List five types of system information that can be obtained from the Windows Task Manager? How can you utilize this information to corroborate the presence of malware on a system? ( Hint: Expression at the bandwidth and CPU utilization. ) Services. Performance. applications. procedures. networking. users. You can utilize it to see if there are any unidentified procedures being run in the back land without your cognition.
Windows Task Manager and Windows Computer Manager both provide information about system services. Compare and contrast the types of information ( about system services ) that can be obtained from these tools.
Undertaking director shows what plans are running presently along with any active dorsum land package. While computing machine direction shows us ALL of the soft and difficult ware that is operational on the computing machine at any given clip active or non. ? Explain how you could utilize one or more of the Windows log files to look into a possible malware infection on a system. What types of information are available to you in your chosen log file? You can utilize the log files to ID malware signifier the incidence logs. They should state you when something was downloaded or uploaded to the computing machine. If you know some minor inside informations about what it is you are looking for so you should be able to ID the malware file that was put on the computing machine.
Should you filtrate log files during an probe into a security incident? Why or why non? No you shouldn’t filter anything unless you are certain you know what you are looking for. There is no stating what might me of import when you are seeking for a virus. ? Should remote desktop services be enabled on employee workstations for usage by IT Help Desk forces? Why or why non? Yes they should this will let the IT staff to be able to interface with a possible menace when covering with malware. It must nevertheless be used responsibly when covering with Remote entree.
How does Microsoft Baseline Security Analyzer ( MBSA ) differ from Windows Update? Why are Shares a beginning of system exposures? MBSA is easer to utilize and assist IT professionals determine their security province in conformity with Microsoft security recommendations and offers specific redress counsel. Windows update focal points largely un driver updates. Shares are a beginnings of system exposure because infected stuff can be easy passed on through them. Shares are non suggested in a concern puting unless the information put in them is guaranteed clean.