14.11.5 Practice Questions
Which type of file is commonly used by trusted websites to create installation software for mobile devices?
> APK file Explanation: Trusted websites that create installation software for handheld devices use APK files. These files have signatures on them that only allow the vendor to install software on the manufacturers' devices. A BAT file is a DOS batch file used to execute commands within Windows Command Prompt (cmd.exe). A BAT file is not used for mobile devices. An EXE file is an executable program that you can run in Microsoft Windows. It includes either Windows applications or application installers. It is not used for mobile devices. A SYS file is a system file used by Windows to store system settings, variables, and functions to run the operating system.
Which of the following are the FIRST settings you should check if you suspect that a malware attack has impacted your internet connection? (Select two.)
> DNS settings > Proxy settings Explanation: The two recommended settings you should check first are proxy and DNS settings. Adjusting the proxy settings can redirect the user to another location where the attacker can then integrate penetration tools to find vulnerabilities. A DNS server can be reconfigured to take a user outside the network and on to a similar web page. BIOS, VPN, and Internet Connection Sharing settings are much less likely to be altered by a malware attack.
You are an IT technician for your company. Vivian, an employee, has been receiving error messages, indicating that some of her Windows system files are corrupt or missing. To fix this issue, you ran the Windows System File Checker tool (SFC.exe). Shortly after the files were repaired, Vivian called again because she is still having the same issue. You now suspect that a corruption or a renaming of the system files is being caused by malware. Which of the following is the FIRST step you should take to remove any malware on the system?
> Disconnect Vivian's computer from the network. Explanation: When you suspect that a computer may be infected with malware, you should immediately disconnect (quarantine) the computer from the network to prevent propagation of the malware. After the computer is isolated, you can back up the computer and begin to remove the malware by using a virus removal program (anti-malware software) in Safe Mode. Disabling System Restore does not further any removal of malware. Backing up an infected computer and performing a clean install of Windows does not resolve any issues with Vivian's critical files, and it does not prevent any future issues with malware.
You have just visited a website on your mobile device when your web browser locks up, and you receive a warning that your device has a virus. You are given a phone number to call to remove the virus. Which of the following describes the type of malware symptom that you are MOST likely experiencing?
> False security warning Explanation: Just like a normal desktop system, a mobile device can be the victim of a site that falsely purports to know that a virus was installed (the site might even lock your browser). These are false security warnings that will have address links or a phone number to call. Connectivity is another malware symptom that results in sluggish performance. It may be because an application is leaking data and using all of its bandwidth to constantly transmit its own signal. But there is usually no warning message displayed like the one described in the scenario. If you are experiencing an increased amount of data, this could be a telltale sign that there is an application broadcasting data without permission. But there is usually no warning message displayed like the one described in the scenario. Spoofed applications are a type of malicious software that appears to be a real program, but is actually a security threat.
Which of the following are common symptoms of a compromised mobile device? (Select two.)
> Increased data usage > Connectivity issues Explanation: Two of the most common symptoms of a compromised mobile device are: - Connectivity issues - If a device seems sluggish, it may be because an application is leaking data and using bandwidth to constantly transmit its own signal. - Increased data usage - If you are experiencing an increased amount of data usage, this could be a telltale sign that there is an application broadcasting data without permission. While a flickering screen or an increase in junk email might be symptoms of a compromised device, they are more commonly associated with hardware failure (flickering screen) or your email account being more widely distributed among online businesses (increase in junk email). Wi-Fi spoofing occurs when someone sets up a wireless access point in a public area (such as a store) and broadcasts the same ID as the Wi-Fi that is being provided by the establishment. Wi-Fi spoofing is not a symptom of a compromised mobile device.
Which mobile device vulnerability results in a user unlocking all of a mobile device's features and capabilities?
> Jailbreaking Explanation: Jailbreaking a handheld device unlocks all the features and capabilities of that device. Once a mobile device is jailbroken, large holes in the operating system can be exploited, including the system files. Developer Mode is made for software companies and manufacturers to be able to create and test applications and features on mobile devices. Turning on this feature can lead to the unlocking of system files on the operating system. However, Developer Mode does not unlock all the features and capabilities of a mobile device. A spoofed application looks like a real program, but is actually an infected version of a real application. A spoofed application is not designed to unlock all the features and capabilities of a mobile device. Trusted websites that create installation software for handheld devices use APK files. These files have APK signatures on them that only allow the vendor to install software on the manufacturers' devices. APK files are not designed to unlock all the features and capabilities of a mobile device.
Which of the following are likely symptoms of a malware infection? (Select two.)
> Renamed system files. > Changed file permissions. Explanation Common symptoms of a malware infection include the following: - Slow computer performance - Internet connectivity issues - Operating system lockups - Windows update failures - Renamed system files - Disappearing files - Changed file permissions - Access denied errors Cookies are commonly placed by legitimate websites and aren't considered a major security threat. Windows automatically installs updates by default. Phishing emails don't necessarily indicate that a system is infected with malware. It is more likely that your email address has been picked up and included on a list.
An employee calls to complain that their browser keeps opening up to a strange search engine page, and a toolbar has been added to their browser. Which of the following malware issues are MOST likely causing the problem?
> Software issues Explanation: Software issues can result in a browser opening to a strange search engine page and unwanted toolbars. Internet settings and connectivity issues result from a malware attack changing settings in your system. These problems do not normally result in an unwanted search engine page or toolbar. Altered file issues normally deal with an attacker moving, copying, and deleting files or changing file permissions. These alterations do not normally result in an unwanted search engine page or toolbar.
Your company is creating a financial application that you want to first test on mobile devices. Several customers have asked to be part of the beta testing process. What do the employees need to do on their mobile devices in order to be able to participate in the beta test?
> Turn on Developer Mode. Explanation: Developer Mode is made for software companies and manufacturers to be able to create and test applications and features on mobile devices. Jailbreaking a mobile device unlocks all the features and capabilities of that device. Doing this is not required for testing an application from a trusted source. While enabling authentication and having a password manager on your mobile device are both good practices, they are not normally required to participate in a beta test of an application.
While browsing the internet, a pop-up browser window comes up, warning you that your system is infected with a virus. You are directed to click a link to remove the virus. Which of the following are the BEST next actions to take? (Select two.)
> Update the virus definitions for your locally installed anti-malware software. > Run a full system scan using the anti-malware software installed on your system. Explanation: This scenario is an example of a rogue antivirus attack. As such, you should assume that your system has been infected by some kind of malware, possibly by one of the sites you visited recently. You should first close your browser window and then update the virus definitions for your locally installed antivirus software. Next, you should run a full system scan using the antivirus software installed on your system. Clicking on the link provided would be the worst choice, as it will most likely install a host of other malware on your system. Ignoring the message is unwise, as your system has probably been infected with malware at that point. You should not try to manually remove the virus, as the message displayed by the rogue antivirus attack is probably fictitious.
