A+ Chapter 19: Troubleshooting Operating Systems and Security
You are Troubleshooting Mobile OS Issues, specifically Connectivity Issues. You experience No Wireless Connectivity with your mobile phone. What is a common cause of this issue? Another cause of the lack of wireless connectivity is that the device is which mode?
A common cause of a lack of wireless connectivity is that the wireless radio has been turned off - this happens from time to time, such as when an application that controls the Wi-Fi doesn't turn it back on. - on Android or iPhone, the wireless radio icon should be lit up Another cause of the lack of wireless connectivity is that the device is Airplane mode, which disables all wireless connections to and from the phone.
You are Troubleshooting Mobile Security Issues, particularly Common Symptoms How can high network traffic be indicative of a security issue? What should you do?
A higher than normal amount of network traffic, especially spikes in traffic for extended periods of time, can mean that data is being stolen from your device or relayed through your device. You should first have a general idea of the average volume of traffic you would normally expect, so that you can identify when there is a suspiciously large amount of network traffic. Then, you can start closing applications as you watch the volume of traffic - when the volume of traffic subsides, you might have your culprit. - check that application's permissions to see if it's malicious or compromised in any way - clear cache and data, then uninstall and reinstall the application from a good known source.
You are Troubleshooting Common Microsoft Windows OS Problems, particularly with Slow-Loading Profiles. What is a local profile? What is the common cause of this problem? + What can you do to narrow down the problem?
A local profile is a group of settings for a user as well as their personal files. The common cause the slow-loading local profiles is because of items set to start when the profile is loaded. You can use Task Manager to selectively disable startup items to narrow down the performance problem caused by slow-loading local profiles - go to Task Manager -> Startup tab (shown in image)
You are Troubleshooting Security Issues, identifying Browser-Related Symptoms. You are experiencing random or frequent pop‐ups. Describe the difference between pop-up and pop-under How have modern web browsers addressed pop-ups? What is the difference between a pop-up and an overlay? If you continually receive pop-ups/overlays, then you may be infected with malware or a rogue page is minimized serving the pop-ups/overlays. What can you do?
A pop-up is when a user visits a website and another instance (either another tab or another browser window) opens in the foreground. - if it opens in the background, it is called a pop-under Pop-ups and pop-unders are pages or sites that you did not specifically request and that may only being ads or applets that should be avoided. Modern web browsers have addressed pop-ups by (usually) coming with a preinstalled pop-up blocker. - when you visit a website with a pop-up, you will be asked if you want to allow the pop-up to display or not. Threat agents have found other creative ways to avoid pop-up blockers by using JavaScript to serve an overlay over the original web page. - most newer browsers limit the access of JavaScript, however, so you can always just close the web page when experiencing one. If you continually receive pop-ups/overlays, then you may be infected with malware or a rogue page is minimized serving the pop-ups/overlays. A reboot usually clears the problem, but you should also scan your OS with antivirus/antimalware software.
You are Troubleshooting Mobile Security Issues, particularly Common Symptoms How can sluggish performance be indicative of a security issue? What should you do?
Although many things can cause sluggish performance, this symptom can be indicative of a security issue because malware or a virus could be impacting your performance while it performs its tasks. When you observe sluggish performance on your device, you need to investigate the symptom to see if it might be caused by malware. - check RAM and CPU usage and see if a certain application is using a lot of resources. That could mean it is infected with malware. Additionally, run an antivirus/antimalware scan on the device to check it thoroughly
You are working with Common Troubleshooting Solutions that you can implement to solve Common Windows OS Symptoms/Problems. The System File Checker utility will verify the integrity of critical OS files and replace any corrupted files. However, this utility will only replace files if they fail an integrity check. What is an alternate method to ensure that the OS is properly installed? How do you do this?
An alternate method to ensure that the OS is properly installed is to perform a repair installation of Windows. - the repair installation will reinstall all files from the source media regardless of their integrity. - note that the repair installation will leave all applications and user files in place - it will only completely replace system files. To initiate a repair installation of Windows, you will need to first download a copy of Windows. - the easiest way to download Windows is to use the installation media creation tool - you can download the media to a USB flash drive or to an ISO file. If you download the media to a USB flash drive, then all you must do to start the process is launch setup.exe and choose to keep all apps and files. If you download an ISO file, you will need to mount the ISO by double-clicking the file. You can then start setup.exe and follow the prompts, choosing to keep all apps and files. Either option will begin the reinstallation of the OS (shown in image)
What is the first step in malware removal? A. Quarantine the infected system. B. Identify and verify the malware symptoms. C. Remediate the infected system. D. Educate the end user.
B The most important first step is to identify and verify the malware symptoms. You should quarantine the infected system once you have verified it is infected. Remediating the infected system happens after you disable System Restore. Education of the end user is the last step to malware removal.
Which bootrec option can be used in Windows to rebuild the boot configuration file? A. /fixboot B. /rebuildbcd C. /scanos D. /fixmbr
B. The /REBUILDBCD option can be used with the bootrec tool to rebuild the boot configuration data (BCD). The /FIXBOOT option writes a new boot sector to the system partition. The /SCANOS option scans all other partitions that are found to have Windows installations. The /FIXMBR writes a new master boot record (MBR) to the partition.
You are Troubleshooting Common Microsoft Windows OS Problems, particularly Boot Problems. During the boot process, the hardware process begins with ___, and the software portion of the bootstrap begins with ___.
During the boot process, the hardware process begins with POST, and the software portion of the bootstrap begins with Boot Manager (BOOTMGR).
You are Troubleshooting Mobile Security Issues, particularly Common Symptoms How can unexpected application behavior be indicative of a security issue? What should you do?
Unexpected application behavior is not always an indication that you have been infected with malware or have a security symptom (since they happen all the time), however when an application that as been newly installed and from an untrusted source starts behaving oddly, it is reasonable to treat it as a security-related symptom. You should immediately question the source of the application - look at the number of user downloads, read reviews, look up the publisher, etc. The first step to be taken is the scan the device for malware using antimalware software - if the application is flagged as malware, you should perform a factory reset.
You are Troubleshooting Common Microsoft Windows OS Problems, specifically Sluggish Performance. Describe Resource Monitor and how it can help with troubleshooting this issue. + What is a unique feature of Resource Monitor?
Using Resource Monitor, you can get a much more detailed view than what is displayed in Task Manager - you can open Resource Monitor with the shortcut on the lower left of the Performance tab in Task Manager This tool allows you to read real-time performance data on every process on the OS. - you can click each critical area (CPU, RAM, Disk, Network, GPU) to drill down to the performance issue. A unique feature of Resource Monitor is the visualization of data from an isolation of a particular process (shown in image) in image - the edge browser has been selected at the top and the Network tab can be chosen to display network activity and connections. The result is the the isolation of network activity for this one process
You are Troubleshooting Mobile OS Issues, specifically Autorotate Issues. Your mobile phone is not autorotating. The autorotate function allows a phone to switch between portrait mode and landscape mode by sensing how you are holding the device. When confronted with this issue, what is the first thing you should check? What should you suspect if your mobile device still cannot autorotate? If all else fails, what should you do?
When confronted with this issue, the first thing you should check if that you do not have autorotate turned off or locked. If the autorotate function is not turned off or locked, then you should suspect that an application has possibly locked the orientation. - a quick reboot will close out all running applications that could have a lock on the autorotate function. - the reboot will also reset the autorotate service, in cast it has crashed. If all else fails, you should suspect a hardware issue and therefore should take your phone to a servicing company.
You are Troubleshooting Common Microsoft Windows OS Problems, particularly Boot Problems. During the boot process, after BIOS/UEFI firmware executes and locates the Boot Manager, control is handed over to the software. Several files are then used to complete the OS bootup. Describe the following important files: Windows Boot Manager BCD winload.exe winresume.exe ntoskrnl.exe ntbtnlog.txt System Files
Windows Boot Manager - aka BOOTMGR bootstraps the system. In other words, this file starts the loading of an OS on the computer BCD - Boot Configuration Data - holds information about operating systems installed on the computer, such as the location of OS files winload.exe - the program used to boot Windows - it loads the OS kernel (ntoskrnl.exe) winresume.exe - a file called by BOOTMGR if the system is not starting fresh but resuming a previous session ntoskrnl.exe - the Windows OS kernel, the heart of the OS - responsible for allowing applications shared access to the hardware through drivers. ntbtnlog.txt - the Windows boot log - stores a log of boot-time events. It is not enabled by default. System Files - in addition to this list, Windows needs a number of files from its system folders (e.g. SYSTEM, SYSTEM32) in order to boot.
You are Troubleshooting Common Microsoft Windows OS Problems. How do you enter WinRE (Windows Recovery Environment)?
You can enter WinRE by navigating Start -> Settings App -> Update and Security -> Recovery tab -> under "Advanced Startup" click Restart Now If your system fails to boot, you can access WinRE by allowing it to fail twice within 2 minutes. - WinRE will automatically open up
You are Troubleshooting Mobile Security Issues, particularly Security Concerns. A malicious application is any application with malicious intent for the user or the user's device, and they can be found on both Android and Apple mobile platforms. How can you identify a malicious app? What should you do periodically to see if you have any malicious apps installed on your mobile device?
You can identify a malicious app by reviewing its permissions and contrasting it with its function - e.g. if you download a camera application and it asks to record calls and view contacts, you should be instantly suspicious, revoke the permission, and potentially uninstall the software. Periodically, you should review the permissions each application has on your device.
