1102 3.0: Software Troubleshooting

Pocket Prep

To start Windows normally but with basic video only, what function should be used?

Enable low-resolution mode

• If you want to run Windows but want to limit it to the old VGA display, then use the Enable Low-resolution Mode function after hitting F8. Windows also uses basic VGA drivers in Safe Mode.

An administrator needs to restart a service that has crashed. Where can they go to restart it?

Computer Management MMC

• The Computer Management MMC lets an administrator manually stop, pause, resume, and restart services. It also has tools for scheduling, viewing logs, and managing devices.

What is the FIRST rule when troubleshooting computers?

Back up data

• You should always create backups when troubleshooting, since you can accidentally delete data or cause the computer to be unresponsive. With data backed up, you can repair any issue without worrying about data loss.

You are working with a customer who is having performance issues with their Windows 10 PC. Where can you go to see which processes on the PC are using the most CPU?

Task Manager

• In the Processes tab of the Task Manager, a user can see which processes are using the most CPU. The process can be ended directly from the Task Manager to see if performance improves.

In Windows 10/11, what file houses ALL the information about the operating systems installed on the computer?

BCD

• The BCD store houses all the information about the operating systems installed on the bootable hard disk. This is important because it directs the loading system to all the proper locations of the files to boot. 

What is the NEXT step after the computer performs a POST test?

The MBR is loaded.

• After the system performs its power-on self-test (POST) and all checks come back good, the system then begins to load the Master Boot Record (MBR). The MBR provides the physical location of the operating system files and locations on the hard drive so the computer can begin to load the OS.

Which command, when entered into the command prompt, removes a folder?

rd

• The "rd" command stands for "remove directory," and it deletes a directory. If you use "rd /s", you can remove all of the subdirectories and files along with the directory you specified.

Which of the following switches, when applied to the "DIR" command, shows who owns a file on a computer or remote destination?

/q

• The "/q" switch can be applied to the "DIR" command so that it will display who owns a file or directory. This is important when you want to create permissions and security groups to ensure that files are kept locked down. If the file is owned by a user or group, that user or group can make whatever changes they want to the file. In some cases, the user or group owner can be deleted from the system, and thus, a new owner needs to be assigned before permissions can be configured.

• The "/o" switch lets a user change the display order. The "/p" switch shows results one page at a time. The "/l" switch shows the results unsorted and in lowercase.

An administrator is having trouble getting a Windows 10 system to boot correctly. The problem happens after the firmware portion of the boot process. Which file can they look at to see a log of the software portion of the boot process?

Ntbtlog.txt

• The ntbtlog.txt file contains information about the software portion of booting. Boot logging must be enabled first, which can by done in the System Configuration utility.

In Windows, after the MBR has performed its task and the system loads WINLOAD, what happens next?

WINLOAD switches the system from real mode into protected mode

• After the MBR has worked out what file system it's working on, it locates and loads WINLOAD. At this point, WINLOAD takes the system from real mode, which lacks features, and switches it into protected mode, which provides advanced memory protection and multitasking. After this, WINLOAD locates the installed operating system and loads the appropriate files.

Which command terminates any running batch files or commands in a current command prompt window?

EXIT

• The "EXIT" command is used when you choose to forcefully quit a currently running operation. For example, if you run a batch file and it stalls or runs for too long, you would type "EXIT" and press Enter. This will quit the script and return you to a prompt waiting for the next command.

When you're unable to view system files, what setting do you need to change in the File Explorer Options applet in Windows?

Uncheck "Hide protected operating system files"

• By default, Windows hides important system files. When you need to work with these files, remove the checkmark under Folder Options, which can be found in the Control Panel or from within the menu in Windows Explorer.

Which SFC parameter allows the user to check and fix a specific file instead of all the system files?

/scanfile

• System File Checker (SFC) is a command-line based utility that scans protected system files to check for and repair corruption. If you want SFC to scan one system file in particular, you would use the switch "/scanfile [FILENAME]".

