Computers 2h

Before educating the user you should create a system restore point.

CompTIA has identified a seven-step best practice procedure for malware removal: 1. Investigate and verify malware symptoms. 2. Quarantine infected systems. 3. Disable System Restore in Windows. 4. Remediate infected systems: a) Update anti-malware software. b) Scanning and removal techniques (e.g., safe mode, preinstallation environment). 5. Schedule scans and run updates. 6. Enable System Restore and create a restore point in Windows. 7. Educate the end user.

A. Preserving chain of custody The administrator demonstrated the concept of preserving the chain of custody by documenting the movement of the evidence, which, in this case, involves the financial data copied to a portable hard drive. Explanation: Preserving chain of custody (Option A): Chain of custody refers to the chronological documentation or paper trail showing the collection, transfer, control, analysis, and disposition of physical or electronic evidence.

Type the following command to map the network drive: "net use [drive letter]: \[network location][shared folder name]." For example, to map the network drive to drive letter Z: and the network location \server\shared, type "net use Z: \server\shared

B. Enabling inheritance Enabling inheritance is the action that would most likely allow all users to access the new folders. Explanation: Enabling inheritance (Option B): Enabling inheritance allows new folders and files to inherit the permissions of their parent folder. If a user creates a new subfolder within the department share, enabling inheritance would mean that the new subfolder automatically inherits the permissions of the parent department share, providing access to other users.

This scenario describes a Phishing attack. Phishing often involves tricking the user into opening a malicious attachment or visiting a malicious site. In this case, the user received a USB device (the “prize”) in the mail, which likely contained malicious software that caused the computer to stop booting. So, the correct answer is: A. Phishing

• The default installation directory for applications on Mac OS is /Applications/

C. Use open-ended questions to get additional information. When dealing with technical issues, using open-ended questions is a good technique to gather additional information and understand the customer's concern more thoroughly. Open-ended questions encourage customers to provide detailed explanations, helping the technician to diagnose the problem accurately.

• A. Full For a simple and straightforward restore process, the user should select a Full backup. In a Full backup, all selected files and data are backed up, providing a complete copy of the entire dataset at the point in time when the backup was created. When restoring from a Full backup, there is no need for multiple backup sets or other backups to be available. It's a standalone backup that contains all the necessary data for a complete restore.

The presence of "grabber.exe" and "output.txt" does indeed suggest characteristics of a keylogger rather than a typical Trojan. A keylogger is a specific type of malware designed to record keystrokes on a computer, often used to capture sensitive information like passwords. So, in this context, the most likely attack occurring is: D. Keylogger

To show hidden files, you need to include the /a:h modifier in that command. So, dir /a:h C:your-folder will do the trick. CMD also has specific commands for showing directories and folders. /a:d shows all hidden directories, and /a shows hidden folders