220-1002 Question #148: Real Exam Question with Answer & Explanation

The correct answer is D: Move the infected system to a lab with no network connectivity. According to CompTIA A+ malware removal best practices, after identifying malware, the immediate next step is to quarantine (isolate) the infected system. Moving it to a lab with no network connectivity prevents the malware from spreading to other systems, phoning home to a comma

Question

A technician has identified malware on a user's system. Which of the following should the technician do NEXT according to malware removal best practices?

Options

AEnable System Restore and create a restore point so no data is lost
BEducate the user about how to avoid malware in the future
CUpdate the antivirus software and run a full system scan
DMove the infected system to a lab with no network connectivity

Explanation

According to CompTIA A+ malware removal best practices, after identifying malware, the immediate next step is to quarantine (isolate) the infected system. Moving it to a lab with no network connectivity prevents the malware from spreading to other systems, phoning home to a command-and-control server, or exfiltrating data. The full remediation sequence is: 1) Identify, 2) Quarantine/Isolate, 3) Disable System Restore, 4) Remediate (update AV and scan), 5) Schedule scans, 6) Enable System Restore, 7) Educate the user. Options A (enabling System Restore) and B (educating the user) come much later in the process. Option C (updating AV and scanning) happens after isolation.

Community Discussion

No community discussion yet for this question.

Full 220-1002 Practice