This sequence represents a logical and secure methodology for SOHO router configuration. The process begins with establishing a connection to the router's management interface via its default IP address. Best practice dictates using the unique credentials printed on the device rather than common, insecure defaults.

The security hardening process prioritizes changing the administrator password to protect the device's configuration settings. This is followed by securing the wireless network itself by changing the default SSID and implementing strong WPA2 or WPA3 encryption. Finally, updating the firmware is a critical step to patch known vulnerabilities. The final instruction to reboot is necessary to apply the firmware update correctly, ensuring the process is completed successfully.

1. CompTIA A+ Core 2 (220-1102) Exam Objectives. (2022). CompTIA.

Section 2.5

"Given a scenario

secure a SOHO multifunction device/router

" outlines the required security steps

including: "Change default username and password

" "Change SSID

" "Set encryption

" and "Update firmware." This directly supports steps 3

4

and 5 of the provided solution.

2. Kurose

J. F.

& Ross

K. W. (2021). Computer Networking: A Top-Down Approach (8th ed.). Pearson.

Chapter 7

Section 7.3.4

"Securing Wireless LANs

" discusses the importance of changing the default SSID and using robust encryption like WPA2 or WPA3 to prevent unauthorized access

supporting step 4. The chapter also implicitly covers accessing the router's configuration page via its IP address (step 1).

3. Cui

L.

& Stolfo

S. J. (2010). A quantitative analysis of the security of home computer users. In Proceedings of the 3rd USENIX conference on Large-scale exploits and emergent threats (LEET'10). USENIX Association.

The paper highlights that a significant percentage of home routers use default credentials

making them vulnerable. This underscores the critical importance of step 3

changing the default administrator password

as the first security action after gaining access.

4. Fouad

M.

Oest

A.

& Parian

A. (2020). Home-Router Security: A Survey of Risks and a Minimalist Solution. IEEE Access

8

215013-215031. https://doi.org/10.1109/ACCESS.2020.3040318

Section III-A

"Outdated Firmware

" states

"Firmware updates are one of the most effective ways to protect routers from known vulnerabilities." This provides strong academic backing for the inclusion of step 5 as a critical security measure. The paper also discusses the risks of default passwords

supporting step 3.

To fulfill the requirements, the Windows PC is placed on the secure internal LAN. A specific port forwarding rule is configured on the firewall to allow remote access via Remote Desktop Protocol (RDP), which uses TCP port 3389, directed to the PC's internal IP address (192.168.1.100).

The game console is placed in the Screened Subnet (DMZ) to isolate it from the trusted internal network. To ensure all gaming and chat functions operate correctly, which often require a variety of ports, Universal Plug and Play (UPnP) is enabled for the console's IP (10.10.10.100). UPnP allows the console to dynamically and automatically request the firewall to open and close the specific ports it needs for its operations, providing functionality without manual configuration.

1. Microsoft Corporation. (2021). Troubleshoot Remote Desktop. Microsoft Learn. Retrieved from official Microsoft documentation. This source confirms that Remote Desktop Protocol (RDP) for Windows PCs uses TCP port 3389 by default

justifying the port forwarding rule for remote access.

2. National Institute of Standards and Technology (NIST). (2009). SP 800-41 Rev. 1

Guidelines on Firewalls and Firewall Policy. Section 3.3

"DMZ Network Architectures." This publication defines a DMZ (or screened subnet) as a network for hosting public-facing services

isolating them from the internal

trusted network. This supports the placement of the game console

which requires broad external access

into the DMZ.

3. Open Connectivity Foundation. (2020). UPnP Device Architecture 2.0. OCF-20-0004-UPnP-Device-Architecture-V2.0. Section 1.3

"Networking

" and Section 2

"Discovery." The official standard describes how UPnP enables devices to automatically configure network settings

including port mappings on an Internet Gateway Device (IGD)

which is the standard mechanism used by game consoles to ensure connectivity for online features.

4. Kurose

J. F.

& Ross

K. W. (2017). Computer Networking: A Top-Down Approach (7th ed.). Pearson. In Section 4.4.2

"NAT Traversal and Relaying

" the text explains that UPnP is a protocol that allows a host on a LAN to discover and configure its NAT device

including adding and removing port mappings. This is cited as a common solution for P2P applications like online gaming.

Corporate policy requires two distinct actions: phishing must be escalated, while recurring spam should be filtered. Phishing is identified by social-engineering indicators: forged sender domain, mismatched URLs, and a time-critical demand for credentials. Spam carries marketing language, unknown origin and often attachments, but does not impersonate trusted services; the correct mitigation is to block or filter. A correctly addressed, context-appropriate message from an internal domain that contains no malicious indicators is considered legitimate and needs no intervention.

