nerdexam
Exams220-1002Questions#189
CompTIA

220-1002 · Question #189

220-1002 Question #189: Real Exam Question with Answer & Explanation

The correct answer is A: Check the contents of the hosts file. The hosts file is a local text file (located at C:\Windows\System32\drivers\etc\hosts on Windows) that maps hostnames to IP addresses, overriding DNS resolution. Malware commonly modifies this file to redirect specific domains to a malicious IP address, even after antivirus scann

Question

A technician performs a virus cleaning on a computer that has been redirecting all browsers to a phishing website. System Restore was turned off before the cleaning. The technician runs the machine through several scanners, and then tests for redirection. A smaller number of sites are still redirecting to the phishing website. The antivirus software correctly blocks the website. Which of the following should the technician do NEXT?

Options

  • ACheck the contents of the hosts file
  • BDo a System Restore to a date before the infection
  • CRerun the antivirus scan with higher sensitivity
  • DRebuild the OS on the machine

Explanation

The hosts file is a local text file (located at C:\Windows\System32\drivers\etc\hosts on Windows) that maps hostnames to IP addresses, overriding DNS resolution. Malware commonly modifies this file to redirect specific domains to a malicious IP address, even after antivirus scanning removes the core infection. Because some sites are still redirecting after the antivirus scan-yet the AV correctly blocks the destination-the redirect logic itself (in the hosts file) likely remains. System Restore was disabled (ruling out B), rerunning the scan (C) would not address a plain-text file modification, and a full OS rebuild (D) is premature before checking this simple file.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 220-1002 Practice
A technician performs a virus cleaning on a computer that has been... | 220-1002 Q#189 Answer | NerdExam