Chapt 19 Flashcards
In Windows, which utility is responsible for finding, downloading, and installing Windows patches?
A) Device Manager
B) Microsoft Management Console
C) Download Manager
D) Windows Update
Windows Update
D. Windows Update is responsible for downloading and installing Windows service packs, patches, and security updates. Device Manager is used to view devices installed on the operating system. The Microsoft Management Console is a console that allows snap‐ins to be added for management. Download Manager is a component of Internet Explorer.
Which Startup Setting option allows you to boot with basic drivers?
A) Enable Debugging
B) Enable Safe Boot
C) Disable Driver Signature Enforcement
D) Enable Low‐Resolution Video
Enable Safe Boot
B. Enable Safe Boot with the msconfig utility allows you to boot with basic drivers and minimal startup of nonessential services. Enable Debugging is used by kernel developers. Disable Driver Signature Enforcement is used to allow an unsigned driver to load during boot. Enable Low‐Resolution Video will boot the operating system into a VGA mode.
Which bootrec option can be used in Windows to rebuild the boot configuration file?
A) /fixboot
B) /rebuildbcd
C) /scanos
D) /fixmbr
/rebuildbcd
B. The /REBUILDBCD option can be used with the bootrec tool to rebuild the boot configuration data (BCD). The /FIXBOOT option writes a new boot sector to the system partition. The /SCANOS option scans all other partitions that are found to have Windows installations. The /FIXMBR writes a new master boot record (MBR) to the partition.
What is the first step in malware removal?
A) Quarantine the infected system.
B) Identify and verify the malware symptoms.
C) Remediate the infected system.
D) Educate the end user.
Identify and verify the malware symptoms.
B. The most important first step is to identify and verify the malware symptoms. You should quarantine the infected system once you have verified it is infected. Remediating the infected system happens after you disable System Restore. Education of the end user is the last step to malware removal.
Which tool will allow you to troubleshoot a slow‐loading profile?
A) Profile tab of the Advanced System Properties
B) Regedit
C) Windows Recovery Environment
D) Windows Preinstallation Environment
Profile tab of the Advanced System Properties
A. The Profile tab of the Advanced Systems Properties dialog box allows you to view the total size of a local or remote profile. Regedit and the Windows Recovery Environment will not aid in troubleshooting a slow‐loading profile. Windows Preinstallation Environment is the mini‐Windows version used for installation of Windows.
Which of the following components are only used to restore Windows from a suspended state?
A) BCD
B) ntoskrnl.exe
C) winload.exe
D) winresume.exe
winresume.exe
D. winresume.exe is used to load Windows from a suspended state. The Boot Configuration Data (BCD) is used to direct Windows to boot the proper installation. ntoskrnl.exe is the Windows kernel. winload.exe is used for the normal booting of the Windows operating system.
One of the users you support has a Windows 10/11 laptop that will not boot up. The user just installed brand‐new drivers for a graphics card. They need to access a tax application and their data files. What should you try first?
A) Use System Restore.
B) Use Reset This PC.
C) Reimage the laptop.
D) Manually reinstall Windows 10
Use System Restore.
A. The System Restore option should be used first to restore the operating system to an earlier point before the problem. This will restore the device back to a previous state before the installation of the drivers. System Restore will not affect user data files. Reset This PC will reset the PC back to factory default before the tax application was installed. Reimaging the laptop will erase all programs and data files. Manually reinstalling Windows 10 will erase all programs and data files.
Which partitioning type is required when you have UEFI firmware?
A) GPT
B) MBR
C) POST
D) Boot Sector
GPT
A. When you have UEFI firmware, you must have the disk set up with a GUID Partition Table (GPT) partitioning type. The standard master boot record (MBR) partitioning type can be used with BIOS. Power‐on self‐test (POST) is a routine the BIOS or firmware performs to test hardware before boot. The Boot Sector is contained on both MBR and GPT partitioning types.
Which of the following are used to prevent pop‐unders from appearing?
