220-1002 Question #558: Real Exam Question with Answer & Explanation

The correct answer is A: Mount the drive using a forensic platform. When a boot sector infection is suspected, the worst approach is to boot the infected drive, because boot sector malware executes before the OS and can hide itself, spread, or cause further damage during boot. Mounting the drive using a forensic platform (A) allows a clean, trust

Question

A technician is working on an infected computer that is currently turned off. The technician is concerned the boot sector is affected. Which of the following is the BEST method for the technician to use to scan the boot sector?

Options

AMount the drive using a forensic platform
BBoot into safe mode
CBoot to last known good configuration
DBoot the drive in another computer.

Explanation

When a boot sector infection is suspected, the worst approach is to boot the infected drive, because boot sector malware executes before the OS and can hide itself, spread, or cause further damage during boot. Mounting the drive using a forensic platform (A) allows a clean, trusted system to access the suspect drive in a read-only or controlled manner, scanning the boot sector without ever executing the potentially malicious boot code. Safe mode (B) and last known good configuration (C) both still boot the infected drive's OS, giving the malware a chance to run. Booting the drive in another computer (D) also executes the infected boot sector on that machine, risking spreading the infection.

Community Discussion

No community discussion yet for this question.

Full 220-1002 Practice