If incorrect colors are displayed on the monitor, what is the part MOST likely to need replacing?

Monitor

• When a monitor starts to malfunction, colors don't display normally. This could be a sign of the internal controller boards beginning to fail. To rule out the computer, you can try to reboot the machine and try to test another monitor if you have one available. If a second monitor still shows incorrect colors, the video card or the video cord may be the culprit.

Which Windows Recovery Environment option will rebuild the BCD? 

Startup Repair

• The Startup Repair option will attempt to fix many common problems. One way you can get into the Windows Recovery Environment is by holding F11 as the system starts up.

Which tab in the Task Manager shows the power usage of running processes?

Processes

• The Processes tab shows the name of processes along with the amount of CPU, memory, disk, network, and power used. Clicking on the column header will sort the processes by how much of that type of resource is being used.

Which SFC parameter allows the user to check the system files but does NOT make any repairs?

/verifyonly

• The Windows System File Checker (SFC) scans and fixes corrupt files. If you would like SFC to scan and report the corruptions it finds, you should use the "/verifyonly" switch. This ensures that SFC scans the protected files in the system but it will not make any changes or repairs to those it finds to be corrupted.

Which of the following would you use to repair a BCD error AFTER loading up the Windows Recovery Console?

BOOTREC /REBUILDBCD

• Windows versions of Vista and above, such as 7 and 8/8.1, utilize the Windows Boot Configuration Data (BCD) file to indicate where all the necessary files to boot are. If there is corruption in this file, the PC will be unable to boot. To repair the file, boot into Windows Recovery mode and open up the command prompt. From there, run the BOOTREC /REBUILDBCD command.

You want to turn on boot logging on a workstation before you make some changes to it. Which command should you use to enable boot logging?

BCDEDIT

• Issuing the command "BCDEDIT" with the appropriate arguments will enable boot logging. You will need to do this while the system is already booted, as you won't be able to issue this command if you cannot get into the system in the first place.

Which part of the boot process checks hardware?

POST

• The power-on self-test (POST) is the first step of the boot process and it checks the hardware. If there is an issue, it will alert the user via beep codes.

A user reports that they cannot connect to any webpages. From their computer, you use the ping command to see that you can successfully ping the default gateway. What would be the logical next step after this?

Ping the IP address of a public server

• After pinging the default gateway, an external address should be pinged. By pinging by IP address rather than domain name, you can test the connection first before testing DNS. 

A user reports that one of their applications is crashing frequently. What tool can an administrator use to see when the crashes occur and what applications are involved?

Reliability Monitor

• The Reliability Monitor can be used to identify the conditions surrounding a crash. The application version as well as other applications running at the time can be seen.

You are encountering a few issues in the development environment for an upcoming rollout. You are interested in registering and unregistering certain modules and a few controls for troubleshooting. Which of the following would enable you to perform those changes?

REGSVR32

• In computing, "REGSVR32" (Microsoft Register Server) is a command-line utility in Microsoft Windows operating systems for registering and unregistering DLLs and ActiveX controls in the Windows Registry. It can be implemented with the command line in real time to provide the ability to troubleshoot various settings and changes.

What is the MOST common type of malware affecting the Windows OS?

Virus

• The most common OS-affecting malware is the virus, which falls under the umbrella of malware (short for malicious software). There are virtually millions of viruses and even more variants of each virus, so there is a massive list of virus signatures that must be used by an antivirus program to protect a system.

A user reports that when they try to visit a familiar website, they are instead taken to a different one even though the URL in the browser is correct. Upon inspection, an administrator notices that the user's HOSTS file has been altered. What type of attack is the user experiencing? 

Pharming

• In a pharming attack, traffic is redirected to another site. This can happen through DNS poisoning or through altering a user's HOSTS file.

On Windows 10, in the Virus & Threat Protection screen, which type of scan will reboot into the Windows Recovery Environment to perform a scan?

