations?
Educating the end user helps them understand what led to the malware infestation and what to avoid or look for in the future, reducing the likelihood of future infections.
What is the recommended action to reduce the chances of a system being infected by malware?
Scheduling regular scans and updates to run automatically at specific intervals is recommended to reduce the chances of a system being infected by malware.
Explain the process of removing malware from an operating system and restoring user data from a backup.
The process involves removing the malware from the operating system and then restoring the user data from a backup to ensure that no permanent loss of data occurs.
______ creators can wreak havoc on a system by deleting key system files and replacing them with malicious copies, renaming or changing permissions of files to restrict user access
Malware
Windows Vista introduced User Account Control (UAC) by default, making it more difficult to change system files, and only the ______ has access to modify these files
Trusted Installer
The ______ (SFC) is a user tool that can be used to manually heal missing or modified system files
System File Checker
______ users about malware and how to respond is crucial in preventing successful attacks
Educating
An invalid ______ can indicate expired or insecure digital ______s, potentially leading to security risks when visiting secured websites
certificate
______ (eventvwr.exe) provides detailed information about the operating system, with the Security log reporting object audit attempts and the Application and System logs highlighting potential security-related problems
Event Viewer
Third-party software and built-in tools like netstat.exe can help ______ viruses and malware on a computer
detect and identify
Infected systems should be ______ to prevent the spread of viruses or malware through network connections, emails, etc.
quarantined
Ransomware poses a significant risk, rapidly spreading through networks and encrypting files, often demanding a ______
ransom
Infected systems can be quarantined in an isolated network for further analysis without affecting the operational ______
network
______ researchers can document the delivery system that a virus or malware uses to enter your system
Antivirus
Disabling System Restore in Windows is necessary to prevent infected systems from creating or reverting to restore points where the infection ______
exists
Most anti-malware programs can be configured to run automatically at specific intervals, however, should you encounter one that does not have such a feature, you can run it through ______ Scheduler
Task
Remediation of infected systems involves updating antivirus and anti-malware software, using appropriate scan and removal techniques, and potentially booting into ______ or the Windows Recovery Environment
Safe Mode
Windows Defender Security is scheduled to automatically download updates during the Windows Update check, which is ______
daily
You can enable System Protection by clicking the Start menu, then typing Recovery and select it from the results, then Configure System Restore, then select the System drive, then Configure, then Turn on System Protection, and finally select ______
OK
The end user needs to understand what led to the malware infestation and what to avoid, or look for, in the future to keep it from happening again. This training can be formal training in a classroom setting, or it can be an online training in which the user must participate and answer ______
questions
Education should always be viewed as the final ______
step
By using the tools previously discussed in this chapter, such as Task Manager and Resource Monitor, you can identify applications that are slowing performance of the operating system. If the application identified is not a known program that you installed on the system and the program is robbing performance, it may be malicious and should be ______.
terminated
In some situations, Internet connectivity issues can be related to ______ threats.
security
The biggest indicator in Windows that some component of the network software is nonfunctional is that you can’t log in to the network or access any network ______.
service
If your computer is hooked up to a network, you need to know when your computer is not functioning properly on the network and what to do about it. In most cases, the problem can be attributed either to a malfunctioning network interface card (NIC) or improperly installed network ______.
software
Viruses, worms, and other malware can slow performance because they rob resources from the other applications and services forced to share them. By using the tools previously discussed in this chapter, such as Task Manager and Resource Monitor, you can identify applications that are slowing performance of the operating system. If the application identified is not a known program that you installed on the system and the program is robbing performance, it may be ______ and should be terminated.
malicious
The biggest indicator in Windows that some component of the network software is nonfunctional is that you can’t log in to the network or access any ______ service.
network
Malicious programs can cause Internet connectivity issues by acting as a proxy for network traffic, often aiming to steal credentials or banking information.
Some malware changes network settings, such as DNS servers, causing browser redirections by controlling resolved DNS queries or by changing system proxies to route all requests through their remote proxy.
