Exam 220-1002 topic 1 question 178 discussion

Based on what I expect from this site, I would have expected "take the infected PC on a date, get it drunk and convince it to behave from now on" to not only BE an option, but selected AS THE CORRECT ANSWER

[The “source (computer) of the virus was removed from the network” (quarantined) – what’s next?] B. Scan and remove the malware from the infected system. [The actual next step, “Disable System Restore” is missing from the answers, but the next step after that is “Remediate” (remove the infection). The 7 Steps of Malware Removal (IQDRSEE): {remember with: Eye Q Doctor See} 1 - Identify and research malware symptoms 2 - Quarantine infected systems (isolate it) 3 - Disable System Restore (to prevent any new restore points) 4 - Remediate infected systems (update antimalware software/scan and use removal techniques) 5 - Schedule scans and run updates 6 - Enable system restore and create restore point 7 - Educate the user

This question is about whether you know the steps to remove malware in the 1002 objectives. So it says the system has been removed from the network aka quarantined (step 2 Quarantine). There's no objection to disable system restore (step 3) so I guess it's not a windows system, the next step is to update the antivirus software, but that's not included so maybe that's done automatically or it's a zero-day and you're using a tool to remove it, whatever, the only next option left remaining is scan and remove. The other options are clearly next after removing.

The computer was removed from the NETWORK. Not the virus getting removed from the system. So once the computer has been Quarantined aka removed from the network to prevent the malware spreading, then we choose B which is about removing the malware off the infected system,

When the inevitable happens and either your computer or one of your user’s computers gets infected by malware such as a computer virus, you need to follow certain steps to stop the problem from spreading and get the computer back up safely into service. The 1002 exam outlines the following multistep process as the best practice procedures for malware removal: 1. Identify and research malware symptoms. 2. Quarantine the infected systems. 3. Disable System Restore (in Windows). 4. Remediate the infected systems. A. Update the anti-malware software. B. Scan and use removal techniques (Safe Mode, Preinstallation Environment). 5. Schedule scans and run updates. 6. Enable System Restore and create a restore point (in Windows). 7. Educate the end user.

A is the answer. They said the suspected source of the virus is discovered and removed from the network. After removing the affected pc, the next step is Scan and remove the malware from the infected system.

why scan and remove when he has already "Once the suspected source of the virus is discovered and removed from the network" The virus have been removed we are told why you ask then to remove . It need to be D.

"Once the suspected source of the virus is discovered and removed from the network" its means "Quarantine infected systems (isolate it) " so , the next step is "Schedule scans and run updates" (Answer is B)

B is correct but the wording of the question is so tricky that it's easy to get it wrong. I answered differently at first but after reading the question several times I can agree with B. I hope this question is reworded for the actual exam.

another trick question... they didn't use the word quarantine. why do they put these tricky worded questions to catch you out. it's annoying.

Yes, that was tricky, he already removed from the network but not the computer system itself.

Scanning the device and removing the malware from it is the most correct answer. Had to think about this one for a bit. While the technician has isolated the device and supposed virus source, he has not explicitly run a scan of the device. Scanning will confirm if the suspected source was correct, and properly clean the device. Scheduling scans and performing Windows updates is incorrect; a scan should be conducted first before Windows updates and immediately, not on a timed schedule. Creating a restore point is incorrect; no scan has been explicitly performed. The malware may have persisted up to this point. End user education is incorrect; the technician has not yet completed implementing his solution.