Microsoft Defender Offline Scan

• A Microsoft Defender Offline Scan will reboot into WinRE to do a full Microsoft Defender Scan. This is useful for getting rid of hard-to-remove malware.

Motherboard manufacturers develop specific beep codes to identify problems for users. What is this called?

POST routine

• The power-on self-test (POST) checks hardware before booting the operating system. If any issues are found, a set of beeps alarms the user to a problem. Each manufacturer configures the POST routine to ensure that all of their specific hardware is functioning correctly.

What is the MOST common laptop networking problem?

Weak signal

• Because users move around with laptops, a poor signal can lead to packet loss. The result is slow network access and even no internet access.

You get called to a job site where the user is reporting that they are getting an error. You arrive and discover that the error reads, "An error occurred while attempting to read the boot configuration data."

What command should you run from the recovery console?

bootrec /fixboot

• The BOOTREC.EXE utility can be run to interact with the Master Boot Record (MBR), boot sector, or Boot Configuration Data (BCD). The options that can be used with this utility are /fixmbr, /fixboot, /scanos, and /rebuildbcd.

Which command can be used to check listening and established network connections?

netstat

• The "netstat" command can be used to check a variety of statistics about TCP/IP connections, such as packet statistics and inbound/outbound connections.

What switch displays a list of commands for a specific command line utility?

/?

• For any command line, use the "/?" switch to view a list of options for the command that precedes it. The "/?" switch also gives you the syntax for the command.

Which of the following is a potential cause of a hardware port malfunction?

Port disabled in BIOS

• The BIOS controls many hardware aspects of a computer. The first place to check for a malfunctioning port is in the BIOS to ensure that it is enabled and usable or whether the BIOS has it disabled or error-stricken.

You encounter a workstation that boots fine but cannot locate the operating system. You suspect that it is a problem with the master boot record, so you boot to a USB and enter the Windows Recovery Environment.

From there, what command would you enter to repair the master boot record?

BOOTREC /FIXMBR

• You can use the BOOTREC command with the FIXMBR flag to try to fix the master boot record (MBR).

If a computer is having frequent shutdowns, where should an administrator look to find Kernel-Boot entries?

Event Viewer

• The Event Viewer shows a log of application and system messages. Kernel-Boot and Kernel-General messages will show if the system was shut down on purpose or suddenly, without warning.

A user calls the IT service desk where you work and reports a general slowness to their computer. The folders open slowly and the applications randomly close. Which of the following should you have the user perform FIRST?

Restart the computer

• It's never a bad first step to have the user reboot their computer, especially when dealing with odd software issues. When a computer restarts, it reboots with a blank slate, which may not have resources that are bogged down by so many open applications or running services.

Which program will check for a full gambit of malicious software, including viruses and other infections such as rootkits and potentially unwanted software?

Antimalware

• Antimalware programs protect against more than just viruses. They protect from spyware, browser hijackers, worms, trojans, and ransomware. Some examples of antimalware software are Malwarebytes and Combofix.

A user is in the Task Manager and sees an application running that they do not recognize. They want to see which user on the system started the application. Which tab in the Task Manager will show them this information?

Details

• In the Details tab, you can see details about each process such as the name, process id, memory allocation, and user who started it. You can also end the task by clicking the End Task button.

• The Services tab lists services and their status. The Processes tab shows the processes and their resource usage. The Performance tab shows the system's resource usage.

A user reports that they think there is malware on their system. What is the FIRST step an administrator should do when following best practices for malware removal?

Identify Malware Symptoms

• The first step when following best practices for malware removal is to identify and verify malware symptoms. This can be done with antivirus and anti-malware tools. 

• Quarantining infected systems should be done after the malware has been identified. Disabling System Restore should be done after quarantining to ensure that the virus does not make its own restore point to return to. Running updates should be scheduled after the system has returned to normal.

What activity ensures that you clear computer memory?

