CompTIA A+ Core 2 (220-1102) — Question 542

An organization’s critical database files were attacked with ransomware. The company refuses to pay the ransom tor a decryption key. All traces of the infection have been removed from the underlying servers Which of me following should the company do next?

Answer options

• A. Scan all of tie infected files with up-to-date, anti-malware cleaning software.
• B. Fully patch the server operating systems hosting the fileshares.
• C. Change the files to be read-only.
• D. Restore critical data from backup.

Correct answer: D

Explanation

Restoring critical data from backup is the correct course of action because it allows the company to recover their files without succumbing to the ransomware demands. Scanning infected files with anti-malware software, patching the server operating systems, or changing file permissions to read-only will not restore the lost data or mitigate the impact of the attack.