1. Jakobsson & Myers

“Phishing and Countermeasures

” IEEE Press/Wiley

2007

Ch. 2 (phishing indicators: forged domains

deceptive links).

2. Abu-Nimeh et al.

“A comparison of machine learning techniques for phishing detection

” ACM Trans. on Information & System Security

vol 13 no 2

2010

pp. 1-31 (urgency & credential harvesting as key features). https://doi.org/10.1145/1698752.1698757

3. Microsoft 365 Security Docs

“Report junk and phishing email

” §“Difference between junk and phishing & required user actions

” 2023 (report phishing; block spam).

4. MIT OpenCourseWare 6.858 “Computer Systems Security

” Lec. 4 notes

p. 3-4 (spam filtering vs. phishing escalation).

The scenario indicates multiple users are experiencing identical issues, which points to a problem with a centralized network resource rather than individual workstations. The server, SRV1, is the only central device serving all users. The reported symptoms, stemming from unauthorized software, are characteristic of a malware infection.

According to incident response best practices, the first step is to contain the threat by quarantining the infected system (SRV1) to prevent the malware from spreading. The second step is remediation. Malware often disrupts normal operations by disabling essential system services. To resolve the specific "audio issues," the "Windows Audio" service, which the malware likely disabled, must be re-enabled and set to start automatically.

1. National Institute of Standards and Technology (NIST) Special Publication 800-83 Rev. 1

Guide to Malware Incident Prevention and Handling for Desktops and Laptops.

Section 3.4.2

Containment: This section outlines the importance of isolating the affected system to prevent further damage. It states

"An essential part of containment is disconnecting the affected host(s) from the network... This can be accomplished by disconnecting the network cable from the host or by disabling the host’s network adapter." This supports the action of quarantining SRV1.

Section 3.4.3

Eradication and Recovery: This section details the process of removing the malware and restoring the system to a normal

trusted state. This includes "reinstalling applications" and "restoring system settings from a clean backup

" which conceptually covers re-enabling a disabled

legitimate service.

2. Microsoft Corporation

Windows Audio Service.

Official Documentation: The Windows Audio service (Audiosrv) is officially described as managing all audio functions for Windows programs. The documentation states

"If this service is stopped

audio devices and effects will not function properly. If this service is disabled

any services that explicitly depend on it will fail to start." This directly links the functionality of the service to the reported audio problem.

3. Al-Bataineh

A.

& White

G. (2016). Disabling Windows Services as a Malware Persistence and Evasion Technique. In Proceedings of the 11th International Conference on Malicious and Unwanted Software (MALWARE). IEEE.

DOI: 10.1109/MALWARE.2016.7876931

Abstract & Section III.A: This peer-reviewed paper analyzes how malware manipulates Windows services to achieve its objectives. It explicitly discusses how malware disables legitimate services

such as security or system services

to cause disruption

evade detection

or ensure its own persistence. This academic source validates the premise that malware is a likely cause for the "Windows Audio" service being disabled.

A .bat (batch) file is a script containing a series of commands for the Windows command-line interpreter (cmd.exe). It is a native and long-standing method for automating tasks within the Windows operating system. Desktop support technicians frequently use batch files for log-in scripts to perform actions like mapping network drives, setting environment variables, or launching applications automatically when a user logs in. These scripts can be easily deployed through Group Policy or by placing them in the user's Startup folder.

B. .sh: This file extension is for shell scripts used in Linux and other Unix-like operating systems, not for native Windows automation.

C. .py: This is a Python script. While it can automate tasks on Windows, it requires the Python interpreter to be installed, making it less direct than a native batch file.

D. .js: This is a JavaScript file. While it can be used for scripting on Windows via Windows Script Host (WSH), it is not the most common or primary tool for log-in automation.

1. Microsoft Learn. (2023

October 23). Assign user logon scripts. "You can use Group Policy to assign a user logon script... Scripts are useful for configuring user working environments." This documentation confirms the use of scripts for user log-on

a primary application for .bat files.

2. Microsoft Learn. (2023

April 12). Working with batch files. "A batch file is a script file that stores a list of commands to be executed in sequential order... to automate repetitive tasks." This defines the purpose of batch files in Windows.

3. University of Washington - UW-IT Connect. (n.d.). Logon Scripts. "Logon scripts are batch files or executables that run when you log on to a Windows session." This university documentation provides a practical example of .bat files being the standard for log-on scripts in a managed Windows environment.