Restart the computer

• The only way to completely clear memory is to reboot the computer. If you have issues with the computer, sometimes, the best way to fix it is to perform a reboot and clear the memory. With the memory clean, the computer starts like a blank slate, which often resolves many issues.

A Windows machine is getting a BSOD at the same point each time it tries to boot up. What is MOST LIKELY causing the issue?

Misconfigured driver

• During boot time is when drivers are being loaded. If a BSOD occurs here, it is likely due to a driver issue. Try loading only basic drivers to overcome this issue.

What does the command "GPRESULT /r" do?

Displays the Group Policy for the local user

• "GPRESULT" can display the Group Policies currently applied to the local computer or user as well as remote users and computers. It will also display which policies take precedence and which were actually overridden. "GPRESULT /r" specifically provides the policies applied to the current user.

• The "/z" switch specifies that the result should be super-verbose. The "/s" switch specifies the remote system to connect to. The "/p" switch specifies the password.

The computer displays an error stating that the MBR is corrupt. To fix it, you inserted the Windows 7 installation DVD to get to the Recovery Console. From within the command prompt, what command do you run to fix the problem?

Bootrec /fixmbr

• Beginning with Windows Vista, Microsoft restructured Windows boot configurations. Now, the command "Bootrec" is used to repair boot and MBR configurations. "Bootrec /fixmbr," when typed into the Windows Recovery Environment, will scan and repair the MBR.

Which command can be used to mirror a complete directory tree?

ROBOCOPY

• The ROBOCOPY command can be used with the /MIR switch to mirror a complete directory tree. It can also be used to copy files while keeping NTFS file permissions.

Which command changes the command line to a specified directory?

cd

• The "cd" command stands for "change directory." As you navigate through system files in the command line utility, you'll need the "cd" command to open different directories. It changes the command line to the directory that is up one level. "CD \" moves the command line to the root directory.

What is one reason why a computer would consistently show the Windows Blue Screen of Death (BSOD)?

Memory problem

• The BSOD is often related to memory issues, such as programs leaking memory or two programs trying to access the same area in RAM (which is an immediate fault). After you check the computer's memory, check the drive and CPU heat, which can also cause a BSOD.

A user reports that they are suddenly seeing multiple pop-ups on their computer. The pop-ups are overlayed on top of websites that they visit, and they cannot be closed. What should be disabled to block these types of pop-ups?

JavaScript

• Pop-ups that are overlayed on top of the browser's content use JavaScript to do this. To stop this, you need to disable JavaScript. However, disabling JavaScript will also disrupt the normal functionality of the page.

When running multiple applications, a user notices that their system slows down a lot and that the hard disk drive is spinning excessively. Which component should be upgraded in this situation?

RAM

• When more applications are running, more RAM is used. As RAM runs out, the system uses the hard drive as virtual RAM, which is much slower. The best solution is to add more RAM.

A user reports that they've received a security threat in their email. You want to verify that the threat is real. Where can you go to verify the authenticity of the threat?

CERT

• The CERT website monitors new viruses. You should check www.cert.org before forwarding any information about potential viruses to make sure that they are not a hoax. 

A user reports that they cannot access the company's website. You use the ping tool and see that you can successfully ping the web server's IP address. What tool can you subsequently use to test that the server's name resolution is correct?

Nslookup

• The nslookup tool can be used to test for DNS resolution problems. If a server can be reached by its IP address but not domain name, then its DNS may be misconfigured.

Which of the following is a virus that pretends to be an antivirus program?

Rogue anti-virus

• Rogue anti-viruses are programs that advertise themselves as an antivirus, but instead, they actually install malware on a computer. These programs usually install rootkits or trojans while pretending to clean a PC from viruses, which enables backdoor accessibility.

Which LESS COMMON command changes the command prompt directory to a specified folder?

chdir

• The "chdir" command is used in the Windows command line to change the directory focus. It is more likely that you have encountered the shorthand version, "cd," which performs the same function.