A) Antimalware utilities
B) Pop‐up blockers
C) Phishing sites
D) Antivirus software
Pop‐up blockers
B. Pop‐up blockers are used to prevent pop‐ups and pop‐unders from appearing. Antimalware utilities will remove and prevent malware. Phishing sites are used to collect users’ credentials by tricking users. Antivirus software is used to protect the operating system from viruses.
In general, how often should you update your antivirus definitions?
A) Weekly
B) Monthly
C) Daily
D) Antivirus definitions do not need to be updated.
Daily
C. Antivirus definitions should be updated daily, because new viruses are identified by the minute. Updating antivirus definitions weekly or monthly will open you up to the possibility of infection.
Which tool can be used to diagnose why Windows 10/11 is slow and sluggish?
A) Resource Monitor
B) msconfig.exe
C) Device Manager
D) Reliability Monitor
Resource Monitor
A. Resource Monitor can be used to identify slow and sluggish performance, as well as identify the source of the problem. The msconfig.exe tool can be used to enable or disable services on startup and launch tools, but it cannot be used to diagnose performance issues. The Device Manager MMC can be used to view and modify devices, but it will not help diagnose performance problems. Reliability Monitor will display the reliability of the operating system, but it will not help diagnose problems with performance.
Which tool will allow you to diagnose why Windows Update keeps failing?
A) ntbtlog.txt
B) Windows Update Troubleshooter
C) Windows Recovery Environment
D) Safe mode
Windows Update Troubleshooter
B. Windows Update Troubleshooter can assist in diagnosing problems with Windows Update. The ntbtlog.txt file is used to diagnose problems with bootup. Windows Recovery Environment is used to solve problems with Windows and is not typically used for problems with Windows Updates. Safe mode is a boot mode that loads minimal drivers and services.
Which of the following programs could be considered antimalware?
A) Microsoft Defender Security
B) MDM
C) Windows Action Center
D) VirusTotal
Microsoft Defender Security
A. Microsoft Defender Security is considered antimalware and antivirus protection for the Windows operating system. Mobile device management (MDM) software is used to manage mobile devices. Windows Action Center is a notification center for action to be taken in the operating system. VirusTotal is a third‐party site that analyzes virus signatures, but it does not protect you from them.
Which of the following tools allows you to manually fix maliciously modified system files?
A) regedit
B) SFC
C) bootrec
D) UAC
SFC
B. The System File Checker (SFC) allows you to manually scan for modified operating system files and repair them. regedit is used to modify the Registry. bootrec is used to repair the boot records on an operating system installation. User Account Control (UAC) is used to control access to administrative credentials.
Which of the following can you do to help eliminate security problems? (Select the best answer.)
A) Establish security policies and procedures.
B) Optimize drives.
C) Prevent booting into safe mode.
D) Prevent booting into Windows Recovery Environment.
Establish security policies and procedures
A. Establishing security policies and procedures will help eliminate security problems and guide employees on what to do if they arise. Optimizing drives will defragment drives and has no effect on security. Preventing booting into safe mode will only hinder diagnostics. Preventing booting into Windows Recovery Environment will also hinder diagnostics.
A mobile device is running out of RAM. What could be the most likely problem?
A) The device is not charged to capacity.
B) The digitizer is not functioning properly.
C) The device is in DND mode.
D) The device has background applications open.
The device has background applications open.
D. The device most likely has too many background applications open that are using RAM. That the device is not charged to capacity would not affect RAM. A digitizer not functioning properly would resemble inaccurate touchscreen responses. If the device were in Do Not Disturb (DND) mode, the speakers would not work.
What is a risk of using the auto‐reconnect feature on a mobile device?
A) The device will reconnect to any SSID.
B) The device could be exploited by an evil twin attack.
C) The device’s battery life could be shortened.
D) You may exceed your cellular data plan’s limits.
The device could be exploited by an evil twin attack.
