Answers and Explanations
1. Answer: D. Spyware cannot physically damage a computer. It can, however, capture information as you type it in, change the default home page, generate pop-up Windows, and slow your machine. Therefore, Answers A, B, C, and E are incorrect.
2. Answer: D. When you know that a program is not spyware, click Always Allow so that it stops thinking the software is spyware. Answer A is incorrect because you don’t want to ignore the other programs. Answer B is incorrect because Parental Controls do not function on domains. Answer C is incorrect because Answer D is the better answer.
3. Answer: D. If you use Software Explorer (part of Windows Defender), you can remove any program that executes during startup. Many spyware programs include those that change home pages and load themselves automatically during startup. Therefore, you should remove any programs that you don’t recognize. Answer A is incorrect because not all programs will be shown in the Add/Remove programs.
Answer B is incorrect because there is no indication that it is communicating with the outside world, and using the firewall would not stop the spyware program from changing the home page.
Answer C is incorrect because changing the security level would have no effect because the spyware program is already on the machine.
4. Answer: D. Because the computer is slow even after reboot, the spyware program must load every time the computer is rebooted. Therefore, it has to be loaded during startup. Answer A is incorrect because spyware is not typically loaded as a service.
Answer B is not the best answer because most startup programs are specified in the registry, not the startup folder. Answer C is incorrect because if you use Task Manager to stop the program, the program will still reload after you restart the computer.
5. Answer: A. Quick scan will check all places that you normally would find spyware, including those that execute during startup. Answer B is incorrect because a fast scan does not exist. Answer C is incorrect because full scans are much more thorough scans but take much longer. Answer D is incorrect because you would then need tomanually specify where to search for spyware.
6. Answer: A. A Trojan horse virus appears, to the user, to perform a desirable function but, in fact, it facilitates unauthorized access to the user’s computer system. A polymorphic virus (Answer B) is a virus that changes often to keep it from being detected. A worm (Answer C) is malware that spreads and utilizes the resources of a computer, slowing the computer down. There is no classification called peaceful virus (Answer D).
7. Answer: A. If an antivirus software package cannot remove a virus from a file, it can be configured to delete the file or to quarantine the file. When a file is quarantined, it is copied to a special folder (usually named quarantined). Isolation mode (Answer B), Boot protection (Answer C), and Firewalled (Answer D) are not terms used with antivirus software.
8. Answer: A and C. Often, you cannot remove a virus if it is loaded in memory. Therefore, you need to boot the computer in Safe Mode or perform a clean boot before you can remove the virus so that certain programs are not loaded. If the virus has infected your computer, you might need to be an administrator (Answer B) to remove it. Lastly, files that are in the quarantine folder (Answer D) have already been isolated and therefore should not be the source of the virus.
9. Answer: B. Because you are connected to the network and you think it is infected with a virus, you should disconnect it from the network so that the virus does not spread to other computers. It is important to download the newest security patches (Answer A) and newest antivirus software package (Answer D), but do this only after the virus is removed. Rebooting and going into the BIOS setup program (Answer C) will not help you remove the virus.
10. Answer: C. Data Execution Prevention (DEP) is a security feature included in Windows XP with SP2 and Windows Vista intended to prevent an application or service from executing code from a non-executable memory region. This helps prevent certain exploits that store code via a buffer overflow. Hyper-V (Answer B) is an Intel technology that creates two logical processors on each physical core in an attempt to keep the pipelines full at all times. PAE (Answer A), short for Physical Address Extension, is technology that allows 32-bit Windows to access more than 4 GB of physical memory. Protected mode (Answer D) is a mode used in processors that allows the operating system to use virtual memory, paging, and multitasking.
11. Answer: A. Data Execution Prevention (DEP) is a security feature included in Windows XP with SP2 and Windows Vista that is intended to prevent an application or service from executing code from a non-executable memory region. This helps prevent certain exploits that store code via a buffer overflow. To disable DEP, modify the Boot.ini file. You cannot disable DEP using the registry (Answer B), System Properties (Answer C), or the BIOS setup program (Answer D).
