nerdexam
Exams220-1002Questions#306
CompTIA

220-1002 · Question #306

220-1002 Question #306: Real Exam Question with Answer & Explanation

The correct answer is C: Train the user on safe Internet browsing. This scenario describes ransomware/scareware (fake law enforcement malware). After the malware has been removed and a restore point created, the technician should educate the user on safe Internet browsing habits to prevent reinfection. Since the malware is already removed and th

Question

A user has reported that when a document is being edited a pop-up appears and locks the workstation. The pop-up states that federal authorities have detected illegal copyrighted material on the workstation. The technician removes the malware and creates a restore point. Which of the following should the technician perform NEXT before closing the report?

Options

  • AContact the local computer emergency response team
  • BQuarantine the workstation for possible infections
  • CTrain the user on safe Internet browsing
  • DRestore to an earlier state and disable System Restore

Explanation

This scenario describes ransomware/scareware (fake law enforcement malware). After the malware has been removed and a restore point created, the technician should educate the user on safe Internet browsing habits to prevent reinfection. Since the malware is already removed and the system secured, contacting CERT is unnecessary for this type of common consumer malware. Quarantining the workstation would have been appropriate before remediation, not after. Restoring to an earlier state and disabling System Restore is counterproductive - System Restore is a valuable recovery tool and should remain enabled; disabling it eliminates future recovery options.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 220-1002 Practice