B. If auto‐reconnect is configured on an SSID, the device could be susceptible to an evil twin attack, in which the device connects to any device with the same SSID. The device will not reconnect to any SSID but only to the SSID configured as auto‐reconnect. Battery life will remain unaffected with auto‐reconnect. Exceeding limits can be avoided with auto‐reconnect, because the wireless network is used for data usage.
You notice that the reliability of the operating system has diminished in Reliability Monitor. Where can you find more details on why applications are failing?
A) Device Manager
B) Event Viewer
C) Windows Recovery Environment
D) msconfig.exe
Event Viewer
B. Event Viewer will allow you to see more detailed information on why programs have crashed. The Event Viewer logs may not give the exact reason, but they will aid in understanding the root cause. Device Manager is used to view and manage devices connected to the operating system. The Windows Recovery Environment is used to repair the Windows operating system. The msconfig.exe tool is used to modify startup programs and launch other diagnostic tools.
Why would the operating system write out large amounts of RAM to the page file?
A) The CPU is running high on utilization.
B) This is a normal process of the operating system.
C) The amount of physical RAM is low.
D) The page file is faster than conventional RAM.
The amount of physical RAM is low
C. The reason that the operating system would write out large amounts of RAM to the page file is that the system is running low on physical RAM and is attempting to free up physical RAM. The CPU might run high when paging occurs, but it will not trigger excessive paging. Although it is normal for the operating system to write out RAM to the page file, it is not normal for large amounts to be written out. The page file is not faster than conventional RAM.
What is one consequence of an overheating mobile device?
A) Higher RAM usage
B) Degraded battery life
C) Inaccurate touchscreen response
D) Inability to decrypt emails
Degraded battery life
B. Degraded battery life can be expected from an overheating mobile device if the problem persists for a long time. Higher RAM usage will not occur with overheating, but it could be a cause of overheating. Inaccurate touchscreen responses are not a symptom or a consequence of overheating. The inability to decrypt emails depends on having the proper certificate installed.
a ____ happens when the windows kernel crashes upon boot
BSOD (blue screen of death)
the _____ file can be checked for a failed driver during boot.
ntbtlog.txt
______ can be used to view and kill processes
task manager or resource monitor
the ____ server is responsible for serving the correct time to a client.
NTP (network time protocol)
on the ____ tab of service, you can configure what happens if the service fails.
recovery
_____ software should be installed on mobile devices to prevent malicious software
anti virus or anti malware
the _____ can be used to set boot logging.
system configuration
the ____ can be used to repair the operating system
windows recovery environment
the _____ can be used to look at errors, warnings and messages in the operating system
event logs
______ and ______ should be checked if a mobile device is experiencing power drain.
RAM, CPU
the USB controller supports both power and ____ allocation.
endpoint
______ are advertisements that appear behind a web page.
pop unders
the ____ service is responsible for installing applications and has permission to modify certain files.
trusted installer
the ____ allows a person to elevate their privileges on the operating system by prompting them on the screen
UAC (user account control)
_______ is a type of browser redirection that is used to compromise credentials.
pharming
the last step in malware removal is ______.
educating the end user
a _____ can be used to remove stubborn malware and viruses
microsoft defender offline scan
before remediating an infected system, you should disable ____
system protection
______ can damage and shorten the life of mobile device batteries
heat
_______ allows you to turn off all network connections at once on a mobile device.
airplane mode
what technology allows pairing of mobile devices and, on occasion, the ability to transfer files between them?
bluetooth
you should ____ an unresponsive mobile device.
hard-reset
using the ____ wireless band can help with wireless interference.
5 Ghz
______ software can disable the camera and the microphone on mobile devices.
MDM (mobile device management)
when an application is not loading on a mobile device, what is the
first troubleshooting step?
