nerdexam
Exams220-1002Questions#174
CompTIA

220-1002 · Question #174

220-1002 Question #174: Real Exam Question with Answer & Explanation

The correct answer is D: Isolate Joe's computer from the network. Since spoofing has been ruled out and the email genuinely originated from the corporate server, Joe's account or computer has likely been compromised - possibly by malware that is actively sending emails. The immediate priority is to isolate Joe's computer from the network to sto

Question

Joe, a user, reports that several of his colleagues have received a suspicious email from his account that he did not send. A technician asks one of the colleagues to forward the email for inspection. After ruling out spoofing, the technician verifies the email originated from the corporate email server. Which of the following is the FIRST step the technician should take to correct this issue?

Options

  • ASee if Joe's email address has been blacklisted
  • BChange the password on Joe's email account
  • CUpdate the antivirus and perform a full scan on the PC
  • DIsolate Joe's computer from the network

Explanation

Since spoofing has been ruled out and the email genuinely originated from the corporate server, Joe's account or computer has likely been compromised - possibly by malware that is actively sending emails. The immediate priority is to isolate Joe's computer from the network to stop any ongoing malicious activity and prevent further spread or data exfiltration. This is the containment step. Changing the password and running antivirus scans are important subsequent steps, but isolation must come first to limit damage. Blacklisting Joe's email address would disrupt legitimate business operations and is not the appropriate first response.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 220-1002 Practice
Joe, a user, reports that several of his colleagues have received... | 220-1002 Q#174 Answer | NerdExam