220-1002 Question #330: Real Exam Question with Answer & Explanation

The correct answer is A: Disconnect the network cable.. The symptoms described - a process consuming over 90% CPU combined with unusually high outbound traffic on port 25 (SMTP) - strongly indicate a malware infection, likely a spam bot or worm actively sending emails. The first priority in malware remediation is to contain the threat

Question

A technician is investigating the cause of a Windows 7 PC running very slow. While reviewing Task Manager, the technician finds one process is using more than 90% of the CPU. Outbound network traffic on port 25 is very high, while inbound network traffic is low. Which of the following tasks should be done FIRST?

Options

ADisconnect the network cable.
BUpdate the antivirus software.
CRun an antivirus scan.
DShut down the PC.

Explanation

The symptoms described - a process consuming over 90% CPU combined with unusually high outbound traffic on port 25 (SMTP) - strongly indicate a malware infection, likely a spam bot or worm actively sending emails. The first priority in malware remediation is to contain the threat and stop ongoing damage. Disconnecting the network cable immediately halts the malicious outbound traffic, prevents further spread to other machines, and stops the attacker's command-and-control communication - all before any remediation steps. Updating antivirus (B) and running a scan (C) come after isolation, since updating requires internet access and a running scan won't stop live network activity. Shutting down (D) is less ideal than disconnecting because it can destroy volatile forensic evidence and some malware persists through reboots. Containment always comes first in incident response.

Community Discussion

No community discussion yet for this question.

Full 220-1002 Practice