A) force-quit the application
B) factory reset the phone
C) clear the application’s cache
D) reinstall the application
A) force-quit the application
Best practices for malware removal: (7 steps)
1 identify and verify malware symptoms
2 quarantine the infected systems
3 disable system restore in windows
4 remediate infected systems
5 schedule scans and run updates
6 enable system restore and create a restore point in windows
7 educate the end user
an organization wants to perform a form of redirection in which the
traffic intended for one host is sent to another. which of these will
help the organization in the given scenario?
A) pharming
B) pop-ups
C) NFC
D) Desktop alert
A) pharming
you need to kill a process on an operating system in which the
application seems to be frozen. what should you do to minimize
disruption?
A) reboot the operating system
B) use system protection to view activity
C) log the user off
D) use resource monitor
D) use resource monitor
what happens when RAM is filled up?
A) the mobile device will open background memory pages onto the
built-in storage
B) the mobile device will swap background memory pages onto the
built-in storage
C) the mobile device will delete background memory pages onto the
built-in storage
D) the mobile device will close background memory pages onto the
built-in storage
B) the mobile device will swap background memory pages onto the
built-in storage
which of these is the program used to boot windows?
A) winload.exe
B) resume.exe
C) win.exe
D) winres.exe
A) winload.exe
which of the following tools allows users to manually fix maliciously modified system files?
SFC, bootrec, UAC, regedit
SFC
what can cause intermittent connection problems because it operates on 2.4Ghz?
bluetooth
what command enables the users to view all the processes on the operating system and their network connections?
netstat -nab
the ____ on the motherboard is responsible for maintaining the correct time.
RTC
real time clock
you find out that your cell plan has overages. when you investigate your device, you find that there is malware installed. what can prevent these overages in the future?
A) using MDM software
B) using only wireless connectivity
C) using a mobile firewall
D) turning off cellular when it is not needed
C) using a mobile firewall
which of these is a notification or dialog box that is crafted to look like it was generated by the operating system?
A) action center
B) bitlocker
C) desktop alert
D) pop-ups
C) desktop alert
you are an IT tech in an organization. you have been given a task to repair a malware infected system. you have identified the symptoms that suggest the presence and nature of the installed malware, which of the following should be your next step?
A) update anti malware software
B) update the system and schedule future scans
C) disable system restore
D) quarantine the infected system
D) quarantine the infected system
a symptom of poor hard disk drive performance is called ____
thrashing of the drive heads on the platters of the drive
what is a symptom of the OS running out of RAM?
A) slow execution of applications
B) high disk activity
C) slow loading of web pages
D) thrashing of the drive heads on the platters of the drive
B) high disk activity
which of these can be used by selecting the Boot Log option on the Boot tab?
A) msconfig
B) regeconfig
C) regedit
D) bootrec
A) msconfig
what is the correct way to create restore paints?
A) during the installation of some programs, a restore point is created after the installation
B) you cannot manually create them by yourself
C) you can create them automatically by using the BIOS setup
D) windows creates them automatically by default
D) windows creates them automatically by default
which of these will allow the developer to install APK directly onto the divice they are testing with?
A) ADB
B) bootleg application
C) developer mode
D) ABD
A) ADB
android debug bridge
you need to boot the windows recovery environment in windows 10. how can you perform this task?
A) by pressing the alt key during bootup
B) by rebooting the OS while holding the ctrl key
C) by rebooting the OS while holding the shift key
D) by pressing the F8 key during bootup
C) by rebooting the OS while holding the shift key
what is the first step that users should take after they have isolated the problem to an action or process in the OS?
A) establish a plan of action to resolve the problem and implement the solution
B) document findings, actions, and outcomes
C) test the theory to determine the cause
D) formulate a theory of probable cause
D) formulate a theory of probable cause
what is the nominal distance required by NFC to operate?
4 cm
when is winresume.exe called by if a system is not starting fresh but resuming from a previous session?
A) BOOTMGR
B) BOOTMRG
C) MRGBOOT
D) MGRBOOT
A) BOOTMGR
why is time drift a big problem on virtual machines?
