220-1002 · Question #328
220-1002 Question #328: Real Exam Question with Answer & Explanation
The correct answer is D: Disconnect the Ethernet cable from the workstation and disable WiFi.. The described behavior - a fake antivirus pop-up with urgent warnings, a countdown timer, and a 'click here to fix' button - is classic scareware (rogue antivirus malware). The immediate priority when identifying an active malware infection is to isolate the machine from the netw
Question
Options
- AResearch the pop-up to see if it is a legitimate malware solution.
- BClick on the pop-up window to resolve the issue before the time runs out.
- CSend an email to all staff members warning them of malware on their system.
- DDisconnect the Ethernet cable from the workstation and disable WiFi.
Explanation
The described behavior - a fake antivirus pop-up with urgent warnings, a countdown timer, and a 'click here to fix' button - is classic scareware (rogue antivirus malware). The immediate priority when identifying an active malware infection is to isolate the machine from the network by disconnecting the Ethernet cable and disabling WiFi. This prevents the malware from communicating with command-and-control (C2) servers, exfiltrating data, or spreading to other network hosts. Clicking the pop-up (B) would likely install additional malware or lead to a fraudulent payment page. Sending a warning email (C) should come after containment. Researching the pop-up (A) is a secondary step; network isolation must happen first.
Community Discussion
No community discussion yet for this question.