ISSC421
AMU
List five types of system information that can be obtained from the Windows Task Manager? How can you use this information to confirm the presence of malware on a system? (Hint: Look at the bandwidth and CPU utilization.)
Services, Performance, applications, processes, networking, users.
You can use it to see if there are any unidentified processes being run in the back ground without your knowledge.
Windows Task Manager and Windows Computer Manager both provide information about system services. Compare and contrast the types of information (about system services) that can be obtained from these tools.
Task manager shows what programs are running currently along with any active back ground software. While computer management shows us ALL of the soft and hard ware that is operational on the computer at any given time active or not.
Explain how you could use one or more of the Windows log files to investigate a potential malware infection on a system. What types of information are available to you in your chosen log file?
You can use the log files to ID malware form the incidence logs. They should tell you when something was downloaded or uploaded to the computer. If you know some minor details about what it is you are looking for then you should be able to ID the malware file that was put on the computer.
Should you filter log files during an investigation into a security incident? Why or why not?
No you shouldn’t filter anything unless you are sure you know what you are looking for. There is no telling what might me important when you are searching for a virus.
Should remote desktop services be enabled on employee workstations for use by IT Help Desk personnel? Why or why not?
Yes they should this will allow the IT staff to be able to interface with a potential threat when dealing with malware. It must however be used responsibly when dealing with Remote access.
How does Microsoft Baseline Security Analyzer (MBSA) differ from Windows Update? Why are Shares a source of system vulnerabilities?
MBSA is easer to use and helps IT professionals determine their security state in accordance with Microsoft security recommendations and offers specific remediation guidance. Windows update focuses mostly un driver updates. Shares are a sources of system vulnerability because infected material can be easily passed on through them. Shares are not suggested in a business setting unless the information put in them is guaranteed clean.
You May Also Find These Documents Helpful
-
1. It can show hackers where to attack and what the most vulnerable parts of the traffic are.…
- 115 Words
- 1 Page
Satisfactory Essays -
| ____ scanning detects malware by comparing a file’s content with known malware signatures in a signature database.Answer…
- 5533 Words
- 23 Pages
Satisfactory Essays -
14) What term describes a malicious software program that users are tricked into running? A) Trojan horse…
- 284 Words
- 1 Page
Satisfactory Essays -
2. Describe the differences between a new software version, an upgrade, a release, an update, a service pack, and a patch.…
- 555 Words
- 3 Pages
Satisfactory Essays -
7. If you have scanned a live host and detected that it is running Windows XP workstation OS, how would you use this information for performing a Nessus vulnerability assessment scan?…
- 385 Words
- 2 Pages
Satisfactory Essays -
Securing a user workstation with approved updates will help prevent potential system corruption and in house data from being exposed. This domain is also vulnerable and also needs constant monitoring.…
- 634 Words
- 3 Pages
Better Essays -
Log Files contain complete records of all security events (logon events, resource access, attempted violations of policy, changes in system configuration or policies) and critical system events (service/daemon start/stop, errors generated, system warnings) that can allow a admin to quickly discover the root cause of any issues.…
- 563 Words
- 3 Pages
Good Essays -
If the web browser is infected and the user is using an unprotected computer system then the virus program can affect the computer, the operating system, and the files that are there. It…
- 345 Words
- 2 Pages
Satisfactory Essays -
1. Discuss common forms of attack on Microsoft systems using the text Internet, and/or your job as reference for full credit.…
- 488 Words
- 2 Pages
Satisfactory Essays -
It automatically scans the computer for viruses, Trojans, worms, and spyware on a regular basis. It also protects the computer from suspicious files.…
- 658 Words
- 3 Pages
Satisfactory Essays -
Answer: To see if the files and data recovered from the hard drive are original and authentic.…
- 414 Words
- 2 Pages
Satisfactory Essays -
1. Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify whether that application starts as a service on the system or must be run manually.…
- 299 Words
- 2 Pages
Satisfactory Essays -
1. Why is it critical to perform a penetration test on a web application prior to production Implementation?…
- 486 Words
- 2 Pages
Good Essays -
1. Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify whether that application starts as a service on the system or must be run manually.…
- 11860 Words
- 48 Pages
Powerful Essays -
1. Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify whether that application starts as a service on the system or must be run manually.…
- 1091 Words
- 5 Pages
Good Essays