Troubleshooting Practice Questions: Security

1. A network administrator notices that several employee computers are sending spam emails without the users' knowledge. The computers are running Windows 10 and show no obvious signs of malware in Task Manager. The antivirus software is up to date but has not detected any threats. Which of the following would be the BEST next step?
(a) Perform a full system restore to factory settings
(b) Boot into Safe Mode and run a rootkit scanner
(c) Disable Windows Defender and install alternative antivirus software
(d) Enable BitLocker encryption on all affected drives

2. Which of the following authentication methods provides the MOST secure approach for protecting sensitive corporate data?
(a) Single sign-on with password complexity requirements
(b) Biometric authentication combined with a PIN
(c) Multi-factor authentication using tokens and passwords
(d) CAPTCHA verification with username and password

3. A user reports that when browsing websites, pop-up advertisements appear constantly, even when visiting legitimate sites like banking portals. The user's Windows 11 laptop has started running slowly, and the browser homepage has changed without authorization. What is the MOST likely cause?
(a) The wireless network has been compromised
(b) Browser extensions contain adware or malware
(c) The router's DNS settings have been hijacked
(d) Windows Update has installed corrupted patches

4. An IT technician is configuring a new workstation for an employee who handles confidential financial data. The computer contains sensitive client information that must remain secure if the laptop is stolen. Which security feature should be implemented FIRST?
(a) Install a software-based firewall with custom rules
(b) Configure BIOS/UEFI password protection
(c) Enable full disk encryption using BitLocker or FileVault
(d) Set up automatic screen lock after five minutes

5. A small business owner receives an email appearing to be from their bank, requesting immediate verification of account credentials due to suspicious activity. The email contains a link to what looks like the bank's website. What type of attack is this?
(a) Spear phishing
(b) Phishing
(c) Vishing
(d) Whaling

6. Which of the following port numbers should be blocked on a corporate firewall to prevent unencrypted web traffic while still allowing secure HTTPS connections?
(a) Port 443
(b) Port 80
(c) Port 22
(d) Port 3389

7. A technician is investigating a security incident where an attacker gained access to the building by following an authorized employee through a secured door without using their own badge. The security cameras captured the incident occurring at 8:15 AM during peak entry time. What type of security breach is this?
(a) Shoulder surfing
(b) Dumpster diving
(c) Tailgating
(d) Social engineering

8. A corporate user repeatedly receives security warnings when accessing the company's internal payroll website, stating the certificate is untrusted. Other employees access the same site without issues from their workstations. The user's Windows 10 system date is set correctly. What should the technician check FIRST?
(a) Whether the user's browser cache needs to be cleared
(b) If the corporate root certificate is installed on the user's machine
(c) Whether the payroll server's SSL certificate has expired
(d) If the user's network adapter drivers need updating

9. What is the primary purpose of implementing a screensaver with password protection on enterprise workstations?
(a) To reduce power consumption during idle periods
(b) To prevent unauthorized access when users leave their desks
(c) To detect and prevent malware infections automatically
(d) To improve overall system performance and memory management

10. A help desk technician receives a call from a user who claims to be the CEO, demanding the immediate reset of another executive's password due to an urgent meeting. The caller is insistent and claims there is no time for standard verification procedures. What should the technician do?
(a) Reset the password immediately to avoid angering executive leadership
(b) Follow standard identity verification procedures before taking any action
(c) Transfer the call to a supervisor without attempting verification
(d) Ask for the executive's personal email address for confirmation

11. A user's smartphone continuously connects to unknown Wi-Fi networks and displays advertisements in the notification bar. Apps are crashing frequently, and the battery drains much faster than normal. The user recently installed several apps from third-party websites. What is the MOST effective solution?
(a) Clear all app caches and restart the device
(b) Perform a factory reset and restore from cloud backup
(c) Disable Wi-Fi auto-connect in network settings
(d) Update the operating system to the latest version

12. Which of the following BEST describes the principle of least privilege in a corporate IT environment?
(a) Users receive only the minimum permissions necessary to perform their job functions
(b) All employees have administrator rights to reduce help desk tickets
(c) System administrators monitor user activities through keystroke logging
(d) Guest accounts are disabled on all company workstations

13. A network administrator discovers that an employee has been running unauthorized cryptocurrency mining software on a company workstation overnight. The computer's CPU usage remains at 98% constantly, causing significant slowdown and overheating issues. The software was disguised as a legitimate system process. What type of malware is this?
(a) Trojan
(b) Ransomware
(c) Keylogger
(d) Worm

14. An organization wants to ensure that former employees cannot access company resources after termination. Which of the following procedures should be included in the offboarding process?
(a) Change the Wi-Fi password network-wide
(b) Disable user accounts and revoke access credentials immediately
(c) Install new antivirus software on all workstations
(d) Perform full system backups of all servers

15. A security team is implementing a new authentication system that requires users to provide a password and scan their fingerprint. Additionally, users receive a time-sensitive code on their registered mobile device. How many authentication factors are being used?
(a) One factor
(b) Two factors
(c) Three factors
(d) Four factors

16. A user calls the help desk reporting that all files on their Windows 10 computer have been encrypted with a .locked extension. A message on the screen demands payment in Bitcoin to decrypt the files, with a countdown timer showing 48 hours remaining. The user cannot open any documents or photos. What type of malware has infected the system?
(a) Spyware
(b) Adware
(c) Ransomware
(d) Botnet malware

17. A technician is configuring a wireless network for a medical office that handles patient records subject to HIPAA regulations. Which encryption protocol should be implemented to ensure the MOST secure wireless communications?
(a) WEP with 128-bit encryption
(b) WPA with TKIP encryption
(c) WPA2 with AES encryption
(d) Open network with MAC address filtering

18. During a security audit, an administrator discovers that several users have written their complex passwords on sticky notes attached to their monitors. The company enforces 16-character passwords with special characters that expire every 30 days. What should be the BEST recommendation?
(a) Implement biometric authentication to replace passwords entirely
(b) Increase password complexity requirements to 20 characters minimum
(c) Implement a password manager and adjust password policies to be more reasonable
(d) Install security cameras to monitor who accesses workstations

19. A company's BYOD policy allows employees to access corporate email on personal smartphones. Which of the following should be implemented to protect company data if a device is lost or stolen?
(a) Require all employees to use the same device manufacturer
(b) Install mobile device management software with remote wipe capabilities
(c) Prohibit employees from installing personal apps on their devices
(d) Mandate that all devices use biometric unlock methods only

20. A technician receives multiple reports that users cannot access certain websites, receiving "connection not secure" warnings. Investigation reveals that the company's proxy server certificate expired yesterday at midnight. Users attempting to access HTTPS sites are seeing certificate errors. What should the technician do FIRST?
(a) Disable SSL inspection on the proxy server temporarily
(b) Instruct users to proceed past the security warnings manually
(c) Renew and install the updated certificate on the proxy server
(d) Configure all browsers to ignore certificate validation errors