You are Troubleshooting Common Microsoft Windows OS Problems, specifically Sluggish Performance. You have opened Task Manager, went to the Performance tab in attempt to isolate which component (CPU, RAM, Disk, Network, GPU) is the one most impacted by sluggish performance. You see that the CPU is being massively overworked. Now that you've isolated the problem to the critical area of CPU, where can you go to narrow it down further?
You can narrow down the problem further by moving to the Processes tab and sorting the list of processes by CPU Usage. In image - The Processes tab of the Task Manager - you can see that Microsoft Windows Malicious Software Removal Process is using nearly 26% of the CPU In order to gain more information about this program, you can click the Details tab to learn more about each running process - such as the user who executed the process, the process ID (PID), and the name of the process executables
You are Troubleshooting Security Issues. When experiencing security-related issues (altered system/personal files, OS updates fail, your browser redirects you to websites, etc.) what must you absolutely do? Additionally, it cannot be overstated that to help eliminate potential security problems, you should establish what and update what?
You must immediately rectify the security issue or quarantine the system if you experience any security-related symptom. Do not wait. Additionally, it cannot be overstated that to help eliminate potential security problems, you should establish security policies and procedures and update your OS, applications, and network devices.
You are working with Common Troubleshooting Solutions that you can implement to solve Common Windows OS Symptoms/Problems. Applications require a certain amount of RAM, storage space, and CPU speed. Some applications may also require an SSD drive, or a GPU with a specific speed. Knowing this, when searching for a solution for a problem with an application, what should you do first? You decide to upgrade your hardware to better support your applications. What should you do before and after upgrading?
You should first verify the requirements for the application based on the vendor's requirements. - if the requirement is higher than the given hardware, that is probably the cause of the issue and you will need to scale the hardware up by adding resources (such as RAM, CPU, and storage). Before upgrading, you should document the performance and the utilization of resources. - after upgrading, do the same. Then, compare your documentation to ensure that performance has improved as a result of the upgrade.
You are Troubleshooting Mobile OS Issues, specifically Mobile Application Problems. You experience Application Crashes. What should you do?
You should try to find the series of events or steps that triggered the crash, and attempt to reproduce the problem. After doing so, you should generally do the same thing as when you are facing an application not loading. The steps are as follows, moving forward if the step does not solve the issue: 1. Force-quit the application 2. Clear the application cache 3. Clear the application data - try to back up the data beforehand if its important 4. Uninstall the application 5. Reboot the device - this clears any applications that might be stuck in memory that conflicts with the application 6. Reinstall the application If none of the solutions work, then you should check the vendor's site for any similar problems (and solutions), community forums, or contact the application's support team.
You are Troubleshooting Common Microsoft Windows OS Problems, particularly with Low Memory Warnings. When system processes are at risk of not having enough memory free, you will see a warning message. When this happen it means one of two things:
1. You simply don't have enough physical RAM in the computer 2. A process is using a large amount of RAM that it normally doesn't need. The OS is letting you know that it can't swap out any more pages of memory to the page file (virtual memory)
You are Troubleshooting Mobile Security Issues, particularly Common Symptoms How can a fake security warning be indicative of a security issue? What should you do?
A fake security warning on any system is a big red flag because it is virtually always indicative of malware. - when a security warning looks suspicious, look up the warning online to see if it is legitimate. When a fake security warning is discovered, you should factory reset the device and antimalware software should be installed prior to reinstalling applications.
You are Troubleshooting Mobile Security Issues, particularly Common Symptoms How can a high number of ads be indicative of a security issue? What are two ways to diagnose/solve the problem of adware?
A high number of ads is highly indicative of adware. - adware is a type of malware that pops up ads for malicious purposes, such as to entice the user to purchase a fraudulent item or to download other malicious software. Adware is usually the result of installing a malicious application on the mobile device. There are two ways to diagnose/solve the problem of adware: 1. Depending on the number/frequency of the ads, you can start by uninstalling applications until the ads stop popping up - when they do, you will have identified the malicious application 2. Use a factory reset, which is much more effective, but it will not identify the malicious application. Of course, you should always be sure to install antimalware software on the device.
You are Troubleshooting Common Microsoft Windows OS Problems, particularly with Services Not Starting. This problem is directly related to which causes? When faced with this problem, what is the first place to check? What should you look for?
A service's failure to start is directly related either to another application installed with conflicting resources or to a misconfiguration of the service. Either way, the first place to check is the Event Viewer for the System logs (shown in image) - you should look for an Event ID of 7000 from the source of the Service Control Manager - the reason for the failure will vary, depending on the problem.
You are Troubleshooting Mobile OS Issues, specifically Performance Issues. Most performance issues for mobile devices are directly related to what?
Most performance issues for mobile devices are directly related to the applications installed on the device. - an application may use too much processing time, causing poor battery life and performance. - a group of applications can use all available RAM and starve the unit for space.
You are Troubleshooting Common Microsoft Windows OS Problems, particularly with OS Instability. When an application crashes, you should isolate the cause of the crash, then make/execute a plan to resolve it. The cause could be a compatibility issue, a hardware issue, or a host of other problems. What is a step you should take early on when this issue occurs? What are two tools that are extremely helpful in identifying software problems for application crashes?
One step to take early on is to look for updates/patches/fixes to the application released by the vendor. Reliability Monitor is an extremely helpful tool in identifying software problems in applications (shown in left image) - it allows you to see application crashes and the times and dates they occurred. - it also allows you to see which updates were installed before and after the crashes - using this tool narrows down whether other software is causing the issues and what led up to the crashes - in addition, Reliability Monitor captures the overall stability of the OS, which is drawn as a graphical line. This allows you to historically look back and trace when a problem started. The event logs within Event Viewer is also a good tool for Microsoft-based application problems (shown in right image) - all third-party vendors should log errors to the Windows event logs, but generally you will only find Microsoft products using these logs - you can use Event Viewer to possibly find more information about why an application is crashing by looking at the Application log
You are working with Common Troubleshooting Solutions that you can implement to solve Common Windows OS Symptoms/Problems. Know the steps in Manually Creating a Restore Point in Windows
1. Click the Start menu, type Control Panel, and then click the Control Panel app result. 2. Click Recovery. - in Windows 11, you must click System and Security -> Security and Maintenance -> Recovery 3. Click Configure System Restore. The System Properties dialog box will open. 4, Select Local Disk (C:) (System), and then click Configure. 5. Click the Turn On System Protection radio button, and then click OK. 6. Click Create below the Configure button. 7. Type a name for the restore point. 8. When the process is finished, click OK, and then exit out of the Control Panel windows.
You are Troubleshooting Common Microsoft Windows OS Problems. You are experiencing symptoms of an OS problem, so you went to Task Manager and Resource Manager to isolate the problem. After you've isolated the problem to a specific action or process in the OS, what are the following steps to take? In addition, what principle should you always follow?
1. Formulate a theory of probable cause. 2. Test the theory to determine the cause. 3. Establish a plan of action to resolve the problem and implement the solution 4. Verify the full-system functionality and, if applicable, implement preventative measures. 5. Document findings, actions, and outcomes. Remember to always question the obvious and start with the simple things first. - rebooting is your friend
You are engaging in Best Practices for Malware Removal List the 7 Major Steps you need to know for Best Malware Removal Practices
1. Investigate and verify malware symptoms 2. Quarantine infected systems 3. Disable System Restore in Windows 4. Remediate infected systems - Update anti-malware software - Scanning and removal techniques (e.g., safe mode, preinstallation environment) 5. Schedule scans and run updates 6. Enable System Restore and create a restore point in Windows 7. Educate the end user
You are Troubleshooting Common Microsoft Windows OS Problems, particularly Boot Problems. Fully understand the Windows boot process, listed in steps.
1. POST executes, allowing the system to self-check and count out hardware resources. - the startup routine, called POST (power-on self-test), is executed by the commands written to the motherboard of the computer. 2. The MBR (master boot record) loads and finds the boot sector. - once the system has finished its housekeeping, the MBR is located on the first hard drive and loaded into memory - the MBR finds the bootable partition and searches it for the boot sector of that partition. 3. After finding the boot sector, the MBR determines the filesystem and loads Boot Manager (BOOTMGR) - information on the boot sector allows the system to locate the system partition and to find and load into memory the Boot Manager 4. The Boot Manager file reads the BCD (Boot Configuration Data) to get a list of boot options for the next step - the BCD contains multi-boot information or options on how the boot process should continue. 5. Boot Manager then executes winload.exe - this file is used to boot Windows by loading the OS kernel (ntoskrnl.exe) - this switches the system from real mode to protected mode (which offers memory protection, multitasking, etc.). - Protected mode enables the system to address all the available physical memory. 6. If Windows is returning from a hibernated (suspended) state, the winresume.exe file is responsible for resuming the previous session - it then passes control to the kernel 7. The OS kernel loads the executive subsystems - executive subsystems are software components that parse the Registry for configuration information and start needed services and drivers. - the Windows Registry is a database containing configuration information for the OS 8. The HKEY_LOCAL_MACHINE\SYSTEM Registry hive and device drivers are loaded - the drivers that load at this time serve as boot drivers 9. Control is passed to the kernel, which initializes loaded drivers - the kernel loads the Session Manager, which then loads the Windows subsystem and completes the boot process 10. winlogon.exe loads - at this point, you are presented with the login screen - after you enter a username and password, you're taken to the desktop.
You are working with Common Troubleshooting Solutions that you can implement to solve Common Windows OS Symptoms/Problems. When you isolate a hardware problem to a faulty device driver, it is sometimes necessary to roll back the current driver to a prior version. How can you do this?
