ITI-108 Unit Exam 3
You suspect a boot sector virus has infected your computer. How can you remove the virus? Perform a full scan using Microsoft Defender Antivirus. Replace the hard drive. Perform a Microsoft Defender Offline scan. Boot the system in Safe Mode with Networking, and run Microsoft Defender Antivirus.
c. Perform a Microsoft Defender Offline scan. Boot sector viruses can be removed before the operating system launches.
What is the best way to determine if an email message warning about a virus is a hoax? Check websites that track virus hoaxes. Scan the message for misspelled words or grammar errors. Open the message and see what happens. Scan your email inbox for malware.
a. Check websites that track virus hoaxes. A hoax email often does have misspelled words or grammar errors and scanning can detect malware, but the quickest way to determine an email hoax is to search the web. Never open a message just to see what happens, especially if you suspect it is a hoax.
When a driver is giving problems in Windows 10, which tool offers the least intrusive solution? Device Manager Windows Update System Restore Registry Editor
a. Device Manager Device Manager is the least intrusive option because it updates only the device driver and not the entire Windows system.
You have important data on your hard drive that is not backed up, and your Windows installation is so corrupted you know that you must reinstall Windows. What do you do first? Use System Restore to apply a restore point. Make every attempt to recover the data. Perform a repair installation of Windows. Reformat the hard drive and reinstall Windows.
b. Make every attempt to recover the data. Before trying to solve the Windows problem, make every effort to recover important data. You don't want to destroy data that is not backed up in the process of fixing Windows.
What is the first thing you should do when you discover a computer is infected with malware? The second thing? Turn off system protection. Update installed anti-malware software. Format the hard drive. Quarantine the computer.
First: d. Quarantine the computer. Second: b. Update installed anti-malware software. Try to first rid the system of malware before you format the hard drive and reinstall Windows unless the malware you suspect is present is especially dangerous.
What folder is used by Windows to hold restore points?
The System Volume Information folder is used by Windows to hold restore points. When you turn off System Protection, all restore points stored in this folder are deleted.
An employee uses a key fob to access corporate resources from their home office. What type of authentication are they using? Mutual authentication Soft token Authenticator app SMS messaging
b. Soft token A soft or hard token proves you have something. The number showing on the key fob changes every 60 seconds and is keyed in to the authentication system
When you started your new job, your training included reading through the company intranet website AUP pages. This morning you see a coworker violating a policy. You ask whether they are aware that they are violating the policy, and they respond that they are aware. What is your next step? Ignore the incident and wait to see whether it happens again. Tell your manager about the situation. Tell another coworker and ask them what you should do. Ask a coworker how to fill out an incident report.
b. Tell your manager about the situation. Your responsibility is to tell your manager so they can decide how to deal with the situation.
What tool is best to use when destroying data on an SSD? Zero-fill utility Low-level format Degausser ATA Secure Erase
d. ATA Secure Erase The ATA Secure Erase technology is approved as the legal method to wipe clean an SSD.
What registry key keeps information about services that run when a computer is booted into Safe Mode?
HKLM\System\CurrentControlSet\Control\SafeBoot If malware launches even when booting into Safe Mode, this key can help you find how the malware is launched.
Among the following, which is the best protection against ransomware? Windows File History Carbonite Keylogger software Authy by Twilio
b. Carbonite Of the options given, Carbonite is the best protection against ransomware because it backs up your data to the cloud, and File Explorer cannot access it. Ransomware attacks can assess any data that File Explorer is able to access.
What is the command to use the System File Checker to immediately verify and repair system files?
sfc /scannow Run he command in an elevated command prompt window.
Which definition describes a virus? A Trojan? A program that can replicate by attaching itself to another program A program that can spread copies of itself throughout a network without a host program A program that does not need a host program to work; it substitutes itself for, and pretends to be, a legitimate program A program that displays ads in a web browser
Virus: a. A program that can replicate by attaching itself to another program. Trojan: c. A program that does not need a host program to work; it substitutes itself for, and pretends to be, a legitimate program A virus needs another program to execute before it can launch, but a Trojan does not require a host program.