An internet connection that sometimes runs fine and sometimes is nonexistent could be the result of what?

IP address conflict

• An IP address can only be used once on a subnet at a time. If an IP conflict is detected, one network card is kicked off the network. This can be the reason why intermittent connectivity occurs.

Where is thermal transfer compound applied?

Between the heat sink and CPU

• The compound goes between the heat sink and the CPU. When attaching the heat sink with the paste, it will spread out. The paste does not need to subsequently spread out over the whole CPU because the outer edges of the CPU might not be as heat-producing as the center.

DLL stands for what?

Dynamic Link Library

• DLL stands for Dynamic Link Library. DLLs are the core of Windows API. They allow developers to link libraries for specific Windows functionality into their programs.

To resolve connectivity issues, what is the FIRST thing that should be checked on a powered NIC?

Link light

• A network interface card's (NIC) link light indicates that a connection has been made between the NIC and the router. It's the first item to check when troubleshooting network connectivity on a desktop.

Which command shows everything inside a folder?

dir

• The "dir" command shows all files in a directory. The one exception is if the files have a hidden attribute assigned. If a file is set as hidden, you won't see the file unless you remove the hidden attribute.

What happens when a laser printer's drum isn't discharged properly before the next print job?

Ghost images appear

• The problem of "ghosting" occurs when the drum doesn't discharge and images from previous print jobs appear on your printouts. The problem is usually fixed by replacing the toner cartridge.

A user's computer is running slowly and the Task Manager shows that the CPU is 90% active. Which tab in Task Manager will show what is taking up the most CPU time?

Processes

• In the Processes tab, you can see which applications are using the most CPU. You can sort each application by CPU, memory, disk, or network usage. You can also end each task from there.

What is the probable fix for the error message "no OS is found"?

Remove the non-boot disk

• The most frequent cause of the "no OS is found" message is that the computer is set to look for a boot disk on a drive other than the hard disk. If it finds a disk in that drive, it will attempt to find the system files on that disk and load them from there. If that disk is not a boot disk, this error will occur. The easiest solution is to remove the disk and let Windows automatically choose the other boot source (the hard drive usually).

A user reports to you that they have an older laptop that is running slower than normal. Applications and files seemingly drag on and don't open very quickly. After some investigation, you discover that the computer uses a hard disk drive. Which of the following tools might be able to assist in this situation?

Disk defragmenter

• With hard disk drives, operating systems attempt to store data in contiguous blocks (blocks that are next to one another). Due to normal disk usage and time, a hard disk drive can grow to have fragmented data sections that require the hard drive reading head to move to each space to read each part of data. If the data is spread around a lot, it can take time to read. Disk defragmenter lines up the data to improve read speeds. As opposed to hard disk drives (HDD), solid-state disks (SSD) do not use the disk defragmenter.

Which command restarts the computer?

shutdown /r

• If you want to restart the computer from the command prompt, use "shutdown /r." If the computer refuses to reboot, you can use the switch "/f" to force the PC to reboot and close any applications that keep it from restarting.

Which command allows for the duplication of files?

copy

• The "copy" command copies a file from one folder to another. The original file is left in the current folder, so you make an exact duplicate in the new folder without deleting the original. The command syntax is "COPY [FILENAME&PATH] [DESTINATION]".

What command shows all open ports and connected clients?

netstat

• The "netstat" command gives you a list of open inbound and outbound TCP and IP communications. It will provide you with the local address and the remote (foreign) address that it is connected with. It will also provide the protocol and port with additional switches. You can use this command to identify any rogue computers connected to malicious ports.

Which command, when typed into the command line, allows the user to see which partitions are on a hard drive?

diskpart

• The "diskpart" command is used when you need to verify and configure partitions on a hard drive from the command line. It requires administrator privileges because it can modify and delete system partitions.

You have a report from a user that his computer is unable to boot. They receive a "no OS is found" message each time they try to boot up. What is MOST LIKELY causing this problem? 