1. Right‐click the Start menu. 2. Select Device Manager. 3. Select the device. 4. Right‐click and select Properties from the context menu. 5. Select the Driver tab. 6. Click Roll Back Driver. 7. Provide the reason for rolling back the driver. 8. Click Yes (shown in image) When the rollback is complete, you should reboot the computer before testing to see if it fixed the issue.
One of the users you support has a Windows 10/11 laptop that will not boot up. The user just installed brand‐new drivers for a graphics card. They need to access a tax application and their data files. What should you try first? A. Use System Restore. B. Use Reset This PC. C. Reimage the laptop. D. Manually reinstall Windows 10.
A The System Restore option should be used first to restore the operating system to an earlier point before the problem. This will restore the device back to a previous state before the installation of the drivers. System Restore will not affect user data files. Reset This PC will reset the PC back to factory default before the tax application was installed. Reimaging the laptop will erase all programs and data files. Manually reinstalling Windows 10 will erase all programs and data files.
You are Troubleshooting Mobile Security Issues, particularly Security Concerns. Describe bootleg applications + How do bootleg applications pose security concerns?
A bootleg application is a premium application that has been cracked or nullified to remove the digital rights management (DRM) - bootleg applications can be found for a number of premium mobile apps, and are generally in the form of an APK. Bootleg applications pose security concerns because they usually contain malicious software. - you should always verify the source of an application and be cautious with APK installations.
You are Troubleshooting Security Issues, identifying Common Symptoms along with their possible causes. Describe the security-related symptom of a rogue antivirus What is the only way to combat this threat?
A clever way of spreading a virus is to disguise it so that it looks like an antivirus program. When it alerts the user to a fictitious problem, the user will then begin to interact with the program which allows it to do all sorts of damage. - the program can even mimic the Microsoft interface so that it looks like a legitimate Microsoft program. The only way to combat this threat is education. - you should arm yourself with the knowledge of current antivirus programs - you should thoroughly analyze the antivirus/antimalware software you have installed so that you know if an alert looks out-of-the-ordinary - you can also read consumer articles on the latest and greatest antivirus and antimalware applications
You are Troubleshooting Security Issues, identifying Common Symptoms along with their possible causes. You are experiencing unwanted notifications that appear within the operating system. Describe the security-related symptom of OS Notifications What are two ways you can prevent this threat? What type of routine reviews should you engage in to ensure malware has not been installed at some point in the past?
A really popular method of distributing malware is by using browser push notification messages The user will browser to a malicious website and then the user will be coaxed into allowing push notifications for the sit. - once this is allowed, the site can push notifications to the OS and spawn a notification that looks like it's coming from the OS. Use of these false OS notifications is a well-known attack aimed at coaxing the user into installing malware or pushing ads to the user (adware). To prevent this threat, engage in user education. Teach users not to allow anything from any notification when browsing untrusted websites In addition, use antimalware software to prevent this type of threat. You should perform routine reviews of websites that are allowed to send OS notifications, as well as installed applications to ensure that malware has not been installed at some point.
You are working with Common Troubleshooting Solutions that you can implement to solve Common Windows OS Symptoms/Problems. What is a restore point? In Windows, which tool allows you to create restore points to make recovery of the OS easier? How do you access this tool? What are the three ways restore points can be created? When are restore points useful? If you need to use a restore point but Windows won't boot, what must you do?
A restore point is a copy of your OS configuration at a given point in time. In Windows, the System Restore tool allows you to create restore points to make recovery of the OS easier. - open Control Panel, then choose Recovery (shown in image) Restore points can be created in one of three ways: 1. Windows creates them automatically by default. 2. You can manually create them yourself - which is highly recommended before you many any significant changes to the system, such as installing new drivers. 3. During the installation of some programs, a restore point is created before the installation. - that way, if the installation fails, you can "roll back" the system to a preinstallation configuration. Restore points are useful for when Windows doesn't seem to be acting right and you think it was because of a recent system or configuration change. If you need to use a restore point but Windows won't boot, then allow the system to fail the boot twice to open the WinRE (Windows Recovery Environment) - from here, you can perform a full system restore
You are Troubleshooting Mobile OS Issues, specifically Performance Issues. You experience a Frozen (unresponsive) System from your mobile device. Sometimes your system will be fine, but you just have an unresponsive touchscreen. What is a way you can differentiate between a frozen system/lockup and a nonresponsive touchscreen? What should you do?
A way you can differentiate between a frozen system/lockup and a nonresponsive touchscreen is whether the device will soft reset or not. - if you can restart your mobile device (soft reset), then you probably just have an unresponsive touchscreen. - if you cannot restart your mobile device, then you might need to hard reset (also known as a factory reset - you remove all data, applications, and settings) You should try to restart (soft reset) your device. - if that doesn't work. You should plug in the device and let it charge for an hour or so, and then try to restart it again. - the power might be so low that causes a frozen system. If that doesn't work, you might need to hard reset or send your device in your servicing.
Which tool will allow you to troubleshoot a slow‐loading profile? A. Profile tab of the Advanced System Properties B. Regedit C. Windows Recovery Environment D. Windows Preinstallation Environment
A. The Profile tab of the Advanced Systems Properties dialog box allows you to view the total size of a local or remote profile. Regedit and the Windows Recovery Environment will not aid in troubleshooting a slow‐loading profile. Windows Preinstallation Environment is the mini‐Windows version used for installation of Windows.
You are Troubleshooting Mobile OS Issues, specifically Connectivity Issues. You experience AirDrop issues with your Apple mobile phone. Describe what AirDrop is + Which two wireless communication methods does it use? When your Apple device fails to AirDrop, what are things you should check?
AirDrop is an Apple proprietary protocol used to quickly transfer files between iPhones, iPads, and Macs. - it uses a combination of Bluetooth and Wi-Fi to transfer files - Bluetooth is used to broadcast, discover, and negotiate communications between the two devices - Wi-Fi is used as the point-to-point communication method for the two devices to transfer the file. When your Apple device fails to AirDrop, the first thing you should check is that Airplane mode is not on, as this impedes communications. - additionally, you should check that both devices do not have personal hotspot enabled, as this will impeded communications as well - ensure that both devices' Bluetooth and Wi-Fi are working properly. The next thing to check is that the other device is within range of your device. After checking the connectivity between the devices and ensuring that Bluetooth and Wi-Fi ar working correctly, the next thing you should check is security settings. - check your AirDrop security settings, as they might be preventing you from transferring files for security reasons.
You are Troubleshooting Mobile Security Issues, particularly Common Symptoms How can limited internet connectivity be indicative of a security issue? What should you do?
Although many things can cause limited internet connectivity, this symptom could be indicative of a security issue because malicious applications might be interfering with your network connections as they perform their tasks. - malicious apps can often monopolize your connection or proxy the connection in an effort to sniff usernames and passwords, which causes intermittent connectivity. If you know nothing has changed in the wireless environment, your firmware is the same, you have rebooted, and in general rules out other problems, then you can suspect it is a security issue. Check your network bandwidth to see if it is high and if there is a specific application causing it. The ideal way to combat this issue is with a mobile device firewall and antimalware software.
You are Troubleshooting Mobile Security Issues, particularly Common Symptoms How can no internet connectivity be indicative of a security issue? What should you do?
Although many things can cause the absences of internet connectivity, this symptom could be indicative of a security issue because malicious applications might be interfering with your network connections as they perform their tasks - malicious software can cause a DNS server to cease function, which prevents Internet connectivity for your mobile device. If all the usual causes have been reviewed, then you should suspect that this is a security-related symptom. If you suspect malware, you should utilize a good mobile device firewall and antimalware software. In addition, you can also try factory resetting the device to confirm whether or not malware (or other software) was causing the lack of internet connection - if you factory reset, and the problem is gone, then it was probably software (maybe even malware) - if you factory reset, but the problem persists, then you know it's not software/malware but rather the actual hardware of the phone, and therefore should be replaced.
You are Troubleshooting Mobile Security Issues, particularly Security Concerns. Describe Android Packages (APKs) + What is side-loading? + How can APKs pose a security risk?
An Android Package (APK) is a developer file format for installation of Android applications. - when developing an Android application, the developer will side-load (installing software on a device without using the approved app store or software distribution channel) the application, usually using Android tools that will allow the developer to install the APK directly onto the device. - this is typically done to test applications and how they work with different Android devices - when the developer wants to release the final version of their application, they will upload the APK to the Google Play store, where it will be tested and, if it is trusted, will be approved for publishing. APKs can pose a security risk when they are installed onto your mobile device from an untrusted source. - if an APK is offered for installation outside of the Google Play store, then it has not been tested and trusted for malicious software
You are Troubleshooting Mobile Security Issues, particularly Common Symptoms How can you protect your device from leaked personal files/data?
Antivirus and antimalware software should be installed on the device. In addition, a mobile firewall should be installed. Use common sense and do your best at questioning and verifying untrusted applications. For organizations, you should use MDM (mobile device management) software included in every mobile device used for the company. - this software can require mobile devices to have passcodes, the installation of antivirus/antimalware software, mobile firewalls, current updates, etc. Lastly, there should be a firm policy that details the encryption of data in use, at rest, and in transit. - a written policy should also be drafted with procedures on how to deal with data leaks when they occur.
You are Troubleshooting Mobile Security Issues, particularly Security Concerns. Describe application spoofing + How can application spoofing pose a security concern? + How can you prevent application spoofing?
