CompTIA A+ Core 2 (220-1002) — Question 263

A technician is removing malware from a workstation. The malware was installed via a phishing attack, which was initiated from a link that was included in an email.
Which of the following should the technician do to address this issue? (Choose two.)

Answer options

• A. Ensure the anti-rootkit utility is up to date and run it to remove the threat.
• B. Update the host firewall to block port 80 on the workstation.
• C. Restore the system using the last known-good configuration from the recovery console.
• D. Ensure antivirus is up to date and install the latest patches.
• E. Educate the user on verifying email links by hovering over them before clicking.
• F. Ensure endpoint protection is up to date and run the utility to remove the threat.

Correct answer: D, E

Explanation

The correct answers, D and E, focus on proactive measures to prevent future infections. Updating antivirus and patches ensures the system is protected from known vulnerabilities, while educating the user helps them avoid falling for phishing schemes again. Options A, B, C, and F do not directly address the immediate removal of malware or user education related to phishing attacks.