comptia-a-plus-core2/quizzes/TRB-4-quiz.md

# TRB-4 Quiz: PC Security Symptoms

Take this after studying `notes/TRB-4-pc-security-symptoms.md`.

Reply with answers like:
`1B 2A 3D 4C 5B 6A 7D`

## Questions

1. A user's documents are renamed and cannot be opened. What should you suspect?

A. Normal update behavior  
B. Ransomware  
C. Screen saver timeout  
D. Low monitor brightness  

2. Browser searches keep redirecting to an unknown search site. What is likely?

A. Healthy DNS cache  
B. Good backup rotation  
C. Browser hijacker or malicious extension  
D. Normal BitLocker behavior  

3. Fake antivirus pop-ups demand payment. What is the safest assumption?

A. The system may be compromised  
B. The pop-ups are required OS updates  
C. The monitor cable is loose  
D. The user needs a new keyboard  

4. Certificate warnings appear on many websites. Which simple setting should be checked?

A. Mouse pointer size  
B. Wallpaper rotation  
C. Speaker volume  
D. System date and time  

5. What should be done if active malware compromise is suspected?

A. Share credentials by email  
B. Consider isolating the system from the network according to policy  
C. Disable documentation  
D. Ignore the alerts  

6. Which symptom can point to adware?

A. Correct file names  
B. Normal login time  
C. Frequent unwanted pop-ups  
D. Successful backup test  

7. OS updates fail after an infection. What could be a cause?

A. A clean keyboard  
B. High screen resolution  
C. Too many folders on the desktop only  
D. Malware damage, system corruption, or network blocking  

8. A computer is running slowly and internet bandwidth is lower than normal. What security issue should be suspected?

A. The keyboard is sticky  
B. Screen saver is running  
C. A monitor driver needs updating  
D. Malware consuming resources or a botnet using the bandwidth  

9. A new administrator account appeared that no one created. What should be suspected?

A. Windows Update created it automatically  
B. Malware or unauthorized access created a backdoor account  
C. Group Policy created a guest account  
D. A printer driver added the account  

10. A user's email contacts report receiving spam from the user's address. Which compromise is most likely?

A. The user's email account credentials were stolen or their account was compromised  
B. The printer driver failed  
C. The screen saver caused the issue  
D. BitLocker locked the drive  

11. Which symptom suggests a rootkit may be present?

A. Normal Task Manager showing low CPU usage  
B. Files hidden from normal OS tools that are visible with bootable forensic tools  
C. Printer not responding  
D. Screensaver changing on its own  

12. A computer keeps connecting to unknown IP addresses in the background. What security issue does this suggest?

A. DHCP is working correctly  
B. A botnet or command-and-control malware infection  
C. Normal Windows Update behavior  
D. Disk defragmentation in progress  

13. Unwanted software reinstalls itself after removal. What does this suggest?

A. The user keeps reinstalling it  
B. A persistence mechanism such as a scheduled task, registry entry, or rootkit  
C. The screensaver triggered it  
D. The drive is NTFS  

14. A user's desktop icons were replaced with unknown shortcuts. What should be suspected?

A. Windows theme changed automatically  
B. Malware or unwanted software modified desktop files  
C. A printer driver updated  
D. The screensaver changed the layout  

15. After confirming a malware infection, what is the correct next step before removing anything?

A. Run Disk Cleanup  
B. Quarantine the system and document findings per the malware removal process  
C. Change the desktop background  
D. Update the graphics driver  

## Answer Key For Instructor

1. B
2. C
3. A
4. D
5. B
6. C
7. D
8. D
9. B
10. A
11. B
12. B
13. B
14. B
15. B