A customer reports their recently purchased computer does not consistently run their old applications. Application errors occur intermittently, and data files get corrupted. They have tried uninstalling and reinstalling the apps, and the problems persist. As you troubleshoot the problem, you reboot the system and get a BSOD error. The customer tells you the BSOD has occasionally appeared. Which subsystem is most likely causing the problem, and what is the next best step? Windows is corrupted; reinstall Windows. Windows Update is not working; use System Restore. Memory is faulty; run Memory Diagnostics. Applications are faulty; uninstall and reinstall the applications causing errors.
. Memory is faulty; run Memory Diagnostics. Intermittent errors that apply to apps, data, and the Windows kernel that would result in BSOD errors are likely caused by failing hardware, such as a failing hard drive or memory. Event Viewer might help identify the problem. If Memory Diagnostics does not show memory errors, try scanning the hard drive for errors. Then try repairing Windows.
At a restaurant, you overhear people discussing an interesting case they treated while working in a dental office that day. Which type of regulated data policies are most likely to have been violated? PII PHI PCI GDPR
b. PHI Protected health information (PHI) is regulated by the United States government via the HIPAA act of 1996.
What does anti-malware software look for to determine that a program or a process is a virus?
Anti-malware software looks for a virus signature. Updates to the anti-malware software include updates to new virus signatures used to identify newly released malware.
What is the path and name of the log file created when you enable boot logging on the Windows 10 Startup Settings menu?
C:\Windows\ntbtlog.txt The log file can be helpful when compared to one run on a healthy computer to identify a corrupted driver or service
Which Windows program must be running before a user can sign in to Windows? Kernel.exe Userinit.exe Explorer.exe Lsass.exe All of the answers are correct.
D. Lsass.exe The Local Security Authority process (Lsass.exe) authenticates the user account and password to Windows
When error messages indicate that the Windows registry is corrupted and you cannot boot from the hard drive, what tool or method is the first best option to fix the problem? The second-best option? Use bootable media to launch Windows RE, and use System Restore to apply a restore point. Use bootable media to launch Windows RE and perform a Startup Repair. Use bootable media to launch Windows RE, and then use commands to recover the registry from backup. Reimage Windows using a system image.
First: b. Use bootable media to launch Windows RE and perform a startup repair. Second: a. Use bootable media to launch Windows RE, and use System Restore to apply a restore point. Always begin troubleshooting startup problems with startup repair. Then use the next least invasive solution. Applying a restore point is less invasive and time consuming than the other options.
You see multiple errors about device drivers failing to launch at startup. Of the following, which is the best option to try first? Second? Apply a restore point. Perform a clean installation of Windows from setup media. Perform a Startup Repair. Perform a Windows reset.
First: c. Perform a startup repair. Second: a. Apply a restore point. Always try the least invasive solution first. Startup repair restores essential corrupted drivers and critical system files without making other changes to the system. A restore point is less invasive than a clean install or a Windows reset, which makes it the next best option to try after a startup repair.
If you are having a problem with a driver, which of the following should you try first? Second? Update the driver. Use System Restore to apply a restore point. Update Windows. Perform a clean boot.
First: c. Update Windows. Second: a. Update the driver. Always try the least invasive solution first; however, Windows updates should always be current and can sometimes solve a driver problem. If updating Windows does not fix the problem, updating the driver is the next option.
What must you do in Windows to allow anti-malware software to scan and delete malware it might find in the data storage area where restore points are kept?
Turn off System Protection to allow anti-malware software to scan and delete malware it might find in the data storage area where restore points are kept. When System Protection is turned off, all restore points are deleted.
What information is contained in the C:\Windows\System32\LogFiles\Srt\SrtTrail.txt file?
The file contains a list of items examined and actions taken by the startup repair process. This log file can be helpful for identifying the source of a problem, even when startup repair was not able to fix the problem.
