nerdexam
Exams220-1002Questions#372
CompTIA

220-1002 · Question #372

220-1002 Question #372: Real Exam Question with Answer & Explanation

The correct answer is A: Disconnect the device from the network. CompTIA's malware remediation best-practice order is: (1) Identify and research malware symptoms (B) - understand what you're dealing with; (2) Quarantine the infected system (A) - disconnect from the network immediately to prevent the malware from spreading or communicating with

Question

A technician receives the Chief Executive Officer's (CEO's) Windows 10 laptop, which has been infected with malware. The technician wants to make sure best practices are followed for troubleshooting and remediating the malware. Which of the following best practices should the technician perform FIRST in this scenario? (Choose three.)

Options

  • ADisconnect the device from the network
  • BIdentify and research the symptoms
  • CRestore the computer to the previous checkpoint
  • DScan and use removal techniques
  • ECreate a restore point
  • FEducate the end user
  • GSchedule scans and run updates

Explanation

CompTIA's malware remediation best-practice order is: (1) Identify and research malware symptoms (B) - understand what you're dealing with; (2) Quarantine the infected system (A) - disconnect from the network immediately to prevent the malware from spreading or communicating with a command-and-control server; (3) Disable System Restore / create a restore point is step 3 in the CompTIA model - but creating a restore point (E) after infection could capture the malware in the restore point; (4) Remediate/scan and remove (D). Restoring to a previous checkpoint (C) skips proper identification, and educating the user (F) and scheduling scans (G) come after remediation. The three 'FIRST' steps are isolate, identify, and remediate.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full 220-1002 Practice