A user calls the help desk to report that none of the files on a PC will open. The user also indicates a program on the desktop is requesting payment in exchange for file access. A technician verifies the user's PC is infected with ransomware. Which of the following should the technician do FIRST?
Correct Answer: C
When handling a ransomware infection, the technician's first priority should be to prevent the malware from spreading or causing further damage. Quarantining the system is the most appropriate initial step. This will isolate the infected machine from the network and other devices, helping to contain the threat and limit its potential impact. Once the system is quarantined, further steps such as scanning and removing the malware, disabling System Restore, and scheduling automated malware scans can be taken.
A company is issuing smartphone to employees and needs to ensure data is secure if the devices are lost or stolen. Which of the following provides the BEST solution?
Correct Answer: B
To ensure data is secure if a smartphone is lost or stolen, the best solution is the ability to remotely wipe the device. Remote wipe allows the company to erase all data on the smartphone from a distance, preventing unauthorized access to sensitive information. While other options like screen locks and locator applications provide some level of security, they do not guarantee that the data will remain inaccessible if someone gains possession of the device and has the technical skills to bypass these measures. Anti-malware is useful for protecting against software threats but does not address the issue of physical loss or theft. Remote wipe is the only option that ensures the data can be completely removed from the device, thereby safeguarding it from unauthorized access.
A user reports seeing random, seemingly non-malicious advertisement notifications in the Windows 10 Action Center. The notifications indicate the advertisements are coming from a web browser. Which of the following is the BEST solution for a technician to implement?
Correct Answer: A
The user is experiencing random advertisement notifications in the Action Center that are coming from a web browser. Disabling the browser from sending notifications to the Action Center is the best solution because it directly addresses the source of the issue. The advertisements are seen in the Action Center because the browser is configured to send notifications there. By disabling this feature, the user will no longer receive these advertisement notifications. This approach is more efficient than running an antivirus scan, which might not address the specific issue of browser notifications, or disabling all Action Center notifications, which could suppress important alerts from other applications.
After clicking on a link in an email, a Chief Financial Officer (CFO) received the following error:
The CFO then reported the incident to a technician. The link is purportedly to the organization's bank. Which of the following should the technician perform FIRST?
Correct Answer: D
The correct first action the technician should perform is to instruct the CFO to exit the browser. The security certificate error indicates that the website's security cannot be trusted, potentially due to it being a fraudulent or malicious site. Closing the browser immediately helps prevent any potential security threat or data compromise. Once the immediate threat is mitigated, the technician can take further steps to investigate the issue, such as updating the browser's Certificate Revocation Lists (CRLs) or contacting the involved parties. However, the immediate priority is to ensure the CFO's system is not exposed to any potential harm.
A help desk technician is troubleshooting a workstation in a SOHO environment that is running above normal system baselines. The technician discovers an unknown executable with a random string name running on the system. The technician terminates the process, and the system returns to normal operation. The technician thinks the issue was an infected file, but the antivirus is not detecting a threat. The technician is concerned other machines may be infected with this unknown virus. Which of the following is the MOST effective way to check other machines on the network for this unknown threat?
Correct Answer: B
The most effective way to check other machines on the network for an unknown threat is to provide a sample of the executable to the antivirus vendor. The vendor can analyze the sample, develop detection signatures, and update their antivirus definitions. This ensures that all machines running the updated antivirus software will be able to detect and handle the threat. This method is comprehensive and efficient, as it leverages the expertise and resources of the antivirus vendor to protect all machines in the network.