Exam 220-1202 Topic 1 Question 36 Discussion

Actual exam question for CompTIA's 220-1202 exam
Question #: 36
Topic #: 1
A technician verifies that a malware incident occurred on some computers in a small office. Which of the following should the technician do next?

Suggested Answer: A Vote an answer

Comprehensive and Detailed Explanation From Exact Extract:
Once a malware incident has been confirmed, the immediate next step is to contain the threat. Quarantining infected systems prevents the malware from spreading to other devices and isolates the malicious code for further analysis or remediation.
B: Educating end users is important but occurs later in the incident response process.
C: Disabling System Restore is part of cleanup, not containment.
D: Updating and scanning should occur after the system is quarantined to prevent further infection or spread.
Reference:
CompTIA A+ 220-1102 Objective 2.5: Given a scenario, detect, remove, and prevent malware using appropriate tools and methods.
Study Guide Section: Malware removal best practices - Step 2: Quarantine the infected system

by Ida at Oct 13, 2025, 11:34 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10