A) due to the availability of the NTP server
B) due to the shared physical RTC
C) due to the emulated RTC
D) due to the lack of configuration for the NTP server
C) due to the emulated RTC
which of the following files bootstraps the system?
A) BOOTSTRAP
B) MGRBOOT
C) BOOT
D) BOOTMGR
D) BOOTMGR
you have recently disabled system protection after identifying and quarantining a system with malware. what should be done next?
A) schedule scans of antivirus software
B) run antivirus software to remove the malware infection
C) educate the end user
D) enable system protection
B) run antivirus software to remove the malware infection
maria, a support analyst, is tasked to update the OS for a mobile device used for testing purposes in the organization. however, the OS failed to update for that device. she then freed up the memory since insufficient memory could be preventing the update. which of the following steps has she performed?
A) reboot
B) storage
C) compatibility
D) connectivity
A) reboot
you are a pc tech in an organization. you are working on a windows computer and got to know that some necessary DLL files are misssing. which of the following will you do to troubleshoot the missing DLL files?
A) check event viewer
B) use regsvr32
C) use ipconfig
D) use msconfig
B) use regsvr32
NFC uses ___ radio fields to enable communications between the phone and the NFC device
electromagnetic
Which of these is the act of a malicious application spoofing a legitimate application?
A) bootleg application
B) jailbreak
C) application spoofing
D) malicious application
C) application spoofing
which tool can be used to restart a failed service?
A) resource monitor
B) computer management MMC
C) WinRE
D) msconfig.exe
B) computer management MMC
which bootrec option cab be used in Windows to again construct the boot configuration file?
A) /FIXBOOT
B) /REBUILDBCD
C) /SCANOS
D) /FIXMBR
B) /REBUILDBCD
You need to enforce the use of encryption on mobile devices. which method is the most effective?
A) group policy
B) NDA
C) BYOD policy
D) MDM
D) MDM
the use of MDM (mobile device management) software is the most effective way of enforcing the use of encryption on mobile devices. many organizations that employ MDM create policies to prevent rooted and jailbroken devices from attaining access to organization information
you are receiving USB controller resource warning messages. how should you try to resolve the issue?
A) by manually alloting more endpoints
B) by upgrading drivers for the USB devices
C) by manually increasing the output amperage
D) by moving USB devices around on the USB ports
D) by moving USB devices around on the USB ports
you work as a network admin in a company. a user has brought it to your attention that some malicious looking icons have appeared on his PC. you’ve quarantined the infected system. which of the following steps will you take next?
A) disable system restore
B) schedule scans and updates
C) remediate infected systems
D) educate end users
A) disable system restore
To properly remove malware from an infected computer, you should perform the following 7 steps:
1-identify malware symptoms
2-quarantine infected systems
3-disable system restore
4-remediate infected systems
5-schedule scans and updates
6-enable system restore and create restore point
7-educate end users
your mobile device is suffering from an intermittent wireless connection. what is reccommended to alleviate signal drops?
A) using the 5 GHz band
B) shortening the SSID
C) using the 2.4 GHz band
D) reducing power on the WAP
A) using the 5 GHz band
using the 5 GHz band, you can limit the amount of interference from external devices, such as microwave ovens and Bluetooth devices.
frozen systems come under which of the following?
A) application issues
B) none of these
C) system issues
D) performance issues
D) performance issues
which of these is not generally attributed to an intermittent wireless issue?
A) radar
B) wireless access points
C) microwave ovens
D) bluetooth devices
B) wireless access points
which of these is not the common culprit of random reboots?
A) update
B) auto restart
C) running applications
D) storage health
D) storage health
which of these is not a common culprit of random reboots?
A) factory reset
B) storage
C) update
D) battery life
D) battery life
The symptom of high disc activity is characteristic of what?
Running out of RAM
What is a symptom of poor hard disk drive performance?
The thrashing of the drive heads on the platters of the drive
What problems are the hardest to solve because they require third party tools by the vendor?