Application spoofing is the act of a malicious application spoofing (disguising itself) as a legitimate application. - it is much more prevalent in the mobile application marketplace and can be found on both Apple and Google mobile platforms. Application spoofing poses security concerns because there is the strong possibility of installing malicious software on your device. You can prevent application spoofing by always verifying the name of the publisher, the icon for the application, and the number of installation made by other users. - e.g. if you are downloading a social media platform, but it has an absurdly low amount of user downloads, you should be suspicious. Be sure to also read the reviews for the application.
Which Startup Setting option allows you to boot with basic drivers? A. Enable Debugging B. Enable Safe Boot C. Disable Driver Signature Enforcement D. Enable Low‐Resolution Video
B Enable Safe Boot with the msconfig utility allows you to boot with basic drivers and minimal startup of nonessential services. Enable Debugging is used by kernel developers. Disable Driver Signature Enforcement is used to allow an unsigned driver to load during boot. Enable Low‐Resolution Video will boot the operating system into a VGA mode.
You are Troubleshooting Common Microsoft Windows OS Problems, particularly Boot Problems. What can you use to collect information on the software portion of the boot process? Why would you do so? + Which part of the boot process would logging begin?
Boot logging The ntbtlog.txt file is located at the base of the C:\Windows folder (shown in image) Boot logging is turned off by default and needs to be turned on. To enable boot logging, issue the following command: bcdedit /set {current} bootlog Yes - or you can use the System Configuration utility (mconfig.exe) and selecting the Boot log option in the Boot tab - alternatively, if your computer has trouble booting, you won't be able to access the command prompt or msconfig. You should let the system fail to boot twice, then it will offer you troubleshooting settings where you can open the Startup Settings where you can enable boot logging. You would turn on boot logging to collect information to identify the problem. Because the BCD is read by BOOTMGR, this point of the boot process is where logging would begin and the first entries would be the loading of the kernel?
In Windows, which utility is responsible for finding, downloading, and installing Windows patches? A. Device Manager B. Microsoft Management Console C. Download Manager D. Windows Update
D Windows Update is responsible for downloading and installing Windows service packs, patches, and security updates. Device Manager is used to view devices installed on the operating system. The Microsoft Management Console is a console that allows snap‐ins to be added for management. Download Manager is a component of Internet Explorer.
Which of the following components are only used to restore Windows from a suspended state? A. BCD B. ntoskrnl.exe C. winload.exe D. winresume.exe
D winresume.exe is used to load Windows from a suspended state. The Boot Configuration Data (BCD) is used to direct Windows to boot the proper installation. ntoskrnl.exe is the Windows kernel. winload.exe is used for the normal booting of the Windows operating system.
You are Troubleshooting Mobile Security Issues, particularly Common Symptoms How can data-usage limit notifications be indicative of a security issue? What should you do?
Data usage coincides with a high volume of traffic, which might be caused by a malicious application running on the device. - e.g. a malicious application continually spying on your activities or robbing you of precious data in your data plan, pushing you over your contracted limits. Excessive malicious use of data on a mobile device can be mitigated with two methods: 1. Have a good idea of your data usage month to month, that way you will identify a normal baseline of usage, which allows you to be alert when data usage is abnormal. 2. Use a mobile firewall, which can limit the traffic leaving the mobile device.
You are working with Common Troubleshooting Solutions that you can implement to solve Common Windows OS Symptoms/Problems. You see that a roaming user profile has been left on the Windows OS. Know the steps in deleting this roaming user profile. Say that you do not want to delete the profile, but rather reset it, so that the next roaming person can use it. Know how to reset a network-based roaming profile.
Deleting the roaming user profile is the same as deleting any other user profile: 1. Start -> Settings app -> System -> About 2. Click Advanced System Settings on the right 3. Select the Advanced tab. 4. Select Settings under User Profiles 5. Select the profile you want to reset. 6. Click Delete, and answer Yes to confirm the deletion. To reset the roaming profile: 1. Ensure the user is logged out completely. 2. Delete all local copies of the user's profile left on any machine. 3. Navigate to the network location containing the user's profile and rename the folder. 4. Log the user into the machine on which you have deleted the locally cached copy. 5. Copy any useful items back to the user's profile. 6. Log the user out to ensure the roaming profile is saved back.
You are Troubleshooting Security Issues, identifying Common Symptoms along with their possible causes. You are experiencing desktop alerts that mysteriously appear. Describe the security-related symptom of desktop alerts
Desktop alerts is a notification or dialog box that is crafted to look like it was generated by the OS. - this is a crafty way of social engineering the user into believing the alert is legitimate. Usually, the malware is crafted to generate a pop-up box that states there is a security error detected and that you should call Microsoft or Windows Support right away (shown in left image) - when you call the number, you are calling scammers who will try to sell you software that you don't need. Additionally, the fake dialog boxes can also coax you into downloading and installing malware (shown in right image)
You are Troubleshooting Security Issues, identifying Common Symptoms along with their possible causes. You are noticing that operating systems updates fail. Failed updates for Windows can be caused by: + What is the best solution for OS Update Failures?
Failed updates for Windows can be caused by network connectivity issues or misconfigured settings. The best solution is to find the error code being reported in Windows Update Troubleshooter, solve the problem, then download the update. To access this troubleshooting utility, navigate Start -> Settings app -> Update and Security -> Troubleshoot -> Additional Troubleshooters -> Windows Update (shown in image)
You are Troubleshooting Common Microsoft Windows OS Problems, particularly Boot Problems. True or False: It is highly likely that you have a failure to boot because of a BIOS/UEFI firmware issue.
False It is highly unlikely that you have a failure to boot because of a BIOS/UEFI firmware issue.
You are Troubleshooting Mobile Security Issues, particularly Common Symptoms How can high resource utilization be indicative of a security issue? What should you do?
High resource utilization can be a telltale sign that malicious software might be running on your device - e.g. your phone's drives are being constantly searched - e.g. the camera is recording your every move You should monitor for high resource usage. If you discover it, attempt to find out the cause, then respond accordingly.
You are Troubleshooting Common Microsoft Windows OS Problems, particularly with Services Not Starting. You know that this problem is directly related with either another application installed with conflicting resources or to a misconfiguration of the service. You checked Event Viewer and determined that the service fails to start because of a conflict of resources. What should you do? You check Event Viewer and determined that the service fails to start because of a misconfiguration, due to seeing an Event ID of 7000 and reading that the service failed due to a login failure. What should you do?
If you determine that a service is conflicting with another resource, you should reinstall the software that installed the service that is failing If you determine that the service fails to start because of a misconfiguration, the most likely cause is the user account the service is configured to start with. - if this is the problem, you will see an Event ID of 7000 in Event Viewer, and the description will read that the service failed due to a login failure You can verify that the user configured to start the service by right-clicking the Start menu, selecting Computer Management, then click Services, right-click the Service and select Properties to open up Service properties, and finally selecting the Log On tab (shown in image) - make sure that the password for the user account has not changed and that the user account is not locked out - you can manually reset the password for the user and reenter the password - also make sure that the account has the Log On As A Service right.
You are Troubleshooting Common Microsoft Windows OS Problems, particularly with Frequent Shutdowns. You know that the problem to frequent shutdowns is usually faulty hardware or faulty drivers. However it can even be something as simple as OS shutting itself down due to something like misconfigured power settings. You check Event Viewer and determine that the problem is indeed a hardware issue. What is the first step to resolving the problem? What if the problem persists? You check Event Viewer and determine that the OS is shutting itself down. What should you check?
If you determine that the problem is indeed a hardware issue, the first step is updating drivers. - you should remove any autodetected drivers and reinstall the vendor's driver for the specific hardware. - if the problem persists, then try swapping known good hardware to help narrow down the issue. If you determine that the OS is shutting itself down, you should check the power settings - you can access power settings by navigating Start -> Settings app -> System -> Power and Sleep - browse the power settings as well the advanced power settings. You will need to selectively tweak some of the settings and test your adjustments to determine the fix.
You are Troubleshooting Common Microsoft Windows OS Problems, particularly with Low Memory Warnings. Describe what paging is What determines the maximum possible size of your page file? What is the name of the page file in Windows? Where is it located?
If you run out of RAM, then processes that are backgrounded (minimized) will be loaded into the page file (or paging file, also known as virtual memory), on the hard drive. - this is called paging, and it is completely normal to have a certain amount of paging happen during normal activity. The page file is actually hard drive space into which idle pieces of programs are placed while other active parts of programs are kept in or swapped into main memory - the programs running in Windows still believe that their information is in RAM, but Windows has moved the data into the drive. - when the application needs the information again, it is swapped back into RAM so that the processor can use it. The maximum possible size of your page file depends on the amount of disk space that you have available on the drive where the page file is placed. - Windows configures the minimum and maximum page file size automatically. The name of the page file in Windows is called pagefile.sys - it is located in the root directory of the drive on which you installed the OS files - it is a hidden file, therefore you must have your File Explorer options configured to show hidden files.
You are working with Common Troubleshooting Solutions that you can implement to solve Common Windows OS Symptoms/Problems. In certain situations, a problem may require you to reinstall software. - however, depending on the software, it might be better to just reimage the OS with the software preinstalled rather than taking more time to uninstall and reinstall the software Reimaging the computer will depend on whether you use OS images or load each computer by hand. If your organization does not use a standardized image for its computers, how can you reinstall the OS? If your computers have a preinstalled image, what can you use to reinstall the OS?