USB inserted

• The system may have the USB drive listed as a boot medium to try before the hard drive. To fix this, remove the USB or edit the BIOS settings to not check the USB for booting.

Which of the following tells the operating system how to use specific hardware?

Device driver

• Device drivers are made for specific pieces of hardware and contain instructions for the OS to operate the hardware. You can use generic Windows device drivers, but they often don't offer advanced features that you get from the manufacturer's print driver. Most motherboards come with the proper device drivers to get the components to be recognized and work with the hardware.

What type of repair tool was introduced with Windows 7 as a way to restore from a full hard-drive snapshot?

System Image Recovery

• The Windows 7 System Image Recovery option takes a snapshot of all your files and programs. You can re-image your drive if it crashes, to restore all programs and files. If you have Windows 8/8.1, you can attempt an operating system refresh/restore.

What does disk defragmenting actually do?

Consolidates files so that they occupy a contiguous space on the disk

• At times, an operating system can insert data somewhere randomly on a hard drive because the disk is constantly spinning and moving. When this happens, it can cause performance degradation because the hard drive has to look in multiple places for the data. Defragmenting lines all the data up, so it can be accessed faster and take up less space.

A user reports that their mobile device is running slow and that they receive messages about low RAM. What would be the BEST solution to this issue?

Close background applications

• On a mobile device, applications do not close by default but are put in the background. This takes up RAM as more applications are opened and then put in the background, so closing all background apps will release RAM and make the device respond faster again.

An administrator wants to check if a computer can connect to the default gateway. Which command would be BEST to use to test the connection?

Ping

• The ping command is a simple way to test a network connection. If you can send a ping and get a reply, then you know the network can be reached.

Which command is used to delete a folder?

RD

• The "RD" command is a shortcut for the RMDIR command, which is used to remove a directory. The "/S" switch can be used to delete the specified folder and subfolders, and the "/Q" switch can be used to perform the operation in quiet mode.

A user is doing video capture of their screen and notices that the performance is slow and that there is a thrashing sound from their computer. Which component is MOST LIKELY having performance issues?

Disk

• Video capture can use a disk drive excessively. If the drive is heavily fragmented, it can cause the drive arm to move around a lot, which makes a thrashing sound. To fix this, try using a solid state drive, which is much faster than a hard disk drive.

A Windows 10 user installs a new software development kit (SDK) on their workstation. Subsequently, another application that they use frequently for development has stopped working correctly. What option can the user choose from the application's listing in the Programs and Features applet to address the situation?

Repair

• Sometimes installing a new application will overwrite files that a previous application relied on. The Repair option will start the application's installer and attempt to repair the application.

Which of the following can cause a BSOD?

Misconfigured driver

• The Windows Blue Screen of Death (BSOD) is a catastrophic error that requires a reboot. BSODs can commonly occur due to a misconfigured driver. When drivers are not working properly, the system cannot successfully interact with system hardware, so the operating system can receive catastrophic errors. It's important to research the Stop Code for more information, as it will state what driver is causing the error, such as a graphics or networking driver.

Which of the following commands refreshes the Active Directory policy on the local workstation?

GPUPDATE

• "GPUPDATE" is the command used to tell the system to request the Active Directory Group Policies that apply to that machine. In cases where Group Policies have been configured but not received by workstations, this command can be used. To override local Group Policy settings, you can use the switch "/FORCE", so the command "GPUPDATE /FORCE" will copy and overwrite all local policies with those retrieved from the Domain Controller.

Which of the following can help resolve missing .DLL errors?

Running SFC

• Running Windows' System File Checker (SFC) will scan, detect, and repair missing system files. It compares the system file against a backup that Windows maintains and restores any files that are missing or corrupt. This can help tackle the missing .DLL errors, as SFC will replace any .DLLs found to be missing.