System lockups can occur due to hardware-related problems, persistent software problems, or malware and viruses causing memory leaks and robbing resources.
Application crashes may result from compatibility issues, hardware problems, or malware and viruses attempting to hook into applications, making them crash unexpectedly.
Spam, defined as unwanted, unsolicited email, can lead to larger problems, such as viruses and worms, if users visit infected sites advertised in spam; antispam programs can help mitigate these issues but may produce false positives.
The sheer volume of spam, in addition to the risk of opening the door to larger problems, makes it one of the most annoying issues for administrators to contend with.
It is crucial to educate employees about rogue security software and fake virus alerts to prevent them from interacting with malicious programs disguised as legitimate antivirus software.
Antispam programs are available to help mitigate the annoyance and potential risks associated with spam, but administrators should routinely check for false positives to ensure legitimate email is not being flagged and held.
Troubleshooting common malware and virus issues involves identifying and addressing various symptoms, such as Internet connectivity problems, system lockups, application crashes, and OS update failures, caused by malicious programs and spam.
Study Notes
Protecting Against Malware and Spam
- Spam can now come in various forms beyond email, including SPIM (spam over instant messaging) and SPIT (spam over Internet telephony).
- Malware creators can wreak havoc on a system by deleting key system files and replacing them with malicious copies, renaming or changing permissions of files to restrict user access.
- Windows Vista introduced User Account Control (UAC) by default, making it more difficult to change system files, and only the Trusted Installer has access to modify these files.
- The System File Checker (SFC) is a user tool that can be used to manually heal missing or modified system files.
- Malware can spread through hijacked email contacts, where the recipient is likely to open the attachment as it seems to come from a trusted source.
- Educating users about malware and how to respond is crucial in preventing successful attacks.
- An invalid certificate can indicate expired or insecure digital certificates, potentially leading to security risks when visiting secured websites.
- Event Viewer (eventvwr.exe) provides detailed information about the operating system, with the Security log reporting object audit attempts and the Application and System logs highlighting potential security-related problems.
- It is important to check these logs for clues when suspecting an issue with the operating system or an application that interacts with it.
- Best practices for malware removal include identifying and researching malware symptoms, ensuring the right issue is addressed before taking major actions.
- Identifying malware is crucial and involves identifying the type (spyware, virus, etc.) and looking for evidence to substantiate its presence.
- The 220-1002 exam emphasizes a seven-item list of best practices for malware removal, providing essential information for identifying and addressing malware infestations.
Troubleshooting Common Malware and Virus Issues
- Malicious programs can cause Internet connectivity issues by acting as a proxy for network traffic, often aiming to steal credentials or banking information.
- Some malware changes network settings, such as DNS servers, causing browser redirections by controlling resolved DNS queries or by changing system proxies to route all requests through their remote proxy.
- System lockups can occur due to hardware-related problems, persistent software problems, or malware and viruses causing memory leaks and robbing resources.
- Application crashes may result from compatibility issues, hardware problems, or malware and viruses attempting to hook into applications, making them crash unexpectedly.
- Dr. Watson, a utility for intercepting error conditions, was removed in Windows 7 and replaced with Problem Reports, which allow developers to identify application problems, including those caused by malware or viruses.
- OS update failures can be traced to misconfigured settings, causing the system to report the need for an update that has already been installed; Windows Update Troubleshooter can help solve these issues.
- Rogue antivirus programs disguise themselves as legitimate antivirus software, tricking users into interacting with them and causing damage, often mimicking the Windows Action Center interface to appear trustworthy.
- Spam, defined as unwanted, unsolicited email, can lead to larger problems, such as viruses and worms, if users visit infected sites advertised in spam; antispam programs can help mitigate these issues but may produce false positives.
- The sheer volume of spam, in addition to the risk of opening the door to larger problems, makes it one of the most annoying issues for administrators to contend with.
- It is crucial to educate employees about rogue security software and fake virus alerts to prevent them from interacting with malicious programs disguised as legitimate antivirus software.
