220-1102 Question #460: Real Exam Question with Answer & Explanation

Question

A workstation is displaying a message indicating that a user must exchange cryptocurrency for a decryption key. Which of the following is the best way for a technician to return the device to service safely?

Options

• ARun an AV scan.
• BReinstall the operating system.
• CInstall a software firewall.
• DPerform a system restore
• EComply with the on-screen instructions.

Explanation

The best and safest way to recover a workstation infected with ransomware is to wipe the system and reinstall the operating system from scratch, then restore data from clean backups, ensuring all malicious files are completely removed.

Common mistakes.

• A. Running an AV scan might detect some ransomware variants, but it is not guaranteed to decrypt files or fully remove all traces of the infection, which can hide or persist.
• C. Installing a software firewall will not remove existing ransomware encryption or eliminate the infection from the system; it is a preventative measure, not a remediation for an active attack.
• D. Performing a system restore might revert some system files, but ransomware often encrypts user data files and can embed itself in ways that a simple system restore may not fully reverse, leaving residual risks.
• E. Complying with ransomware demands by paying the ransom is strongly discouraged as it does not guarantee file decryption, funds criminal activity, and marks the victim as a potential target for future attacks.

Concept tested. Ransomware remediation

No community discussion yet for this question.