Chapter 29 securing endpoint systems

Question 1

Which term does not describe how malware spreads to new systems?

Virus

Worm

Key logger

Trojan

Answer 1

The term key logger describes malware that records everything the user types.

Question 2

In CompTIA’s 7-step malware management process, which step immediately follows step 3 (disable System Restore)?

Quarantie Infected Systems

Remediate Infected Systems

Schedule scans and run updates

Educate Users

Answer 2

Step 4 of the 7-step system is to remediate infected systems. step 2 is to quarantine infected systems. Step 5 is to schedule scans and run updates. Step 7 is to educate users

Question 3

Which is not a social engineering attack?

Phishing

Tailgating

Trojan

Shoulder Surfing

Answer 3

A Trojan is a malware distribution technique, not a social engineering attack.

Question 4

CompTIA’s 7-step malware management process: Step 1

Answer 4

Identify Malware Symptoms.

The first step involves detecting unusual system behavior that may indicate malware infection. Common symptoms include slow system performance, unexpected pop-up ads, unusual network activity, or unauthorized access attempts. IT

Question 5

CompTIA’s 7-step malware management process: Step 2

Answer 5

Quarantine Infected Systems.

Once malware is suspected, the infected system should be isolated from the network to prevent the malware from spreading. Quarantining can involve disconnecting the system from the internet, disabling network connections, or using specialized containment tools. This step is crucial to limit damage and protect other devices.

Question 6

CompTIA’s 7-step malware management process: Step 3

Answer 6

Disable System Restore.

On Windows systems, System Restore can inadvertently preserve malware, allowing reinfection. To prevent this, access the System Properties, select the drive, and turn off system protection. Disabling System Restore ensures that malware cannot reappear from previously saved restore points.

Question 7

CompTIA’s 7-step malware management process: Step 4

Answer 7

Remediate Infected Systems.

Remediation involves removing the malware using updated antivirus and anti-malware tools. This may include running full system scans, manually deleting malicious files, or using specialized removal utilities. Ensuring that software definitions are current is critical for effective detection and removal.

Question 8

CompTIA’s 7-step malware management process: Step 5

Answer 8

Schedule Scans and Updates

After remediation, it is important to schedule regular system scans and software updates. This step helps maintain ongoing protection by keeping antivirus definitions current and detecting any residual or new malware threats early.

Question 9

CompTIA’s 7-step malware management process: Step 6

Answer 9

Re-enable System Restore and Create Restore Points

Once the system is clean, re-enable System Restore and create a new restore point. This ensures that future system recovery points are free from malware and can be safely used if needed.

Question 10

CompTIA’s 7-step malware management process: Step 7

Answer 10

Educate the User

The final step focuses on user education to prevent future infections. Users should be trained on safe browsing habits, recognizing phishing attempts, avoiding suspicious downloads, and maintaining updated security software. Educated users are a critical line of defense against malware.