- Antispam programs are available to help mitigate the annoyance and potential risks associated with spam, but administrators should routinely check for false positives to ensure legitimate email is not being flagged and held.
- Troubleshooting common malware and virus issues involves identifying and addressing various symptoms, such as Internet connectivity problems, system lockups, application crashes, and OS update failures, caused by malicious programs and spam.
Protecting Against Malware and Spam
- Spam can now come in various forms beyond email, including SPIM (spam over instant messaging) and SPIT (spam over Internet telephony).
- Malware creators can wreak havoc on a system by deleting key system files and replacing them with malicious copies, renaming or changing permissions of files to restrict user access.
- Windows Vista introduced User Account Control (UAC) by default, making it more difficult to change system files, and only the Trusted Installer has access to modify these files.
- The System File Checker (SFC) is a user tool that can be used to manually heal missing or modified system files.
- Malware can spread through hijacked email contacts, where the recipient is likely to open the attachment as it seems to come from a trusted source.
- Educating users about malware and how to respond is crucial in preventing successful attacks.
- An invalid certificate can indicate expired or insecure digital certificates, potentially leading to security risks when visiting secured websites.
- Event Viewer (eventvwr.exe) provides detailed information about the operating system, with the Security log reporting object audit attempts and the Application and System logs highlighting potential security-related problems.
- It is important to check these logs for clues when suspecting an issue with the operating system or an application that interacts with it.
- Best practices for malware removal include identifying and researching malware symptoms, ensuring the right issue is addressed before taking major actions.
- Identifying malware is crucial and involves identifying the type (spyware, virus, etc.) and looking for evidence to substantiate its presence.
- The 220-1002 exam emphasizes a seven-item list of best practices for malware removal, providing essential information for identifying and addressing malware infestations.
Troubleshooting Common Malware and Virus Issues
- Malicious programs can cause Internet connectivity issues by acting as a proxy for network traffic, often aiming to steal credentials or banking information.
- Some malware changes network settings, such as DNS servers, causing browser redirections by controlling resolved DNS queries or by changing system proxies to route all requests through their remote proxy.
- System lockups can occur due to hardware-related problems, persistent software problems, or malware and viruses causing memory leaks and robbing resources.
- Application crashes may result from compatibility issues, hardware problems, or malware and viruses attempting to hook into applications, making them crash unexpectedly.
- Dr. Watson, a utility for intercepting error conditions, was removed in Windows 7 and replaced with Problem Reports, which allow developers to identify application problems, including those caused by malware or viruses.
- OS update failures can be traced to misconfigured settings, causing the system to report the need for an update that has already been installed; Windows Update Troubleshooter can help solve these issues.
- Rogue antivirus programs disguise themselves as legitimate antivirus software, tricking users into interacting with them and causing damage, often mimicking the Windows Action Center interface to appear trustworthy.
- Spam, defined as unwanted, unsolicited email, can lead to larger problems, such as viruses and worms, if users visit infected sites advertised in spam; antispam programs can help mitigate these issues but may produce false positives.
- The sheer volume of spam, in addition to the risk of opening the door to larger problems, makes it one of the most annoying issues for administrators to contend with.
- It is crucial to educate employees about rogue security software and fake virus alerts to prevent them from interacting with malicious programs disguised as legitimate antivirus software.
- Antispam programs are available to help mitigate the annoyance and potential risks associated with spam, but administrators should routinely check for false positives to ensure legitimate email is not being flagged and held.
- Troubleshooting common malware and virus issues involves identifying and addressing various symptoms, such as Internet connectivity problems, system lockups, application crashes, and OS update failures, caused by malicious programs and spam.
Test your knowledge on protecting against malware and spam with this quiz. Covering topics such as different forms of spam, malware prevention techniques, Windows security features, and best practices for malware removal, this quiz will help you understand essential strategies for safeguarding your system against cyber threats. Ideal for anyone looking to enhance their cybersecurity knowledge and protect their devices from malicious attacks.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free