ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam 220-1002 All Questions

View all questions & answers for the 220-1002 exam
Go to Exam

Exam 220-1002 topic 1 question 420 discussion

Actual exam question from CompTIA's 220-1002
Question #: 420
Topic #: 1
[All 220-1002 Questions]

A recent ransomware attack caused several datasets to be inaccessible. Security technicians were able to mitigate any additional attacks and remove any unauthorized software. Which of the following should the technicians do NEXT?

  • A. Run an antivirus tool.
  • B. Boot to the Recovery Console.
  • C. Update the software firewall.
  • D. Restore from backup.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by Abrasive123 at June 2, 2021, 6:15 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Abrasive123
Highly Voted 4 years ago
Update the software firewall? That's not even part of seven step malware removal process. Most likely correct answer should be restore from back up as the key term in question is file inaccessible.
upvoted 12 times
JE39
4 years ago
Agreed. Ransomware in most cases make data unrecoverable and the most important strategy to deal with the threat is frequent back ups.
upvoted 3 times
...
TripeV
3 years, 5 months ago
update the software firewall is definately part if the seven steps. Please seel below: CompTIA has identified a seven-step best practice procedure for malware removal: 1. Identify and research malware symptoms. 2. Quarantine infected systems. 3. Disable System Restore (in Windows). 4. Remediate infected systems: • Update anti-malware software. • Scan and use removal techniques (Safe Mode, Pre-installation environment). 5. Schedule scans and run updates. 6. Enable System Restore and create restore point (in Windows). 7. Educate end user.
upvoted 4 times
...
...
VasiliyFis
Most Recent 3 weeks, 2 days ago
Selected Answer: D
After a ransomware attack where: Datasets are inaccessible (likely encrypted), The attack has been mitigated, Unauthorized software has been removed, The next critical step is to restore the affected data from a known-good backup made before the infection.
upvoted 1 times
...
Passngrass
2 years, 10 months ago
Backup seems like it would be the best for restoring functionality as quickly as possible but not apart of the remediation steps but updates surely is the next step in malware removal.
upvoted 2 times
...
Gilber507
3 years, 3 months ago
Luego de remediar los sistema, se debe programar scaneos en este caso no esta la opcion de programas, entonces actualizar cortafuegos.
upvoted 2 times
...
Nssh
3 years, 8 months ago
D is correct
upvoted 4 times
...
DJGeorgeCostanza
3 years, 11 months ago
Only reason I'd even suspect firewall is to prevent further attack through the network from outside the firewall, but the question never states how the infection started -- so if that is the answer, it's sorta out of left field. Backup seems like a safe answer to choose.
upvoted 3 times
Granddude
3 years, 10 months ago
Wouldn't restoring from backup possibly reinfect the system?
upvoted 4 times
iLikeBeagButt
3 years, 1 month ago
That's system restore not backup...
upvoted 2 times
...
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel