CompTIA A+ Core 2 (220-1102) — Question 649

A Windows workstation that was recently updated with approved system patches shut down instead of restarting. Upon reboot, the technician notices an alert stating the workstation has malware in the root OS folder. The technician promptly performs a System Restore and reboots the workstation, but the malware is still detected. Which of the following BEST describes why the system still has malware?

Answer options

• A. A system patch disabled the antivirus protection and host firewall.
• B. The system updates did not include the latest anti-malware definitions.
• C. The system restore process was compromised by the malware.
• D. The malware was installed before the system restore point was created.

Correct answer: D

Explanation

The correct answer is D because if the malware was installed before the system restore point was created, restoring the system will not remove the malware. Options A and B are incorrect as they do not directly explain the persistence of the malware after a restore. Option C suggests the restore process was compromised, but if the malware existed prior to the restore point, it would still be present regardless of the restore's integrity.