Which command forces a sync of the policies assigned to the computer by Active Directory?

gpupdate/force

• Group Policy is used in Active Directory environments to control computer settings. The "gpupdate" command tells the system to reach out to Active Directory and attempt to refresh/download the policy applied to the machine. When adding the "/force" switch, "gpupdate" will apply all new changes and policies, overwriting any locally configured settings. This is useful when a computer is not receiving/applying certain Group Policy changes.

What steps would you perform first in an attempt to correct an issue with a stalled print job?

Stop and restart the Print Spooler service

• At times, printer jobs can be "stuck" or stalled in the print spooler queue with no ability to delete the print job or get it to actually print. This will also inhibit any other jobs from printing to the printer, as the one stalled print job stops up the queue. To correct this, you would open Computer Management and go to Services (or go to Run, then type services.msc) and then locate the Print Spooler service. You would then right-click and stop the request, and then right-click once more and select Start.

When the computer initiates a print job, where does the print job get sent FIRST?

Print spooler

• As long as you don't have printer settings configured to print directly to a printer, Windows first sends a print job to the spooler. The spooler converts the files into the printer control language that the printer can understand. This is important because it is possible to print to devices other than printers, such as Adobe PDFs or images. You can access the spooler from your Windows system tray when jobs are printing, or from the Control Panel.

A user updated some drivers and is now having problems booting into the system. How can they boot back into the system to disable the newly installed drivers?

Boot into safe mode

• This mode provides basic drivers for input and output, so the user can go in and disable other drivers. After the drivers have been removed, the system can be rebooted normally.

A user reports that unusual files have appeared on their hard drive. They have also noticed that some files have disappeared. What could be the cause of this?

Virus

• One symptom of a virus is having unusual files show up or having others disappear. When a virus is suspected, that system should be quarantined.

A Windows 10 system fails to boot 2 times in a row, so the administrator enters the Windows Recovery Environment. The administrator thinks that the file that holds the information about the location of the operating system needs to be rebuilt. Which option in the Windows Recovery Environment will rebuild this file? 

Startup Repair

• The Startup Repair option in the Windows Recovery Environment will rebuild the Boot Configuration Data (BCD). The BCD contains information about the operating systems installed on the computer.

What command can you use to get information about the operating system?

WINVER

• The WINVER command is used to get information about your operating system. It opens up in a separate dialogue box.

A Windows 10 user's profile is causing issues that make it difficult to log in. The administrator would like to reset their profile. Where are the files located that the administrator should back up before resetting the account?

C:\Users

• Backup the user's data in the C:\Users folder while logged in as an administrator. Then, delete the user's profile in the User Profiles dialog box. You can subsequently have the user log in and then copy the files back over. 

You are working on a Windows workstation that will need a few changes. You are interested in creating a restore point in case anything goes wrong and the changes need to be reversed. Which of the following tools would provide you with that capability?

System Restore

• In System Restore, the user may create a new restore point manually (as opposed to the system creating one automatically), roll back to an existing restore point, or change the System Restore configuration. Moreover, System Restore can also be undone. Old restore points are discarded to keep the volume's usage within the specified amount. For many users, this can provide restore points covering the past several weeks.

There has been a recent change to the DHCP server on a network. A user reports that they cannot connect to any websites. The administrator goes to their system and types ipconfig /RELEASE at the command prompt. What command should they type next?

Ipconfig /RENEW

• If there was a change to DHCP settings, then you can use the ipconfig command to release the settings and then renew them. You can then use ipconfig /A

A user reports that it takes a really long time to log in to their Windows 10 system. Where can they go to selectively disable applications that start when they log in?

Task Manager

• In the Startup tab in the Task Manager, users can enable or disable applications for startup. They can see the application's name, publisher, status, and startup impact.

You receive the error, "Bootmgr is missing, Press Ctrl+Alt+Del to restart." What do you do?

Insert the operating system disc, then open the Recovery Console command prompt to repair the operating system.