If your organization does not use a standardized image for its computers, you can reinstall the OS by using WinRE (Windows Recovery Environment) and selecting the Reset This PC option To open WinRE: - Start -> Settings app -> Update and Security -> Recovery tab -> Under "Advanced Startup" select Restart Now. - to boot into WinRE, depending on the vendor you have to press a key such as F12 while it is booting to open WinRE If your computers have a preinstalled image, you can use the use the System Image Recovery option to reload the OS. - you can select this option by holding down the Shift key as you reboot the OS, then choosing Advanced Options after the reboot, then selecting System Image Recovery You can also reset the computer by going to Start -> Settings app -> Update and Security -> Recovery -> under Reset This PC, click Get Started.
You are working with Common Troubleshooting Solutions that you can implement to solve Common Windows OS Symptoms/Problems. Occasionally, applying a Microsoft update will fix a problem - that is what updates do - they fix problems. Once you've identified that applying an update is the solution, you need to download, distribute, and install the update - luckily, by default Windows 10/11 automatically installs updates In large-scale networks, the organization may employ what for management of updates and patches? In SOHO environments, the update may be a one-time installation for a specific application. In this case, the update just needs to be downloaded and installed (per the vendor's instructions). However, before updating, what should you do? Very rarely you will find that a Microsoft or third-party update has created an OS problem. When this happens, it's pretty easy to fix it by uninstalling the updates. How do you do this?
In large-scale networks, the organization may employ a corporate patch-management solution - Microsoft offers a free patch-management solution called Windows Server Update Services (WSUS) and a licensed solution called Microsoft Endpoint Configuration Manager (MECM) If an update is required an your organization uses one of these products, the patch must be approved, downloaded, then deployed to computers. Before updating, always make sure you have a plan to roll back from a bad update. Turning System Protection on before the update is a good idea - Control Panel -> Recovery -> Configure System Restore -> select the drive you want to protect -> Configure -> Turn on System Protection If an update fails, you should use System Restore to restore the OS to a prior point in time - Control Panel -> Recovery -> Open System Restore Very rarely you will find that a Microsoft or third-party update has created an OS problem. When this happens, it's pretty easy to fix it by uninstalling the updates - Start -> Settings app -> Update and Security -> View Update History -> Uninstall Updates. Then, select the update and choose Uninstall (shown in image)
You are Troubleshooting Security Issues, identifying Common Symptoms along with their possible causes. When experiencing network connectivity issues - such as being unable to log into the network or access any network service - the problem can, in most cases, be attributed to what? How can you fix it? In some situations, however, network connectivity can be related to security threats. How can network connectivity issues be attributable to a security threat?
In most cases, the problem can be attributed to either a malfunctioning NIC (network interface card) or improperly installed network software. To fix this problem, you must first fix the underlying hardware problem (if one exists) and then properly install or configure the network software On the other hand, network connectivity issues can be attributable to a security threat due to a malicious program that has crashed or that is not operating as the creator of the malicious program intends - the malware acts as a proxy for the network traffic - this type of malware is usually intent on stealing credentials or banking information, but it might also be used to inject ads. In other cases, malware can change your network settings, such as your DNS servers - this type of malware is causes browser redirection by controlling what you resolve through its DNS.
You are working with Common Troubleshooting Solutions that you can implement to solve Common Windows OS Symptoms/Problems. What is a main reason why rebooting often takes care of software problems?
It allows the OS to terminate hung processes gracefully, and clears the system memory for any corrupted files that may be causing issues for applications. Rebooting is also important in isolating the problem. If you reboot and the problem still persists, at least you know it wasn't due to programs running in the background that was causing the problem.
You are Troubleshooting Common Microsoft Windows OS Problems, particularly with USB Controller Resource Warnings. Describe the USB controller What are common causes of this error? What is the easiest way to fix this issue?
It is a hardware component of the motherboard that supplies both power and a data path for the USB devices connected. Common causes of this error: It is possible to plug in too many devices and overload the power the port can handle. - USB 2.0 can handle five concurrent loads for 100 mA each (500 mA total) - USB 3.0 can handle six concurrent loads of 150 mA each (900 mA total) - if a device connected draws more than its allotted power, it will malfunction or irradicably disconnect The USB controller is also responsible for allotting the number of endpoints for the purpose of accepting data - if you plug in too many devices, you can request more ports than are allotted for the USB controller and you will get this error The easiest way to fix this issue is to move some USB devices around on the USB ports - you should move any devices that don't need USB 3.0 to USB 2.0, such as keyboards and mice - ensure that devices that requires speed support are connected to USB 3.0 Other solutions include upgrading the USB controller driver to the latest version, or simply upgrading the hardware to a newer chipset.
You are working with Common Troubleshooting Solutions that you can implement to solve Common Windows OS Symptoms/Problems. When a problem has been determined to a be profile-related issue, what is necessary to do? How do you do this?
It is necessary to reset that Windows profile. Before performing this action, ensure that the user's data is backed up. To back up a local profile, log into an admin account (other than the one you are backing up), and then copy the profile under C:\Users to a new location. - Do not move the profile! You can then reset a local profile on the Advanced tab of System Properties (shown in image). You can access the User Profiles dialog box by following these steps: 1. Start -> Settings app -> System -> About 2. Click Advanced System Settings on the right 3. Select the Advanced tab. 4. Select Settings under User Profiles 5. Select the profile you want to reset. 6. Click Delete, and answer Yes to confirm the deletion. 7. Log in as the user. Windows will create a new profile. The user's files can then be manually copied over. The Profile dialog box also allows you to view the overall size of a user's local or remote profile, so it also helps in the troubleshooting process.
You are working with Common Troubleshooting Solutions that you can implement to solve Common Windows OS Symptoms/Problems. If an application is crashing and acting erratically, it may be due to two common reasons: What should you do?
It may be due to another application that has overwritten critical files used by the application, or the files may have been corrupted. Either way, you should use the Windows OS to to repair the application - it will validate that it is installed properly and the process will replace any missing critical files for the application - data files and configuration files will not be touched, only critical files will be checked and repaired. You can use the Windows OS to repair the application by right-clicking the Start menu, selecting Apps and Features, then under "Related Settings" click Programs and Settings. After that, right-click the application and choose Repair (shown in image) If the repair does not fix the application, then you should perform a complete uninstall and reinstallation of the application. - the uninstaller should remove configuration files that could be causing the issue If the problem still persists after the reinstallation, it could be caused by a bug. - try to update the application to get the latest fixes
You are Troubleshooting Common Microsoft Windows OS Problems, particularly with the BSOD (Blue Screen of Death). The BSOD is the blue-screen error condition that occurs when Windows fails to boot properly or quits unexpectedly. If the BSOD happens during a boot, at which stage of the boot process does it occur? If you Windows GUI fails to start properly, more likely than not the problem is related to which causes? What are some things you can do to try to fix this problem?
It occurs at the stage where the device drivers for the various pieces of hardware are installed/loaded. If you Windows GUI fails to start properly, more likely than not the problem is related to a misconfigured driver or misconfigured hardware. If you believe that a driver is causing the problem: Try booting Windows into safe mode, which you can access via the Startup Settings in the WinRE (Windows Recovery Environment). - in safe mode, Windows loads only basic drivers, such as a standard VGA video driver and the keyboard/mouse. - after you've booted into safe mode, you can uninstall the driver that you think is causing the problem. Another option is to boot into the WinRE and use System Restore - this will revert the system drivers back to the state they were in when the restore point was created - System Restore will not affect personal files, but it will remove applications, updates, and drivers.
You are Troubleshooting Common Microsoft Windows OS Problems, particularly Boot Problems. Sometimes you need to let Windows repair itself. The WinRE (Windows Recovery Environment) contains a Startup Repair option. What does this do? If the Startup Repair option fails, what might be the ultimate solution?
It will rebuild the BCD (Boot Configuration Data) in attempt to fix boot process issues. If the Startup Repair option fails, the ultimate solution might be to use the Reset This PC option in WinRE (which reinstalls the OS), or you need to install the OS completely from scratch.
You are Troubleshooting Common Microsoft Windows OS Problems, particularly Boot Problems. Describe the general processes of BIOS and UEFI
Legacy BIOS and UEFI are firmware used to start the boot process for a computer. BIOS - Basic Input/Output System - legacy BIOS systems perform a POST (power-on self-test) - then the BIOS bootstrap routine looks at the MBR (master boot record) at the beginning of the disk. - the MBR then reads the boot sector on the first primary partition found - this boot sector then instructs the Boot Manager to load, which hands control over to the OS so it can boot UEFI - Unified Extensible Firmware Interface - UEFI firmware will perform similar to a POST - then the UEFI bootstrap begins by loading drivers for the hardware - one of the differences is that UEFI can contain drivers that allow it to boot across a network or other nonstandard devices - just like the legacy BIOS, the UEFI firmware looks at the MBR in the GPT (GUID Partition Table). - the GPT defines a GUID (globally unique identifier) that points to a partition containing the Boot Manager - therefore, UEFI firmware requires a partitioning scheme of GPT and cannot use the standard MBR partitioning scheme The initial boot sequence from hardware control to software control is almost identical in both BIOS and UEFI firmware. - UEFI firmware does give you many more options, however, because UEFI drivers can be loaded before control is handed over to the software (which allows UEFI to treat all locations containing an OS the same)
You are Troubleshooting Security Issues, identifying Common Symptoms along with their possible causes. You discover altered system or personal files, or that files are missing or renamed. Describe the security-related symptom of Renamed System Files/Disappearing Files/Permission Changes/Access Denied. + What is a root kit? + What happens to system files when an OS is infected with ransomware? + What did Microsoft do to greatly reduce the number of attempts to use elevated privileges and made it more difficult to change system files? + What is a user tool that can be used to manually heal missing or modified system files?
