1. ListfivetypesofsysteminformationthatcanbeobtainedfromtheWindows Task Manager. How can you use this information to confirm the presence of malware on a system? (Hint: Look at the bandwidth and CPU utilization.)
2. WindowsTaskManagerandWindowsComputerManagerbothprovide information about system services. Compare and contrast the types of information (about system services) that can be obtained from these tools.
3. ExplainhowyoucoulduseoneormoreoftheWindowslog(Application, Security, Setup, System, and Forwarded Events logs) files to investigate a potential malware infection on a system. What types of information are available to you in your chosen log file?
4. Shouldyoufilterlogfilesduringaninvestigationintoasecurityincident?Why or why not?
5. Shouldremotedesktopservicesbeenabledonemployeeworkstationsforuse by IT Help Desk personnel? Why or why not?
6. HowdoesMicrosoftBaselineSecurityAnalyzer(MBSA)differfromWindows Update? Why are Shares a source of system vulnerabilities?