What is one difference between a video surveillance camera and a webcam? Select all that apply. One camera is a part of the IoT, and the other is not. One camera is accessible from the Internet, and the other is not. One camera has an IP address, and the other does not. One camera has a lens, and the other does not.
a. One camera is a part of the IoT, and the other is not; c. One camera has an IP address, and the other does not. A video surveillance camera has an IP address and can transmit data over a network, and a webcam is a peripheral device installed on a computer, which transmits the data from the webcam.
A stop error halts the Windows 10 system while it is booting, and the booting starts over in an endless loop of restarts. How can you solve this problem? Use the Windows Startup Settings screen to disable automatic restarts. Press F8 at startup, and then disable automatic restarts. Launch Windows 10 from setup media, and perform a Windows 10 reset. Press F9 at startup, and then disable automatic restarts.
a. Use the Windows Startup Settings screen to disable automatic restarts. Automatic restarts are enabled by default, and you can disable them in the Windows Startup Settings screen. Always try the least invasive solution first.
As a computer starts up, you see an error message about a missing operating system. At what point in startup does this error occur? When BIOS/UEFI is searching for an OS using devices listed in the boot priority order When Windows attempts to load the user profile When Windows attempts to launch critical device drivers When Windows attempts to launch the Windows kernel
a. When BIOS/UEFI is searching for an OS using devices listed in the boot priority order BIOS/UEFI is responsible for finding and then launching an operating system. If it cannot find one, it displays an error.
You sign in to your personal computer with your Microsoft account, and you want to set up your computer as a trusted device to make changes to the account settings. Microsoft sends a code to your cell phone in a text message. You enter the code on a Windows screen. This type of authentication is called _________________. multifactor authentication mutual authentication biometric authentication None of the answers are correct.
a. multifactor authentication Multifactor authentication uses more than one method to authenticate you. The two methods in this example are the password you used to sign in to your Microsoft account and the text you see on your cell phone.
A virus has attacked your hard drive. Instead of seeing the Windows Start screen when you start up Windows, the system freezes, and you see a blue screen of death. You have important document files on the drive that are not backed up. What do you do first? Explain why this is your first choice. Try a data-recovery service even though it is expensive. Remove the hard drive from the computer case, and install it in another computer. Try GetDataBack by Runtime Software (runtime.org) to recover the data. Use Windows utilities to attempt to fix the Windows boot problem. Run antivirus software to remove the virus.
b. Remove the hard drive from the computer case, and install it in another computer. Because recovering the data is the top priority, you don't want to do anything to risk further damage to this data. The choice that is least likely to affect the data is removing the hard drive from the computer case and installing it in another computer. Then boot into Windows and try copying the data from the bad hard drive to the good drive. After you've recovered the data, you can use anti-malware software on the second computer to scan the hard drive for malware.
Which tool is the least invasive solution to repair Windows? System Restore Startup Repair Windows reset Uninstall updates
b. Startup repair Startup repair is the least invasive solution because it only repairs critical Windows system files, services, and drivers.
Your Windows system boots to a blue screen stop error and no desktop. What do you do first? Reinstall Windows. Use the web to research the stop error messages and numbers. Attempt to boot into Windows RE using the Windows setup DVD or a recovery drive. Verify that the system is getting power.
b. Use the web to research the stop error messages and numbers. Always start troubleshooting by investigating the problem before you start applying solutions.
Your friend mentioned in question 4 is having problems finding the bootmgr file and asks for your help. What is your best response? Use diskpart commands to "unhide" and locate the file. Use the File Explorer options applet to unhide the hidden bootmgr file. Explain to your friend that performing a Startup Repair is a better option. Explain to your friend that they can use the bootrec command to fix the bootmgr file without having to copy another file to the computer.
c. Explain to your friend that performing a Startup Repair is a better option. The most expedient solution is to allow startup repair to automatically restore corrupted system files from its cache rather than attempting to do this manually.