Graphics related problems
What boot process can contain drivers that allow it to boot across a network or other non-standard devices?
UEFI
What in Windows bootstraps the system. In other words, this file starts the loading of an operating system on the computer
BOOTMGR
What holds information about operating systems installed on the computer, such as the location of the operating system files?
BCD boot configuration data
What program is used to boot Windows, it loads the operating system kernel
winload.exe
What is the Windows operating system kernel called?
ntoskrnl.exe
What is called by the boot manager at the system is not starting fresh but resuming a previous session?
winresume.exe
What is responsible for allowing applications shared access to the hardware through drivers?
The kernel ntoskrnl.exe
What is the Windows boot log called that stores a log of boot time events and is not enabled by default?
ntbtlog.txt
What command prompt command will rebuild the BCD?
bootrec /rebuildbcd
When it is reported that an operating system is missing or no OS is found the first thing to check is?
Check that no media is in the machine usb, dvd, cd, Etc
What option when booting from the Windows installation media will launch the Windows recovery environment?
Repair
What program allows you to see application crashes and the times and dates that they occurred?
Reliability monitor
If your windows GUI fails to start properly, more likely than not the problem is related to a?
A misconfigured driver or misconfigured Hardware
Under what circumstances does the Windows recovery environment automatically launch?
If there are two failed attempts to boot the operating system in 2 minutes
If you identify that the problem is a hardware issue, then the first step to resolving the problem is?
Updating drivers
If there is a software problem what is the first step to troubleshoot?
Reboot
If you receive a warning of your computer is low on memory, what two things could it be from?
The computer does not have enough physical RAM or a process is using a large amount of ram that it normally doesn’t need
In Windows the page file is called what and is located where?
C:\pagefile.sys
What may be happening if a USB device is malfunctioning or erratically disconnecting?
The device connected may be drawing more than the allocated power it is given
What can be used to narrow down the performance problem caused by a slow loading local profile?
Task manager
Authentication problems on a hypervisor could be caused by?
Time drift
If you have invalid certificates for web pages the problem May be?
Time drift
What process allows the operating system to terminate hung processes gracefully?
Rebooting
Under what circumstance should Services be restarted?
If they crash
To restart a service you can use what application?
Computer management MMC and then selecting services
If an application is crashing or acting erratically what could be done to fix this problem?
Choosing to repair the application will validate that it is installed properly and the process will replace any missing critical files for the application
What should be used if the operating system stops functioning or errors in a manner that makes you suspect corruption?
System file Checker tool
sfc.exe /scannow
The tool will scan and repair any files that fail the Integrity check
What will reinstall all files from Source media regardless of their integrity?
The repair installation
What is one way of entering the Windows recovery environment? Shortcut key
Hold shift as you reboot the operating system
What application allows you to roll back drivers?
Device manager
When the roll back is complete you should reboot the computer before testing to see if it fixed the issue
A meme is?
Any concept that spreads quickly through the internet
What is used to Combat Rogue antivirus?
End user education
What is a form of redirection in which traffic intended for one host is sent to another?
Pharming
What command enables you to view all the processes on the operating system and their Network connections?
netstat -nab
The best practices steps for malware removal are?
1 - identify and verify malware symptoms
2 - quarantine infected systems
3 - disable system restore in Windows
4 - remediate infected systems
5 - schedule scans and run updates
6 - enable system restore and create a restore point in windows
7 - educate the end user
The first thing you should try if a mobile application is not loading is to?
Force quit the application
What is happening when the mobile device is swapping background memory Pages onto the built-in storage?
You are running out of Ram or the ram is filled up
On newer iPhones what is not automatically turned off in airplane mode?
Bluetooth
What Apple protocol uses a combination of Bluetooth and Wi-Fi to transfer files such as photos documents and video?
Airdrop
What is a premium application that has been cracked or nullified to remove the digital Rights Management drm?
A bootleg application
What can be used to identify slow and sluggish performance, as well as identify the source of the problem?
Resource Monitor
