Exam 220-1102 topic 1 question 351 discussion

Below is what I copied right from the CompTIA book. Too many users on here are constantly suggesting the incorrect answers. CompTIA has identified a seven-step best practice procedure for malware removal: 1. Investigate and verify malware symptoms. 2. Quarantine infected systems. 3. Disable System Restore in Windows. 4. Remediate infected systems: a) Update anti-malware software. b) Scanning and removal techniques (e.g., safe mode, preinstallation environment). 5. Schedule scans and run updates. 6. Enable System Restore and create a restore point in Windows. 7. Educate the end user.

Before educating the user you should create a system restore point.

Educate the End User

Educating the end user on best practices for security. Here’s why: User Education: Educating the end user is crucial to prevent future infections. Users need to understand safe practices, such as avoiding suspicious links, not downloading unknown files, and being cautious with email attachments. Regular security awareness training helps users recognize potential threats. Other Options: Quarantine the host in the antivirus system (Option B): While this is important, it’s not the immediate next step after removal. Quarantining should have been done during the removal process. Investigate how the system was infected with malware (Option C): Investigation is essential, but it can happen concurrently with user education. Create a system restore point (Option D): Creating a restore point is useful, but it’s not the priority right after malware removal.

D is correct

Creating a system restore point is generally a good practice but isn't directly related to educating the end user or mitigating future risks.