Smishing is a form of phishing that uses mobile text messages (SMS) to deceive victims into providing sensitive information, clicking malicious links, or downloading malware. The term is a portmanteau of "SMS" and "phishing." This attack vector directly corresponds to the scenario of receiving an unsolicited text message on a mobile device as described in the question. The goal is to exploit the user's trust in text messaging to execute the attack.

A. Impersonation: This is a general technique where an attacker pretends to be a trusted entity. While used in smishing, it is not the specific term for an attack via text message.

B. Vishing: This attack uses voice communication (voice phishing), such as phone calls or voicemails, to trick users, not text messages.

C. Spear phishing: This refers to a highly targeted phishing attack aimed at a specific individual or organization, regardless of the medium (though typically email). The defining characteristic is targeting, not the use of text messages.

1. National Institute of Standards and Technology (NIST). (n.d.). Smishing. In Computer Security Resource Center Glossary. Retrieved from https://csrc.nist.gov/glossary/term/smishing

Definition: "A technique that uses text messages (SMS) to trick users into taking an immediate action

such as clicking a link to a fraudulent website

calling a fraudulent number

or downloading a malicious application."

2. National Institute of Standards and Technology (NIST). (n.d.). Vishing. In Computer Security Resource Center Glossary. Retrieved from https://csrc.nist.gov/glossary/term/vishing

Definition: "A type of phishing attack that is conducted by phone."

3. National Institute of Standards and Technology (NIST). (n.d.). Spear Phishing. In Computer Security Resource Center Glossary. Retrieved from https://csrc.nist.gov/glossary/term/spearphishing

Definition: "A targeted phishing attack that is customized for a specific organization or individual."

4. Cybersecurity and Infrastructure Security Agency (CISA). (2022

October 19). Avoiding Social Engineering and Phishing Attacks. CISA.gov.

Section: Phishing: "Smishing is phishing that uses text messages to trick a user... Vishing is phishing that uses a phone call to trick a user." This document clearly differentiates the terms based on the communication medium.

The core issue is controlling software installations on a company-owned mobile device. Mobile Device Management (MDM) is the specific technology designed to enforce corporate policies on mobile endpoints. MDM solutions provide centralized control over devices, including the ability to create application whitelists (approved apps) and blacklists (prohibited apps). By deploying an MDM, the IT department can prevent users from installing unauthorized applications, such as the password-cracking tool mentioned, directly addressing the requirement to prevent future occurrences.

A. Configure Group Policy: Group Policy is a feature of Microsoft Windows Active Directory used to manage user and computer settings on Windows-based systems, not natively on cell phone operating systems.

B. Implement PAM: Privileged Access Management (PAM) is a security strategy focused on controlling, monitoring, and securing access for privileged (administrative) accounts, not managing applications on end-user devices.

C. Install anti-malware software: While anti-malware is crucial for detecting and removing malicious software, its primary function is not to enforce policies that prevent the installation of all unauthorized applications.

1. National Institute of Standards and Technology (NIST) Special Publication 800-124 Revision 2

Guidelines for Managing the Security of Mobile Devices in the Enterprise. Section 4.4

"Application Security

" states

"Organizations should use mobile application whitelisting or blacklisting to control which applications can be installed on enterprise-managed mobile devices... These controls are typically implemented through a mobile device management (MDM) system."

2. Microsoft Corporation

What is Microsoft Intune?. Official documentation describes Intune as a cloud-based service focusing on mobile device management (MDM) and mobile application management (MAM). It explicitly states that organizations can "Control the way users access and share information to protect company information" and "Manage the apps your workforce uses." This demonstrates MDM's role in controlling applications.

3. Carnegie Mellon University

Software Engineering Institute

Mobile Device Security. Course materials and technical reports often highlight that a key function of MDM is to enforce enterprise security policies

including restrictions on application installation

to mitigate risks from unauthorized or malicious apps. For example

the document "SEI-2013-TN-003" discusses securing mobile devices and the central role of MDM in policy enforcement.

An authenticator application is a software-based security token that provides a second factor of authentication. A primary feature of modern authenticator apps is the ability to send a push notification directly to a user's registered smartphone or device. When a login attempt is made, the user receives this notification and can simply tap "Approve" or "Deny" to verify their identity, completing the authentication process without needing to manually enter a code. This method is specifically designed for user convenience while maintaining security.

A. Call: This method involves receiving an automated phone call to authorize a login, typically by pressing a key. It is not a push notification.

C. Hardware token: This is a physical device that generates a one-time password or requires a physical action (e.g., plugging into a USB port). It does not send push notifications.

D. SMS: This method sends a one-time code via a text message, which the user must then manually enter. It does not use a push notification for direct approval.

