Exam 220-1102 topic 1 question 190 discussion

The technician has not confirmed that this is malware. if customer is still there, the technician should definitely inquire if the customer knows where that file came from, & what it is. If the customer is not reachable, technician should first scan the computer for viruses.

The answer would be C. 3.2 of the Comptia 1102 exam objectives states the following: Given a scenario, use best practice procedures for malware removal. 1. Investigate and verify malware symptoms 2.Quarantine infected systems 3.Disable System Restore in Windows 4.Remediate infected systems a. Update anti-malware software b.Scanning and removal techniques (e.g., safe mode, preinstallation environment) 5.Schedule scans and run updates 6.Enable System Restore and create a restore point in Windows 7. Educate the end user

Selecting A because the user already can't access files after opening the suspicious document. The next step in the CompTIA’s malware removal best practices prioritize containment first. If the system remains active while you investigate or run scans, the malware could: 1. Spread across the network 2. Encrypt more files (if it's ransomware) 3. Exfiltrate sensitive data This is why A seems correct to me.

You have not yet verified that there is malware on the system, so it would have to be B. Investigating how it was installed would be one of the last things you do as part of educating the user.

C there is a mind change-------after reading the question again

A why is it not A-- according to Comptia "best practice procedures for malware removal".and assuming it is some kind of malware, it should be Quarantine infected system 1. Investigate and verify malware symptoms 2.Quarantine infected systems 3.Disable System Restore in Windows 4.Remediate infected systems a. Update anti-malware software b.Scanning and removal techniques (e.g., safe mode, preinstallation environment) 5.Schedule scans and run updates 6.Enable System Restore and create a restore point in Windows 7. Educate the end user

It's B

The question doesn't mention that it is malware, so it should be assumed that it is malware.

The answer is B because on the practice test I chose C which it told me was incorrect. Instead it told me the answer is B. So the Answer to this question is B

Order of operations C then B then A. Questions is where are you. My perspective we know that malware on the PC but not how it got on my answer is C. In real world I'd be Quarantining the machine right away even as I continuing investigating on how it was installed to protect my other machines and keeping it from spreading. This as what seems to be the consistency another bad poorly worded question.

The questions says the filename is “URGENT PLEASE READ.txt - In active folder, .txt file titled urgent please read”. Just because there's a .txt extension in the middle of the file name doesn't make this a text file. If Windows Explorer settings are default then known file extension types, such as .exe, will not be displayed. The technician should start at step one by investigating and verifying symptoms before proceeding to quarantine if confirmed.

this question is phrased so weird. i dont understand what its saying

This is an interesting one. I don't know if I'm thinking too hard, but .txt extensions cannot execute anything. Even if there is code inside of it. So when opening it, all you will see is text. Because of this I would just use B, to check if there's anything malicious on the machine. If I'm not thinking hard and they are expecting a typical step, I would pick A, quarantine.

I believe it's B but A is the next best answer in my opinion.

I would for letter A (Quarantine)

Why wouldn't you ALWAYS quarantine the system before doing any other step? To prevent a possible spread.