12. Answer: C. Data Execution Prevention (DEP) is a security feature included in Windows XP with SP2 and Windows Vista that is intended to prevent an application or service from executing code from a non-executable memory region. To enable or disable for an individual application, you open the System Properties, access the Advanced System Settings, select Settings in the Performance session, and click the Data Execution Prevention tab. You cannot configure individual programs using the Boot.ini file (Answer A) or BIOS setup program (Answer D), and there is no Processor applet in the Control Panel (Answer B).
13. Answer: B. If you reboot the computer into Safe Mode, Windows only loads the essential files needed to start Windows. You can then use the antivirus software package to clean the virus. If you restart the computer in VGA mode (Answer A), your screen will turn to 640×480 resolution, but all the other service and programs still load. The Last Known Good Configuration (Answer C) only undoes the most recent change. Updating the antivirus software (Answer D) will not help because the file cannot be cleaned because it is in use, not because the program does not know what do with the file.
14. Answer: B. The Master Boot Record contains the partition table and a volume boot sector. The fixmbr command executed from the Recovery Console will fix a corrupted fix Master Boot Record (MBR). Copying the Boot.ini file (Answer A) from another computer will not fix an MBR and executing the fixboot command (Answer C) will only repair the Windows boot sector on the system partition. There is no Repair option in Windows Defender (Answer D), Microsoft’s anti-spyware program.
15. Answer: A. Members included in the Administrators group can perform all administrative tasks on the local system. By default, the built-in Administrator account is a member of the Administrators group. The guest account (Answer B) is used to give temporary access to a system but has minimum rights and permissions. The Power Users group (Answer C) can create and modify local user accounts on the computer, share resources, and install drivers for legacy software. They do not have full administrative permissions. Remote Desktop Users (Answer D) are granted the right to log on locally through a Remote Desktop Connection. Users (Answer E) can perform tasks for which they have been assigned permissions.
16. Answer: A. Members included in the Administrators group can perform all administrative tasks on the local system. By default, the built-in Administrator account is a member of the Administrators group. The guest account (Answer B) is used to give temporary access to a system, but has minimum rights and permissions. The Power Users group (Answer C) has some but not all the user rights of the Administrator accounts, including creating and modifying local user accounts on the computer, sharing resources, and installing drivers for legacy software. They do not have full administrative permissions. Remote Desktop Users (Answer D) are granted the right to log on locally through Remote Desktop Connection. Users (Answer E) can perform tasks for which they have been assigned permissions.
17. Answer: C. The Power Users group has some, but not all, of the user rights that Administrator accounts have. In Windows Vista, the Power Users Group has been simplified and the Power Users group no longer exists unless you upgrade from Windows XP. The other groups exist in both Windows XP and Windows Vista.
18. Answer: B. To help keep Windows secure, the guest account is disabled because it is meant to be used as an anonymous login with minimum access. The Administrator account (Answer A) is not disabled. There are no Power User (Answer C) or Remote User (Answer D) accounts.
19. Answer: D. The Users group contains all Windows accounts created on a Windows computer. When a computer is added to the domain, Windows adds Domain users to the local Users group. By default, the Administrators group (Answer A) only contains the Administrator user account. The Guests group (Answer B) only contains the Guest user account. By default, the Power Users group (Answer C) does not contain any accounts.
20. Answer: D and E. Installing a device driver and installing an application require administrative permissions. Therefore, UAC prompts you to make sure it is something that you want to do. Answers A, B, and C are incorrect because standard users can do this.
21. Answer: B. User Account Control is used to prevent unauthorized changes to the computer. Answer A is incorrect because the Computer Management Console is used to manage the computer, including managing volumes, using the Event Viewer, and managing local users and groups. Answer C is incorrect because the Windows Firewall helps block unwanted packets from getting to your computer. Answer D is incorrect because the Event Viewer looks at warning and error messages and the security logs.
22. Answers: A and D. Windows XP Home does not provide the variety of account options found in Windows 2000 or XP Professional. Windows XP Home provides only Limited and Administrative rights options for controlling access to system resources. When a user is given a Limited account, she is enabled to access programs already installed on the computer but cannot install software or hardware components or change her account name or type. The user cannot create a new user because this activity is relegated to computer administrators. Therefore, the other answers are incorrect.