One of the simplest ways actors use malware to wreak havoc on a system is by deleting key system files and replacing them with malicious copies - when this occurs, the user can no longer perform the operation associated with the file (such as printing, saving, etc.) A root kit is malware embedded on an OS and gains privilege-level access. Additionally, the malware can rename the files or change the permissions associated with them - this could prevent the user from accessing the files or even copying them off to an uninfected system. When an OS is infected with ransomware, the system files will be encrypted (until a ransom is paid) - the modus operandi for most ransomware is to rename the files with a unique extension as the malware encrypts the files. Microsoft enabled UAC (User Account Control) by default to greatly reduce the number of attempts to use elevated privileges and made it more difficult to change system files. - in addition, Microsoft also removed the Modify NTFS permission from system files for the Administrator account - only the Trusted Installer (Windows Update) has access to modify these files; even the System (operating system) permissions are only Read and Execute The SFC (System File Checker) is a user tool that can be used to manually heal missing or modified system files.
You are Troubleshooting Security Issues, identifying Browser-Related Symptoms. Your browser is redirected to websites. What is Pharming? + How is pharming done on a small scale? What is DNS poisoning? What is affiliate redirection? What are the best practices to protect against browser redirection?
Pharming is a form of redirection in which traffic intended for one host is sent to another. This can be done on a small scale by changing entries in the hosts file - the hosts file is an operating system file that maps hostnames to IP addresses It can also be done on a large scale by changing entries in a DNS server, also known as DNS poisoning In either case, when a user attempts to go to a site, they are redirected to another site. - this allows threat agents to recreate a visual of the site, where unsuspecting users can enter their sensitive information thinking they are inputting the information in a trusted website. Affiliate redirection is a subtle form of browser redirection in which malware redirects your browser to your intended site, but with an affiliate link attached - an affiliate link is a specific URL that contains the affiliate's ID or username - the reason for this is that, when you purchase a product thinking you are purchasing it for yourself, the transaction will be made with the affiliate's information. You will be using your own money to purchase something that another person will take credit for. The best practices to protect against browser redirection is education, maintaining OS and browser updates, and ensuring your antivirus/antimalware is up-to-date
You are Troubleshooting Mobile OS Issues, specifically Performance Issues. You experience Random Reboots/Restarts from your mobile device. Describe each common culprit of random reboots, as well as what you should do for each of them: Battery Health OS Updates Storage Running Applications Auto Restart What is the last ditch effort to solving this problem?
Random reboots/restarts can be a symptom of a hardware or OS issue. A helpful question to ask is: "What changes did you make before random reboots/restarts occurred? Common culprits of random reboots: Battery Health - the most obvious culprit is the battery - check the make sure your phone has a good charge and the battery is not swollen - if your phone allows battery replacement, you should clean the contacts and replace the battery (although, most phones today have batteries that are not user-replaceable. You must take it into a shop or replace the phone) Update - the OS should be on the current revision of software - if it isn't, you should update to the latest OS version. Stability issues are often addressed in updates for the OS Storage - check the storage on the device and make sure that it is not over 90%. - if it is over 90%, you should clear up some space and monitor the device (clear application data, clear application cache, uninstall unused applications) Running Applications - check the applications running on the OS. - this should be checked 10 minutes after a reboot so that you can see the applications that are set to automatically start on boot - you should disable or uninstall any application that is rarely used and automatically starts on boot Auto Restart - some phones, such as some Android phones, have an Auto Restart feature that should be turned off by default - however, this feature could have been turned on by accident and might be causing random reboots. The last ditch effort to solving this problem is to perform a Factory (Hard) Reset - if a factory reset works, you will be able to rule out the OS from being the culprit. - after performing a factory reset, you should be selective in the applications you install, and monitor applications after every installation - if factory resetting does not work, then there is a fundamental problem to the OS and therefore the mobile device should probably be replaced.
You are Troubleshooting Mobile OS Issues, specifically the OS Fails to Update. A number of reasons could be causing the OS to fail to update for a mobile device. However, common troubleshooting steps are no different than those for any other application on the mobile device. Describe each consideration for this issue: Reboot Compatibility Storage Connectivity
Reboot - a reboot of the mobile device is always recommended, since a process could be preventing the update from installing - a reboot of the OS also allows for memory to be freed up since insufficient memory could be preventing the update. Compatibility - you should check to make sure that the OS update is compatible with the mobile device hardware - it is common to find that a hardware device is only supported for 5-7 years, at which time it is no longer compatible with future OS upgrades. Storage - make sure that there is enough storage space on the mobile device to accommodate the update Connectivity - be sure that you are currently connected to the Internet by Wi-Fi - many OSs will not download the update over a metered connection, such as cellular - a bad Internet connection can also prevent an OS update from completing
You are Troubleshooting Security Issues, identifying Browser-Related Symptoms. You are receiving certificate warnings. Of the several problems that plague digital certificates, which are two common causes? When experiencing certificate warnings, what should you do? Are self-signed certificates always bad?
Remember that a digital certificate that authenticates a website's identity and enables an encrypted connection. Two common causes of digital certificate problems are: 1. Improper setting of time and date/Expired certificates - the time on the host should always be checked along with the expiration of the SSL certificate - if the certificate is expired, this will cause problems. 2. An untrusted SSL certificate is encountered - when an untrusted SSL certificate is encountered, the web browser will alert you that the SSL certificate is not valid (shown in left image) - remember that every web browser comes with a list of trusted certificate publishers - if a certificate is issues to a website or is not trusted, a warning box will come up preventing you from visiting the site (you can still choose to visit the site anyway, however) When experiencing certificate warnings, you should always investigate further, since information entered in the site could be intercepted if the site was hacked. The first step is checking the hostname in the URL. - all certificates must match the hostname in the URL that they are issued for - if you entered the correct hostname and still get a certificate, you should inspect the certificate - every web browser will let you view the certificate (in right image, you can see that the certificate has been self-signed i.e. the "Issued To" and "Issued By" fields are the same - it should be signed by a certificate authority) Self-signed certificates can be indicative of a malicious website, however they are not all bad - for example, it is usually normal for websites in development to have a self-signed certificate. In addition, network management equipment that allows configuration through a web page will also often use a self-signed certificate. - if this is the case, you can import the certificate into your trusted publisher certificate store so that it can be trusted in the future.
You are Troubleshooting Mobile Security Issues, particularly Security Concerns. Describe Root Access/Jailbreak + How can root access/jailbreak be a security concern?
Root access/Jailbreak are synonymous, though root access is usually associated with Android and jailbreak is usually associated with Apple iOS. In either case, these procedures allow you to attain root access within the mobile device's OS. This access allows you to change various aspects of the OS that you normally cannot do, such as: - adding more functionality to camera app - hiding apps - installing newer features on old devices - even the ability to change the entire OS on the device by flashing new firmware. For Android, root access can be a security concern because you might change OS settings that could compromise the security of the device. - in addition, when you root an Android phone and flash a new firmware to install another OS, you no longer have the patch management from the parent vendor for the phone. This means you will no longer receive Samsung security policies and updates. For Apple iOS, jailbreaking can be a security concern because, like obtaining root access on Android, the modification of the OS could compromise the security of the device - In addition, when downloading untrusted applications that require a jailbroken iPhone, malicious software can easily be installed and, with its new level of access, even hide itself. - in addition, just like with Android, security updates from Apple will not longer be applied to your phone.
You are working with Common Troubleshooting Solutions that you can implement to solve Common Windows OS Symptoms/Problems. When should you restart services? How can you restart a service? How can you configure a service to automatically start in the event of failure?
Services don't normally need to be restarted. However, you should restart a service if you've made changes to that service to ensure the changes will be implemented. Services should also be restarted if they crash unexpectedly. You can restart the service in the Computer Management MMC (right-click Start -> Computer Management) by selecting Services, then right-click your service and choose Start (shown in image) You can configure a service to automatically start in the event of failure on the Recovery tab of the Services Properties (right-click the Service, then click Properties, then move to Recovery tab)
You are Troubleshooting Mobile OS Issues, specifically Performance Issues. You experience Slow Performance for your mobile device. Slow performance is almost always related to what? + When it comes to applications within Mobile OSs vs. Desktop/Laptop OSs, what is the main difference? What should you do?
Slow performance is almost always related to RAM usage. When it comes to applications Mobile OSs vs. Desktop/Laptop OSs, the main difference is that the default action for an application in a mobile OS is not to close it, but to put it into the background. - this causes RAM to fill up quickly and the OS is trying to balance storage for competing applications, causing slow performance Most mobile devices allow you to see the RAM usage at a glance and over a longer period of time - On Android, go to Settings -> Battery and Device Care -> Memory You should view the memory usage for the device, along with each application's usage of memory. - mobile devices will allow you to clear up memory from the settings. - if all else fails, reboot the device.
You are Troubleshooting Security Issues, identifying Common Symptoms along with their possible causes. You are receiving receive false alerts regarding antivirus protection. Describe the security-related symptom of false alerts and hoaxes When you receive a virus warning, how can you verify its authenticity?
Some hackers find it entertaining the issue false security alerts to keep people on their toes. In addition, they may spread virus hoaxes that scare users - e.g. the Irina virus hoax that was sent to millions of users' emails that described a terrible virus that never existed. When you receive a virus warning, you verify whether its authentic or a hoax by looking for the virus on the website of the antivirus software you use, or use a public trusted system. - a helpful website is www.cert.org that monitors and tracks viruses and provides regular reports on them. - CISA, a government agency, has a website where you can confirm legitimate viruses, as well.
You are engaging in Best Practices for Malware Removal State and Describe Step 1 of the Best Practices for Malware Removal
Step 1: Identify and Verify Malware Symptoms You first need to identify the problem - use antivirus/antimalware tools first to identify the problem. If those fail, other third-party tools must be used. - use Resource Monitor to isolate performance problems. Look for highly active processes - use netstat -nab command to view all processes on the OS and their network connections Try to identify the type of malware (spyware, virus, etc.) - you need to know what you're dealing with before you act against it
You are engaging in Best Practices for Malware Removal State and Describe Step 2 of the Best Practices for Malware Removal + What type of malware is the biggest threat in terms of network spread?
Step 2. Quarantine Infected Systems Once you have confirmed that a virus or malware is at hand, then quarantine the infected system to prevent it from spreading the virus or malware to other systems - place the infected system in an isolated network to study it further without repercussions to the other networks Viruses/Malware can spread through many ways - network connection, email, etc. In terms of spreading through a network, ransomware is the biggest threat, since it will spread rapidly and encrypt files in its path.
You are engaging in Best Practices for Malware Removal State and Describe Step 3 of the Best Practices for Malware Removal + Know how to disable System Protection
Step 3. Disable System Restore in Windows You do not want to have the infected system create a restore point - or return to one - where the infection exists. System Protection in Windows 10/11 is turned off by default. Follow the steps to disable System Protection: 1. Click the Start menu 2. Type Recovery and select it from the results - alternatively, go to Control Panel -> Recovery 3. Click Configure System Restore 4. Select the system drive and click Configure 5. Choose Disabled System Protection (shown in image) 6. Click Delete next to "Delete all restore points for this drive" 7. Continue and confirm your changes.
You are engaging in Best Practices for Malware Removal State and Describe Step 4 of the Best Practices for Malware Removal + Know how to update Microsoft Defender + Know how to perform an offline scan with Microsoft Defender
Step 4. Remediate Infected Systems - Update anti-malware software - Scanning and removal techniques (e.g., safe mode, preinstallation environment) This step is heavily dependent on the type of virus/malware you are dealing with. - nevertheless, the steps taken should include updating antivirus and antimalware software with the latest definitions and using appropriate scan and removal techniques You can update Microsoft Defender by: Start -> Settings app -> Update and Security -> Windows Security -> click the Open Windows Security button to open Windows Security In Windows Security, go to the Virus and Threat Protection tab -> click Check for Updates under "Virus and Threat Protection Updates" -> then finally click the Check for Updates button under "Security Intelligence" (shown in left image) Microsoft Defender Security can also perform an offline scan. To do this: Go to Windows Security (follow steps above), go to Virus and Threat Protection tab -> click Scan Options under "Current Threats" -> select Microsoft Defender Offline Scan (shown in right image) Depending on the type of virus or malware, you may need to boot into safe mode or the WinRE (Windows Recovery Environment) - you might have to reinstall the OS
You are engaging in Best Practices for Malware Removal State and Describe Step 5 of the Best Practices for Malware Removal + Know how to schedule a scan using Task Scheduler
Step 5. Schedule Scans and Run Updates To reduce the chances of your system being infected again, schedule scans and updates to run regularly. - most antimalware programs can be configured to run automatically at specific intervals - you can run scheduled scans through Task Scheduler Microsoft Defender Security is scheduled to automatically scan the OS during idle times. However, if you want to schedule a scan, you can use Task Scheduler: 1. Click Start menu 2. Type Task Scheduler and select it from the results 3. Click on Task Scheduler Library to open it 4. Select Microsoft, then Windows 5. Select Windows Defender, and double-click Windows Defender Scheduled Scan 6. Select the Triggers tab 7. Click New on the Triggers tab which opens up the New Trigger dialog box, then select Weekly and choose the day of the week 8. Click OK (shown in image) until you have confirmed the new scheduled scan
You are engaging in Best Practices for Malware Removal State and Describe Step 6 of the Best Practices for Malware Removal + Know how to enable System Protection and then create a Restore Point
Step 6. Enable System Restore and Create a Restore Point in Windows Once everything is working properly, it is important to create restore points again, should a future problem occur and you need to revert back. Enable System Protection and create a Restore Point by following these steps: 1. Click the Start menu 2. Type Restore and select it from the results - alternatively, go to Control Panel -> Restore 3. Click Configure System Restore 4. Select the System drive and click Configure 5. Click Turn On System Protection, and click OK - you have just enabled system protection and can now create restore points 6. Click the Create button next to "Create a restore point right now for the drives that have system protection turned" 7. Name the restore point, then confirm by clicking Create (shown in image)
You are engaging in Best Practices for Malware Removal State and Describe Step 7 of the Best Practices for Malware Removal
Step 7. Educate the End User Education should always be viewed as the final step. The end user should understand what led to the malware infestation, a well as behaviors to avoid and symptoms to look for to keep it from happening again.
You are Troubleshooting Common Microsoft Windows OS Problems, particularly with Time Drift. What is RTC? What are some symptoms to time drift? What can you do?
The RTC (real-time clock) is an integrated circuit on the motherboard that is responsible for maintaining the correct time. The RTC can drift over time and the computer can become faster or slower. - when the time drifts too far, you can also have authentication problems - additionally, certificates can also be invalidated and you'll have problems with web browsers Fortunately, the Windows OS has addressed problems of time drive by periodically querying a NTP (Network Time Protocol) server. - you will need to ensure that the client has the ability to contact the time server of time.windows.com, otherwise you will need to configure a time server that the client can reach You can verify that the NTP server is reachable: Open Control Panel -> Date and Time -> select the Internet Time tab then click Change Settings (shown in image) - the OS will attempt to call out to the NTP server and the results will be displayed in the dialog box.
You are working with Common Troubleshooting Solutions that you can implement to solve Common Windows OS Symptoms/Problems. When a feature of the OS stops functioning or behaves in a manner that makes you suspect corrupted files, which tool can scan and replace critical OS files? How can you access this tool?
The System File Checker can scan and replace critical OS files. - it can verify the integrity of system files and replace and corrupted files It is launched from the command line with Elevated Privileges with the following command (shown in image) sfc.exe You can execute the command sfc.exe /verifyonly and the System File Checker will inspect all the critical files and verify integrity only Using the command sfc.exe /scannow will make the System File Checker scan and repair any fails that fail the integrity check
You are Troubleshooting Common Microsoft Windows OS Problems, specifically Sluggish Performance. There are several tools that you can use to identify the problem area so that you can focus your attention on narrowing down the problem. What is the first tool you should start with?
The Task Manager - use Crtl + Shift + Esc - or right-click the Start menu and select Task Manager Go to the Performance tab to monitor CPU, RAM, Disk, Network, and GPU usage. In image - the Performance tab of the Task Manager - you can see that the processor is spiked out at almost 100% and all other systems are within tolerance
You are Troubleshooting Mobile Security Issues, particularly Security Concerns. Describe Developer Mode + How can Developer Mode be a security concern?
The developer mode on Android and Apple devices allows a developer to connect to the device via a USB connection in order to perform tasks such as app development and app testing. - the developer will then create a bridge from a computer to side-load applications as well as debug Develop mode on Android offers the configuration of a myriad of setttings that usually cannot be changed, such as: - viewing running services - making the device stay awake - setting a mock GPS location - USB debugging Developer Mode can be a security concern because it allows you to change and tweak settings that could compromise the security of the device. On Android, you can access Developer Mode by navigating Settings -> About Phone -> Software Information -> tap Build Information 7 times
You are Troubleshooting Security Issues, identifying Browser-Related Symptoms. What is the easiest way a threat agent can access your OS?
The easiest way a threat agent can access your OS is through your web browser. - therefore, it is important to keep your web browser secure by engaging in best practices, using antivirus/antimalware applications, ensuring your browser is updated, and properly configured.
You are Troubleshooting Common Microsoft Windows OS Problems, specifically Sluggish Performance. What is the first step to solving this problem? For the following critical components, describe what can cause their sluggish performance, and what their symptoms are: CPU RAM Disk Network Graphics (GPU)
The first step to solving the problem is identifying the component that is impacted by the performance issue. Critical components that can be affected by slow performance: CPU - a symptom of poor CPU performance is the slow execution of applications - the OS GUI will be unresponsive and sluggish. - CPU problems can be caused by an application that requires high CPU usage. RAM - the OS could be running out of RAM due to high disk usage - symptoms closely resemble CPU-related issues, where applications are slow in loading. - can be caused by too many applications being open at once or an application that has high RAM requirements, such as a database Disk - a symptom of poor hard disk drive performance is the thrashing of the drive heads on the platters of the drive - thrashing occurs when there is excessive movement of the drive arm to locate information on the drive - disk problems can be caused by excessive fragmentation, high RAM usage, or a high volume of drive usage by applications, such as a video capture Network - symptoms of poor network performance are slow loading web pages, network applications that load slowly, and even timeouts. - if you're using wireless, network issues can be caused by poor signal strength - if you're connected by Ethernet, poor network performance can be related to your LAN Graphics (GPU) - symptoms of poor graphics (GPU) performance are usually related to slow-running video games and playback of videos - the FPS will be excessively low as the computer tries to render the screen - usually the hardest to solve because they require 3rd-party tools by the graphics card vendor
You are Troubleshooting Common Microsoft Windows OS Problems, particularly No OS Found. When it's reported that an OS is missing, or "no OS is found", what is the first thing to check? After doing so and this problem persists, what should you do?
