ExamGecko
Search Search Login
Home Home / CompTIA / 220-1102
Question list
Search
Search

List of questions

Search
Open VPLUS File
Convert VPLUS to PDF

Related questions

A systems administrator is setting up a Windows computer for a new user Corporate policy requires a least privilege environment. The user will need to access advanced features and configuration settings for several applications. Which of the following BEST describes the account access level the user will need?
A technician installed a known-good, compatible motherboard on a new laptop. However, the motherboard is not working on the laptop. Which of the following should the technician MOST likely have done to prevent damage?
A user reports a PC is running slowly. The technician suspects it has a badly fragmented hard drive. Which of the following tools should the technician use?
A technician is troubleshooting an issue involving programs on a Windows 10 machine that are loading on startup but causing excessive boot times. Which of the following should the technician do to selectively prevent programs from loading?
A change advisory board did not approve a requested change due to the lack of alternative actions if implementation failed. Which of the following should be updated before requesting approval again?
Which of the following must be maintained throughout the forensic evidence life cycle when dealing with a piece of evidence?
The Chief Executive Officer at a bark recently saw a news report about a high-profile cybercrime where a remote-access tool that the bank uses for support was also used in this crime. The report stated that attackers were able to brute force passwords to access systems. Which of the following would BEST limit the bark's risk? (Select TWO)
Which of the following is the MOST cost-effective version of Windows 10 that allows remote access through Remote Desktop?
A user is unable to log in to a workstation. The user reports an error message about the date being incorrect. A technician reviews the date and verifies it is correct, but the system clock is an hour behind. The technician also determines this workstation is the only one affected. Which of the following is the most likely issue?
A user rotates a cell phone horizontally to read emails, but the display remains vertical, even though the settings indicate autorotate is on. VT1ich of the following will MOST likely resolve the issue?

Question 462 - 220-1102 discussion

Report
Export

A branch office suspects a machine contains ransomware. Which of the following mitigation steps should a technician take first?

A.
Disable System Restore.
Answers
A.
Disable System Restore.
B.
Remediate the system.
Answers
B.
Remediate the system.
C.
Educate the system user.
Answers
C.
Educate the system user.
D.
Quarantine the system.
Answers
D.
Quarantine the system.
Suggested answer: D

Explanation:

The first mitigation step that a technician should take when a machine is suspected to contain ransomware is to quarantine the system. This means isolating the infected machine from the network and other devices, to prevent the ransomware from spreading and encrypting more data.The technician can quarantine the system by disconnecting the network cable, turning off the wireless adapter, or using firewall rules to block the traffic from and to the machine12.

This step is more important than the other options because:

Disabling System Restore (A) is not a priority, as it will not stop the ransomware from running or spreading. System Restore is a feature that allows users to restore their system to a previous state, but it may not work if the ransomware has encrypted or deleted the restore points.Moreover, disabling System Restore may prevent the user from recovering some data or settings in the future13.

Remediating the system (B) is the ultimate goal, but it cannot be done before quarantining the system. Remediating the system means removing the ransomware, restoring the data, and fixing the vulnerabilities that allowed the attack. However, this process requires careful analysis, planning, and execution, and it may not be possible if the ransomware is still active and communicating with the attackers.Therefore, the technician should first isolate the system and then proceed with the remediation steps12.

Educating the system user is a preventive measure, but it is not a mitigation step. Educating the system user means raising awareness and providing training on how to avoid ransomware attacks, such as by recognizing phishing emails, avoiding suspicious links or attachments, and updating and patching the system regularly. However, this step will not help if the system is already infected, and it may not be effective if the user is not willing or able to follow the best practices.Therefore, the technician should focus on resolving the current incident and then educate the user as part of the recovery plan14.

1: How to Mitigate Ransomware Attacks in 10 Steps - Heimdal Security12: 3 steps to prevent and recover from ransomware | Microsoft Security Blog33: How to use System Restore on Windows 10 | Windows Central54: Ransomware Mitigation | Prevention and Mitigation Strategies - Delinea4

Show Answer
asked 02/10/2024
Herr Alexandre Fleider
39 questions
PreviousPreviousNextNext
User
Your answer:
0 comments
Sorted by

Leave a comment first

ExamGecko

Copyright @2023 ExamGecko | All right reserved

Mail us: [email protected]
About us
Contact us
Twitter X
Facebook
Medium
Convert VPLUS to PDF
Open VPLUS files Easily and Quickly
Privacy Policy
Disclaimer
Terms