Exam 220-1102 Topic 2 Question 364 Discussion

Actual exam question for CompTIA's 220-1102 exam
Question #: 364
Topic #: 2
A technician received a notification about encrypted production data files and thinks active ransomware is on the network. The technician isolated and removed the suspicious system from the network. Which of the following steps should the technician take next?

Suggested Answer: C Vote an answer

The next step after isolating the system is to perform a system scan to remove the malware (Option C).
Since ransomware is suspected, running a comprehensive malware scan can help identify and remove the malicious software. It is crucial to deal with the active threat before taking further actions.
* Scheduling an antivirus scan and system update (Option A) may help, but the immediate concern is identifying and removing the ransomware.
* Educating the end user (Option B) is important but should happen after the immediate threat is resolved.
* Creating a system restore point (Option D) would not be useful at this point since the system is infected.
CompTIA A+ Core 2 References:
* 2.3 - Detect, remove, and prevent malware, including handling ransomware.

by Montague at May 15, 2025, 11:53 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10