CompTIA CySA+ (CS0-003) — Question 371

A security analyst identifies a device on which different malware was detected multiple times even after the systems were scanned and cleaned several times. Which of the following actions would be most effective to ensure the device does not have residual malware?

Answer options

• A. Update the device and scan offline in safe mode.
• B. Replace the hard drive and reimage the device.
• C. Upgrade the device to the latest OS version.
• D. Download a secondary scanner and rescan the device.

Correct answer: B

Explanation

Replacing the hard drive and reimaging the device is the most effective way to eliminate any residual malware, as this ensures that all data is wiped clean and a fresh operating system is installed. The other options may not fully remove all traces of malware, as scanning and updating might still leave remnants behind that could lead to reinfection.