CompTIA A+ Core 2 (220-1102) — Question 513

A technician received a notification about encrypted production data files and thinks active ransomware is on the network. The technician isolated and removed the suspicious system from the network. Which of the following steps should the technician take next?

Answer options

• A. Schedule and perform an antivirus scan and system update.
• B. Educate the end user on internet usage.
• C. Perform a system scan to remove the malware.
• D. Create a system restore point.

Correct answer: C

Explanation

The correct answer is C, as performing a system scan is crucial to identify and remove any malware that may still be present on the system. Option A, while important, should come after confirming the system is clean. Option B is not directly relevant to addressing the immediate threat of ransomware. Option D is useful for recovery but does not address the current malware issue.