CompTIA A+ Core 2 (220-1002) — Question 217

A user opens a phishing email and types logon credentials into a fake banking website. The computer's antivirus software then reports it has quarantined several temporary Internet files. A technician disconnects the computer from the network. Which of the following should the technician perform NEXT?

Answer options

• A. Have the user change the password.
• B. Update the antivirus software and run scans.
• C. Disable the user's local computer account.
• D. Quarantine the phishing email.

Correct answer: C

Explanation

The correct action is to deactivate the user's local computer account to prevent unauthorized access. Changing the password or updating antivirus software does not immediately address potential ongoing threats from the malware. Quarantining the email is also insufficient as the user has already compromised their credentials.