220-802 Question #45: Real Exam Question with Answer & Explanation

The correct answer is B: Disable system restore. When removing malware, the first step after identification is to disable System Restore. This is critical because System Restore can preserve copies of malware within restore points. If System Restore is left enabled, even after successful removal, a user or the system could inad

Question

A user, Ann, reports that she suspects her workstation has malware. Joe, the technician, confirms malware exists and starts the process of removing the malware. Which of the following is the FIRST step he should take in removing the malware?

Options

ADisable antivirus
BDisable system restore
CEnable hard drive encryption
DFormat the hard drive

Explanation

When removing malware, the first step after identification is to disable System Restore. This is critical because System Restore can preserve copies of malware within restore points. If System Restore is left enabled, even after successful removal, a user or the system could inadvertently restore a point containing the malware, re-infecting the machine. The CompTIA A+ malware removal process specifies: (1) identify and research, (2) quarantine the infected system, (3) disable System Restore, (4) remediate/remove, (5) schedule scans, (6) enable System Restore and create a new restore point, (7) educate the end user. Disabling antivirus (A), encrypting the drive (C), or formatting (D) are either counterproductive or last-resort steps.

Community Discussion

No community discussion yet for this question.

Full 220-802 Practice