• In versions of Windows Vista and newer, Microsoft has begun using the Boot Configuration Data store, which provides information to the BIOS and computer on how to load and boot the operating system. When the boot sector becomes corrupted, the operating system will display the error "Bootmgr is missing or corrupted," indicating that it is unable to even locate the files to begin booting. The "BOOTREC /REBUILDBCD" command, when entered into the Recovery Console's command prompt, will replace the boot sector and boot data to resolve this issue.

Which of the following commands verifies the integrity of operating system files?

SFC

• The System File Checker (SFC) program is an important tool for verifying and repairing any corrupt operating system files. It performs a scan of all the important files against their verified backups to ensure that they are not corrupt in any manner. Any detected anomalies are repaired by the SFC utility to the best of its ability.

A user reports to you that he is encountering an issue with a certain application. It routinely crashes, and the user loses all the data he was working on. As you investigate, you determine it's not the entire computer or operating system. Of the following, which utility would provide more information?

Event Viewer

• The Event Viewer provides information about what is occurring within the Windows system to assist with troubleshooting. The Event Viewer shows warnings, error messages, and records of items that have occurred successfully and even unsuccessfully, including errors and warnings.

What type of crash screen is shown on a macOS system when there is a fatal error, such as physical memory failing?

Rotating pinwheel

• On a macOS, a rotating pinwheel can appear if the system is having a memory issue. This could involve an application accessing memory it shouldn't be able to or if it is in an endless loop.

Which command can be used to show the "hops," or routes, that are being traversed between the local computer and the destination computer?

tracert

• The "tracert" command shows the path taken across networks from a given source to a given destination. The "tracert: command is useful to identify networking and connectivity issues. It will provide the time between the hops on the network and any relevant IP or hostnames if they are available.

Which of the following is a utility that can be used to create and display reports of the hard disk as well as correct file system problems?

CHKDSK

• Windows CHKDSK is a command-line utility that is capable of checking the hard drive status and configuration and then creating and displaying reports on the results. With additional switches added to the commands, CHKDSK can provide file system repairs along with scanning for and repairing disk errors.

Which one of the following features does the default Safe Mode NOT load when Windows boots?

Internet

• A lot of problems come from the internet, and stopping internet-connected malware can be exceptionally difficult. For this and other reasons, Safe Mode has no internet capacity. If you need networking capability in Safe Mode, there is "Safe Mode With Networking," but it presents some risk.

• The mouse, keyboard, and standard VGA driver will still load.

To run Microsoft Configuration, what should be typed in the Run field?

msconfig

• To launch the Microsoft Configuration utility, type "msconfig" in the Run command line. This configuration utility controls start-up programs, boot configurations, and services.

A Windows 10 user updates their graphics card driver and subsequently starts having performance issues. Which option should they choose from the Driver tab in the device's Properties window to go back to the previous graphics card driver?

Roll Back Driver

• The Roll Back Driver button will take you back to your previous version of the driver. You should then reboot the computer to make sure that the change takes effect.

Which of the following Windows programs scans for and repairs certain hard disk errors?

chkdsk

• The "chkdsk" utility (short for Check Disk) can scan and repair some of the common hard drive errors and anomalies that are found during its scan. This is helpful after high levels of corruption or damage from a virus.

To simplify the restoration of a computer, what is created from time to time to update the system's backup?

Restore point

• Restore points are created from time to time to provide the user with a chance to roll back any changes to the system registry. The option is given to restore the system to the last restore point to fix operating system issues or manually choose an older restore point if available.

How do you access the basic command prompt in Windows?

Type "cmd" in the Run window

• To get to the basic command prompt, type "cmd" in the Run window to launch a window for manual command input. The command line is used for various configurations and troubleshooting methods.

What program is available for fixing corrupted Windows installations?

Recovery Console

• The Recovery Console provides users with a way to repair boot files to restore the Windows operating system. Commands such as Bootrec/fixboot and Bootrec/fixmbr are critical components to resolving boot issues.