You work in the IT department of a large hospital, and your manager has asked you to dispose of several old laptops previously used by the medical staff. How do you proceed? Delete all user accounts on the laptops, and donate them to a nonprofit organization. Remove the hard drives from all the laptops, replace them with new hard drives, and then donate them to a nonprofit organization. Physically destroy all the hard drives, and then donate the laptops to the computer repair labs at the local community college. Sell the laptops on eBay.com, and donate the money to a charity of your choice.
c. Physically destroy all the hard drives, and then donate the laptops to the computer repair labs at the local community college. Because the laptops have been used by the medical staff, assume the hard drives hold PHI, making it especially important that the drives be destroyed.
Stop errors happen when which types of processes encounter an error? Processes created by applications Processes created by Windows components running in user mode Processes created by Windows components running in kernel mode Processes created by anti-malware software
c. Processes created by Windows components running in kernel mode. Stop errors don't occur with user-mode processes including applications and anti-malware software that run in user mode.
Your friend sees an error message about a corrupted bootmgr file during Windows startup. They have another computer with a matching configuration and decide to copy the bootmgr file from the working computer to the computer with the problem. Where is the bootmgr file stored? C:\Boot\bootmgr System Reserved\Boot\bootmgr System Reserved\bootmgr All of the answers are correct.
c. System Reserved\bootmgr The bootmgr file is stored in the root of the hidden system partition.
On a computer with Windows 11 installed, you have used Disk Management to verify that a laptop has a recovery partition, but when you do a Windows reset, you don't see the option to restore preinstalled apps. What is the most likely problem? Windows reset is not working properly. Windows 11 Home is installed, and it does not offer the option to restore preinstalled apps. The laptop factory state uses an OS other than Windows 11. The recovery partition is corrupted
c. The laptop factory state uses an OS other than Windows 10. Preinstalled apps are only available when they are included in the recovery partition for Windows 10. For example, if the laptop were purchased with Windows 8 installed at the factory and later upgraded to Windows 10, the recovery partition would not contain Windows 10 preinstalled apps.
As a computer starts up, you see an error message about the HAL. At what point in startup does this error occur? When BIOS/UEFI is searching for an OS using devices listed in the boot priority order When Windows attempts to load the user profile When Windows attempts to launch critical device drivers When Windows attempts to launch the Windows kernel
c. When Windows attempts to launch critical device drivers The hardware abstraction layer (HAL) is responsible for interacting with device drivers. The kernel loads and activates the HAL before it launches device drivers.
An error message is displayed during Windows startup about a service that has failed to start, and then the system locks up. You try to boot into Safe Mode, but you get the same error message. What should you try next? Use the command prompt to edit the registry. Boot to Windows RE, and enable boot logging. Perform a repair installation of Windows. Boot to Windows RE, and perform a Startup Repair.
d. Boot to Windows RE, and perform a startup repair. In Safe Mode, only essential Windows drivers and services are launched. These drivers and services can be repaired using Windows RE and startup repair.
What device can be installed on a laptop to prevent shoulder surfing? USB port Smart card reader Fingerprint reader Privacy filter
d. Privacy filter A privacy filter prevents someone from viewing the screen from either side of the screen.
You sign in to your banking website on a new computer and get a request that the bank needs to send you a text code to your cell phone to authenticate the sign in. Why is this method of authentication not secure? Biometric data is not being used. The digital certificate for the bank's website may be outdated. Multifactor authentication does not authenticate the user. SMS text is not encrypted.
d. SMS text is not encrypted. Text to cell phones use SMS protocol and system, which sends data as plain text and is easily intercepted by hackers.
Your computer displays the error message, "A disk read error occurred." You try to boot from the Windows setup DVD, and you get the same error. What is most likely the problem? The Windows setup DVD is scratched or damaged in some way. The hard drive is so damaged the system cannot read from the DVD. Both the optical drive and the hard drive have failed. The boot device order is set to boot from the hard drive before the optical drive.
d. The boot device order is set to boot from the hard drive before the optical drive. When you get the same error about the hard drive problem, you can assume that, even though you inserted the DVD in the optical drive, BIOS/UEFI did not attempt to boot from the DVD.