CompTIA A+ Core 2 (220-1002) — Question 85

Joe, a technician, receives notification that a share for production data files on the network is encrypted. Joe suspects a crypto virus is active. He checks the rights of the network share to see which departments have access. He then searches the user directories of those departmental users who are looking for encrypted files. He narrows his search to a single user's computer.
Once the suspected source of the virus is discovered and removed from the network, which of the following should Joe do NEXT?

Answer options

• A. Educate the end user on safe browsing and email habits.
• B. Scan and remove the malware from the infected system.
• C. Create a system restore point and reboot the system.
• D. Schedule antivirus scans and perform Windows updates.

Correct answer: B

Explanation

The correct action for Joe is to scan and remove the malware from the infected system to ensure that the threat is completely eradicated. Educating the user and scheduling scans are important, but they should follow the immediate removal of the malware to prevent further damage. Creating a restore point and rebooting does not directly address the existing malware issue.