220-1102 · Question #688
220-1102 Question #688: Real Exam Question with Answer & Explanation
The correct answer is A: Disconnect the computer from the network. {"question_number": 1, "question": "A user's PC is performing slowly after the user clicked on a suspicious email attachment...", "correct_answer": "A. Disconnect the computer from the network", "explanation": "When malware is suspected, the immediate priority is containment. Dis
Question
A user's PC is performing slowly after the user clicked on a suspicious email attachment. The technician notices that a single process is taking 100% of RAM, CPU, and network resources. Which of the following should the technician do first?
Options
- ADisconnect the computer from the network
- BRun an antivirus scan
- CReboot the computer
- DEducate the user about cybersecurity best practices
Explanation
{"question_number": 1, "question": "A user's PC is performing slowly after the user clicked on a suspicious email attachment...", "correct_answer": "A. Disconnect the computer from the network", "explanation": "When malware is suspected, the immediate priority is containment. Disconnecting the computer from the network stops the malware from spreading to other systems, communicating with a command-and-control (C2) server, or exfiltrating data. This is the first step in the CompTIA A+ malware removal process: identify and quarantine. Running an antivirus scan (B) comes after isolation. Rebooting (C) could allow the malware to entrench itself further or clear volatile evidence. User education (D) is important but not an immediate incident response action.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.