1. Microsoft Documentation. "How to use the Microsoft Authenticator app". Microsoft Entra Documentation. This document describes the functionality: "To respond to a push notification

open the Microsoft Authenticator app... and tap Approve." This directly aligns with the question's scenario.

2. Carnegie Mellon University. "Two-Factor Authentication (2fa) with DUO". Computing Services Documentation. The documentation states

"Push Notification (Recommended): Tap Approve to log in. You don't have to type anything." This university resource confirms push notifications as a primary method for authenticator apps.

3. NIST Special Publication 800-63B. "Digital Identity Guidelines: Authentication and Lifecycle Management". Section 5.1.3.2

"Out-of-Band Authenticators

" describes the mechanism where a primary channel initiates a transaction and a secondary channel (the "out-of-band" device) is used for authentication. Push notifications from an authenticator app are a direct implementation of this concept.

BitLocker To Go is a specific Microsoft Windows feature designed for full-volume encryption of removable storage devices, such as USB flash drives and external hard drives. The primary purpose of this technology is to protect data at rest on these portable devices. By training staff to use BitLocker To Go, an organization ensures that if a removable drive is lost or stolen, the sensitive data it contains remains confidential and inaccessible without the correct password or recovery key. This directly mitigates the risk associated with the loss or theft of portable media.

B: Secure Boot and BIOS passwords are firmware-level security measures to protect the boot process and system settings, not for encrypting data on removable media.

C: VPNs (Virtual Private Networks) are used to encrypt data in transit across a network, which is unrelated to encrypting data at rest on a physical drive.

D: This describes standard BitLocker Drive Encryption for internal, fixed hard drives, which often integrates with a Trusted Platform Module (TPM), not the "To Go" version for removable drives.

1. Microsoft Corporation. (2023

October 12). BitLocker To Go FAQ. Microsoft Learn. Retrieved from https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-to-go-faq.

Reference Detail: The document explicitly states

"BitLocker To Go is BitLocker Drive Encryption on removable data drives... BitLocker To Go allows users to encrypt the contents of a removable data drive and use a password to unlock the contents of the drive..." This directly supports the purpose described in option A.

2. Microsoft Corporation. (2023

October 12). BitLocker overview. Microsoft Learn. Retrieved from https://learn.microsoft.com/en-us/windows/security/operating-system-security/data-protection/bitlocker/bitlocker-overview.

Reference Detail: This overview distinguishes between BitLocker for operating system drives (which can use a TPM) and BitLocker for removable data drives (BitLocker To Go)

clarifying why option D is incorrect as it describes the former.

3. University of Washington. (n.d.). Encrypt removable drives with BitLocker To Go. UW-IT Connect. Retrieved from https://itconnect.uw.edu/tools-services-support/storage/encryption/bitlocker-to-go/.

Reference Detail: The page states

"BitLocker To Go is a full disk encryption feature... that allows you to encrypt removable storage devices such as USB flash drives and external hard drives." This reinforces that the technology's specific purpose is to protect removable media.

A cryptographic hash value is a unique digital fingerprint generated from a file. Software vendors often publish the hash values (e.g., MD5, SHA-256) for their legitimate software downloads. By calculating the hash of the downloaded file and comparing it to the official hash provided by the vendor, the technician can definitively verify the file's integrity and authenticity. A matching hash proves the file is the original and has not been tampered with.

B. Run Task Manager and compare the process ID: A Process ID (PID) is a temporary identifier assigned by the operating system each time a program runs; it does not verify the authenticity of the underlying file.

C. Run the application in safe mode: Safe mode is an operating system diagnostic state. It does not provide a mechanism to verify the integrity or legitimacy of an individual application file.

D. Verify the file name is correct: The question states the name is already correct. File names are easily spoofed and are not a reliable indicator of a file's authenticity or safety.

1. National Institute of Standards and Technology (NIST) Special Publication 800-101 Rev. 1

Guidelines on Mobile Device Forensics. Section 3.3

"Hashing

" describes the use of cryptographic hash functions like SHA-1 and MD5 to generate a unique value for a file

which is used to "ensure the integrity of the data." This principle of integrity verification is directly applicable to verifying a legitimate software download.

2. National Institute of Standards and Technology (NIST) Computer Security Resource Center

Cryptographic Hash Function. The glossary defines a hash function as an algorithm that "can be used to verify the integrity of data." This supports the use of hashing as the correct method for the scenario.

3. MIT OpenCourseWare

6.858 Computer Systems Security

Fall 2014. Lecture 2

"OS Security

" discusses system integrity. The principles covered explain that cryptographic checksums (hashes) are a fundamental mechanism for verifying that software or system files have not been modified by an attacker.