A security incident has occurred: a user's Mac running macOS Ventura was infected with malware that modified system files. The technician needs to boot the Mac into a mode that loads only essential Apple-signed kernel extensions and prevents third-party software from loading, in order to safely remove the malware. Which startup mode should they use?
Trap 1: Single-user mode (Command + S).
Single-user mode boots to a root shell without the GUI, but it does not necessarily prevent third-party kernel extensions from loading. It is also not available on Apple Silicon Macs.
Trap 2: Verbose mode (Command + V).
Verbose mode displays boot-time log messages but does not restrict what loads. It is used for troubleshooting boot failures, not for security isolation.
Trap 3: Target Disk Mode (T key).
Target Disk Mode turns the Mac into an external disk for another computer. It does not restrict what loads on the Mac itself; the malware would still be present on the disk.
- A
Single-user mode (Command + S).
Why wrong: Single-user mode boots to a root shell without the GUI, but it does not necessarily prevent third-party kernel extensions from loading. It is also not available on Apple Silicon Macs.
- B
Verbose mode (Command + V).
Why wrong: Verbose mode displays boot-time log messages but does not restrict what loads. It is used for troubleshooting boot failures, not for security isolation.
- C
Safe Mode (Shift key during startup).
Safe Mode disables all non-Apple kernel extensions, startup items, and login items, providing a clean environment to remove malware. It also checks the startup disk for errors.
- D
Target Disk Mode (T key).
Why wrong: Target Disk Mode turns the Mac into an external disk for another computer. It does not restrict what loads on the Mac itself; the malware would still be present on the disk.