220-1102 Question #740: Real Exam Question with Answer & Explanation

Question

A computer has been infected with malware. Despite several attempts to remove the malware, the issue persists. Which of the following actions should the technician take next? (Choose two.)

Options

• AReimage the computer.
• BRestore the computer using the last known-good backup.
• CRemove the computer from the network.
• DPut the computer in safe mode.
• EVerify the file consistency.
• FEnable the system firewall.

Explanation

If malware persists despite removal attempts, the critical next steps are to isolate the infected computer from the network to prevent further spread and then reimage it to ensure complete eradication of the threat.

Common mistakes.

• B. Restoring from a last known-good backup is an option, but reimaging offers a more certain path to a clean state when removal attempts have already failed and the exact infection time or backup integrity is uncertain.
• D. Putting the computer in safe mode is a common initial step for malware removal, but the question states 'several attempts to remove the malware' have already failed, implying safe mode was likely already tried or ineffective.
• E. Verifying file consistency is a troubleshooting step, but it doesn't directly remove malware; malware can masquerade as legitimate files or corrupt system files, making simple consistency checks insufficient for eradication.
• F. Enabling the system firewall is a preventative measure or a component of ongoing security, but it does not remove existing malware that has already bypassed initial defenses.

Concept tested. Malware remediation and incident response

Reference. https://www.comptia.org/blog/how-to-remove-malware-from-a-computer

No community discussion yet for this question.