ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam 220-1002 All Questions

View all questions & answers for the 220-1002 exam
Go to Exam

Exam 220-1002 topic 1 question 93 discussion

Actual exam question from CompTIA's 220-1002
Question #: 93
Topic #: 1
[All 220-1002 Questions]

A user reports malware activity on an isolated workstation used for testing. It is running an end-of-life OS, and a USB drive is the only method used to transfer files. After removing the malware and replacing the USB drive with a brand new one, the technician gives the approval to use the equipment. The next day the user reports the same malware activity is present after powering on the system.
Which of the following did the technician forget to do to prevent reinfection?

  • A. Connect to the network and update the OS with the latest security patches
  • B. Scan and clean the USB device used to transfer data from the equipment
  • C. Disable System restore and remove all restore points from the system
  • D. Update the local antivirus and set it to scan automatically every evening
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by kelly_mon at Jan. 22, 2020, 4:26 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
betty_boop
Highly Voted 4 years, 10 months ago
Answer D is correct. Look at this question from a reputable, industry-recognized trainer: A factory worker suspects that a legacy workstation is infected with malware. The workstation is running Windows XP and is used as part of an ICS/SCADA system to control some industrial factory equipment. The workstation is connected to an isolated network that cannot reach the internet. The workstation receives the patterns for the manufactured designs through a USB drive. A technician is dispatched to remove the malware from this workstation, and after its removal, the technician provides the factory worker with a new USB drive to move the pattern files to the workstation. Within a few days, the factory worker contacts the technician again to report the workstation appears to be reinfected with malware. Which of the following steps did the technician MOST likely forget to perform to prevent a reinfection? A- Disable System Restore (in Windows) B- Quarantine the infected system C- Enable System Restore and create a restore point (in Windows) D- Update the anti-malware solution (CORRECT) E- Remediate the infected systems F- Identify and research malware symptoms
upvoted 16 times
DarK9ght
4 years, 9 months ago
But here they didn't mention about enable the system restore and create restore point. so step according to this c is the answer
upvoted 2 times
Bobo55
4 years, 3 months ago
That's because the Chinese kid regurgitating this question didn't get all the details included which is half the problem with these questions. Man, it's hard to find good foreign help with photographic memories...
upvoted 2 times
...
...
betty_boop
4 years, 10 months ago
Explanation OBJ-3.3: Since the workstation is isolated from the internet, the anti-malware solution will need to be manually updated to ensure it has the latest virus definitions. Without the latest virus definitions, the system can easily become reinfected.
upvoted 12 times
...
...
shangus
Highly Voted 5 years, 3 months ago
I agree Disabling System Restore is part of procedure of removing a malware but in this case the system was never restored so the cause of the Malware is not System Restore so its more important and anti malware checking at this point, don't get me wrong Disabling System Restore is super important but to get rid of the malware requires checking
upvoted 7 times
...
c22e828
Most Recent 1 year, 5 months ago
so the tech removed the virus and transferred the once-infected files to a new USB but did not scan and clean the new USB device... My gut says B
upvoted 1 times
...
iLikeBeagButt
3 years, 1 month ago
Selected Answer: C
C. Disable System restore and remove all restore points from the system
upvoted 2 times
...
iLikeBeagButt
3 years, 1 month ago
I think it is C, the computer is isolated in a testing environment and the USB drive has been replaced with a new one, so how did it get the same malware again? Because the malware is already in the System Restore... the malware probably came initially via the old USB drive. And now the malware has been saved in the System Restore and no one noticed it until now.
upvoted 1 times
...
syougun200x
3 years, 3 months ago
I am honestly not strong at this area but is not the answer C? Reoccurence of malware on an isolated device after the removal. That sounds to me the malware is not removed completely. Is it possible that system restore was not considered in the removal process?
upvoted 2 times
...
666_m
3 years, 11 months ago
end-of-life OS
upvoted 1 times
...
666_m
3 years, 11 months ago
Option A is correct,
upvoted 2 times
...
manjoe
4 years, 6 months ago
D is the correct answer because the questions does not state any restore points made, so the fist thing to do you suppose to update antivirus and then clean the PC then you can remove restore points and create a new restore point
upvoted 1 times
...
Dirkster
4 years, 9 months ago
A couple of questions back there was a similar question, but then the answer was updating the OS instead of updating the antivirus. Now it's the other way around. Doesn't make sense
upvoted 2 times
dnbly
4 years, 1 month ago
This question states that the OS is End of Life hence there are no further updates available to install.
upvoted 6 times
...
OCD
4 years, 1 month ago
No, I saw that question too, but did say to update anti-virus, though and NOT the OS. YOu losing your marbles, bro.
upvoted 1 times
...
...
666039_5938
4 years, 11 months ago
D is a good answer but even with a new usb it could be B as files could contain the malware regardless, which could reinfect the system, question is a little vague.
upvoted 1 times
...
Anon6606
5 years ago
I agree with all how would the virus likely to return, unless the actual files the user is transferring has malware on, I feel they could of been more distinct
upvoted 1 times
...
Newberry24
5 years, 4 months ago
I agree with you. Disabling System Restore is an important step in malware removal.
upvoted 3 times
...
kelly_mon
5 years, 4 months ago
Especially since its an isolated system with a brand new USB drive
upvoted 2 times
...
kelly_mon
5 years, 4 months ago
Is it not C as opposed to D, because its the same symptoms again ? "C. Disable System restore and remove all restore points from the system"
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel