A technician received a call stating that all files in a user's documents folder appear to be changed, and each of the files now has a .lock file extension. Which of the following actions is the FIRST step the technician should take?
A ransomware attack may be the reason for the lock-files.
And the second step of malware removal steps is, to bring the computer into Quarantine.
(First step was "Identify and research malware symptoms", and to see *.lock-Files is that step)
The first step the technician should take is to disconnect the machine from the network. This is important to prevent the spread of the malicious software or virus which has caused the files to be changed, and to prevent the user from opening any additional files which may be affected. Disconnecting the machine from the network will also prevent the hacker from continuing their attack. The other options are not appropriate as a first step, as they will not prevent further attacks or the spread of the malicious software.
The first step is to identify the symptoms of malware, which was done already by looking at the .lock files, likely caused by ransomware. The first thing to do after that is to quarantine (disconnect) the machine from the network to prevent further contamination to other systems. D is the answer
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.220-1102 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Dido1963
Highly Voted 10 months, 3 weeks agoNotAHackerJustYet
Highly Voted 9 months, 2 weeks agoJollyGinger27
Most Recent 9 months ago