The first thing to check is that no media is in the machine (USB, DVD, CD, etc.) - the system may be reading this media during boot before accessing the hard drive. - to prevent this from happening in the future, you should change the BIOS/UEFI settings to boot from the hard drive before any other media. If the problem persists, then you may have to boot into the WinRE (Windows Recovery Environment). - this may be a challenge because if the BIOS/UEFI cannot boot to the Boot Manager, then the WinRE cannot be executed (the Boot Manager is responsible for executing WinRE) You have possibly two options to fix this: Use the vendor's recovery console (if applicable) - depending on the vendor, they will supply a recovery console that can be accessed via BIOS/UEFI Boot the installation media and choose Repair when it first boots - choosing this option will launch WinRE booted from the installation media. You can then go to Troubleshoot -> Advanced Options -> Startup Repair (shown in image). - the WinRE will then attempt to repair the OS
You are Troubleshooting Mobile OS Issues, specifically Connectivity Issues. You experience No NFC (Near-field communication) for your mobile device. What are things to check when confronted with this issue? What can you do with the mobile payment system app within your phone that might rectify this issue?
The first thing to check on the mobile device is that Airplane mode is not turned on, as it will impede on the functionality of NFC. Next, you should check that the problem does not lie within the reader - if you are in a store, ask the employee if there were NFC issues prior to your encounter with the reader. You should also check the case on your mobile device - the case can interfere with NFC communications. Try removing the case and seeing if NFC works. Additionally, signing out and signing back in of the mobile payment system will sometimes rectify this issue.
You are Troubleshooting Common Microsoft Windows OS Problems. You just got an error in Windows, and it appears that you are on the verge of a crash (of your applications or the whole system). What do you do?
The first thing to do is to write down any error messages that appear. Then, reboot your computer. Whenever there's a software problem, always reboot the computer before trying to troubleshoot - this solves many problems and can save you time - if the same problem reappears, then you know that you have work to do. Why does rebooting work? - when an application is running, it creates one or more temporary files that it uses to store information. It also stores information in memory (RAM). - if a temporary file or information in RAM becomes corrupted, the original application can have problems - rebooting will clear the memory registers and most often remove problematic temporary files, thus eliminating the issue.
You are Troubleshooting Mobile OS Issues, specifically Mobile Application Problems. You experience Application Launch Issues. What is the first thing you should try if an application is not loading? Why? A common problem related to applications not loading is that sometimes ___ is corrupted. If so, what should you do?
The first thing you should try if an application is not loading is to force-quit the application. - this is because, often, an application was not closed down properly the last time it was used and continued to run in the background, forcing it to become slow after some time. A common problem related to applications not loading is that sometimes the cache associated with the application is corrupted. - in this case, you should clear the application's cache - if you are unable to clear the cache, you should try uninstalling and reinstalling the application The steps are as follows, moving forward if the step does not solve the issue: 1. Force-quit the application 2. Clear the application cache 3. Clear the application data - try to back up the data beforehand if its important 4. Uninstall the application 5. Reboot the device - this clears any applications that might be stuck in memory that conflicts with the application 6. Reinstall the application
You are Troubleshooting Mobile OS Issues, specifically Mobile Application Problems. You experience that an Application Fails to Update. What is the first troubleshooting step for this problem? What if this doesn't work? What should you disable that could be preventing updates? Another consideration is to make sure you are connected to the Internet in what way?
The first troubleshooting step should be to try to manually upgrade the application from the Play Store or the App Store. If manually upgrading the application does not work, then you should follow the steps that you should take for when an application fails to load or when it crashes: The steps are as follows, moving forward if the step does not solve the issue: 1. Force-quit the application 2. Clear the application cache 3. Clear the application data - try to back up the data beforehand if its important 4. Uninstall the application 5. Reboot the device - this clears any applications that might be stuck in memory that conflicts with the application 6. Reinstall the application You should also try to disable any antivirus or antimalware software installed on the device, as they may be preventing updates for that application. Another consideration is to make sure that you are connected to the Internet via Wi-Fi. - many applications will not automatically update applications over cellular connections.
You are Troubleshooting Mobile OS Issues, specifically Connectivity Issues. You experience No Bluetooth Connectivity for your mobile device. What are the most common causes of this issue? Lack of Bluetooth connectivity can also be caused when a device has an improper setting for pairing. What is a common pairing issue?
The most common causes of the lack of Bluetooth connectivity is that Airplane mode is enabled or simply that Bluetooth has been turned off. Lack of Bluetooth connectivity can also be caused when a device has an improper setting for pairing. A common pairing issue is not having the proper Bluetooth passcode entered for the device. - each device, when paired, has a specific code from the vendor (such as 1234 or 0000) - to alleviate this, you should ensure that the device is discoverable, then re-pair the device using the appropriate code.
You are Troubleshooting Mobile OS Issues, specifically Connectivity Issues. You experience Intermittent Connectivity Issues for your mobile device. What are the two most common reasons why this problem occurs? How can you address each reason? Another common problem with intermittent wireless connectivity is the auto-reconnection feature for the SSID. Why is this? How can you address it?
The two most common reasons for this problem are: Lack of a good signal - increasing the number of WAPs for coverage or being closer to them can address this. interference - can be addressed by reducing the number of devices competing for the same signal - however, in many instances the interference may be coming from an external source (such as a microwave oven or even a Bluetooth device on the 2.4 GHz band). To avoid this type of interference, try to use an SSID that is dedicated to the 5 GHz band. That way, you have better odds of selecting a channel without interference. Another common problem with intermittent wireless connectivity is the auto-reconnection feature for the SSID. - when your phone goes to sleep for battery conservation, one of the first components to power down is the wireless circuitry. When you power your phone, the wireless circuitry needs to associate with your WAP, unless you reconfigure your device by disabling the auto-reconnect feature - you should verify that you have enabled auto-reconnection settings on your mobile device
You are Troubleshooting Mobile OS Issues, specifically an Extremely Short Battery Life. You experience Overheating with your mobile device. Describe thermal runaway Mobile devices can get hot from which sources of temperature? What is one of the best ways to prevent overheating?
Thermal runaway is where the lithium-ion battery in the mobile device starts to get so hot that you risk explosion or fire. - luckily, mobile devices automatically shut down when they get too hot. - mobile devices can get hot from ambient temperature or internal temperature from the CPU. One of the best ways to prevent overheating is to avoid ambient temperatures that are too hot. - when a mobile device overheat, try to understand why it is overheating (is it the ambient temperature or is CPU usage too high? Most mobile phones today have lithium-ion batteries that are not user-replaceable. You must either take it into a shop or find a new phone.
You are Troubleshooting Common Microsoft Windows OS Problems, particularly with OS Instability. Follow along with these steps to get used to the Reliability Monitor
This exercise is best performed on an operating system that has been running for some time. Although the operating system should be flawless and operate at a reliable level, you should see some fluctuation in reliability. If you don't, then try switching the view from days to weeks in the upper left of the app, above the graph. 1. Click the Start menu, type View Reliability History, and then click the Control Panel app result. 2. Make note of your current reliability score by looking at the graph on the rightmost section of the graph and comparing the location with the legend on the left side (1 through 10). 3. Make note of if and why your score has gone down over the days shown. 4. If there is a drop in reliability, click on Day and the lower section of the app will display the reliability details. 5. View the details and make note of the action. As you click through the reliability events, make note of applications that constantly crash or that are problematic. These are the applications you should investigate further. Some of the solutions in the next section will lend some suggestion on how to fix them.
You are Troubleshooting Common Microsoft Windows OS Problems, particularly with Frequent Shutdowns. This problem is almost always related to which causes? What is the first place to check? Why? + Which sources should you identify? Why?
This problem is almost always related to faulty hardware or a faulty driver, but it can also be as simple as the OS shutting itself down due to something like misconfigured power settings. The first place to check is Event Viewer on the System tab You should start searching through the logs and looking for the Kernel-Boot or Kernel-General sources, as these entries will help you identify if the OS was shut down properly or it just suddenly lost power. - any time the OS is shut down or powered back up, the kernel will log an entry In addition, you should also investigate EventLog sources - these entries will be created if the EventLog service detects a dirty shutdown (such as when power is removed) By clicking the Event Viewer logs, you identify whether the problem is a hardware problem or whether the OS is actually shutting itself down.
You are Troubleshooting Mobile OS Issues, specifically an Extremely Short Battery Life. Tips for increasing battery life include: - keeping ___ applied - avoiding temperature that are ___ - letting the screen brightness ___ - turning off ___ services - disconnect ___ and quit ___ when not in use - avoid high ___ usage
Tips for increasing battery life include: - keeping OS updates applied (the update might include energy-saving patches) - avoiding temperature that are too high or too low - letting the screen brightness automatically dim - turning off location-based services - disconnect peripherals and quit applications when not in use - avoid high RAM usage
You are Troubleshooting Common Microsoft Windows OS Problems, particularly with Low Memory Warnings. When system processes are at risk of not having enough memory free, you will see a warning message. You determine that a process is using a large amount of RAM that it normally doesn't need, therefore you stop the process and fixes the issue. However, you also note that the RAM in your computer isn't as much as you'd want it to be, and you don't have enough money at the moment to upgrade it. Therefore, you want to configure the page file for your system. How do you do this? + Where should you place the page file? In general, how big should it be?
To modify the default virtual memory (page file) settings, follow these steps: Open Control Panel. Click the System and then Advanced System Settings on the right side. In the Performance area, click Settings. Next, click the Advanced tab, and then in the "Virtual Memory" area, click Change. This will open the Virtual Memory dialog box (shown in image) Here, you can change the page file's size and how Windows handles it, and you can specify the drive on which you want to place the file. You should place the page file on a drive with plenty of empty space (at least 20% empty space) The page file should be at least 1.5x the amount of RAM