CompTIA A+ Core 2 (220-1002) — Question 51

A technician responds to a call from a user who claims to have a virus on a workstation. The technician observes the following notification from the system tray:
There are 1033 infected files on this computer. Click here to disinfect.
The link is blocked by the corporate content filter and displays a message stating the site contains known malware.
Which of the following should the technician complete to secure the computer with MINIMAL impact to the user?

Answer options

• A. Compare the startup items and services to a known clean image, and remove any startup items not found in the other image. Run an anti-malware scan.
• B. Validate that the alerts are false positives, and disable security software on the workstation to prevent further false notifications.
• C. Back up the user's files. Restore the system to the original system image designated by corporate IT policies. Restore the user's files.
• D. Request a content filter exception to allow access to the link from the notification. Once available, follow the instructions on the linked site.

Correct answer: A

Explanation

The correct answer is A because it allows the technician to address the potential malware issue with minimal disruption to the user by comparing and removing suspicious items before running a scan. Options B and D could exacerbate the problem, while option C involves a more extensive restoration process that would significantly impact the user's work.