CompTIA A+ Core 2 (220-1202) — Question 110

A small office reported a phishing attack that resulted in a malware infection. A technician is investigating the incident and has verified the following:
All endpoints are updated and have the newest EDR signatures.
Logs confirm that the malware was quarantined by EDR on one system.
The potentially infected machine was reimaged.
Which of the following actions should the technician take next?

Answer options

• A. Install network security tools to prevent downloading infected files from the internet.
• B. Discuss the cause of the issue and educate the end user about security hygiene.
• C. Flash the firmware of the router to ensure the integrity of network traffic.
• D. Suggest alternate preventative controls that would include more advanced security software.

Correct answer: B

Explanation

The correct answer is B because educating the end user about security hygiene helps prevent future incidents by making them aware of the risks associated with phishing. Options A and C focus on technical measures rather than user behavior, which is essential in this scenario. Option D suggests implementing advanced software but does not address the immediate need for user education.