CompTIA CySA+ (CS0-003) — Question 467

An employee accessed a website that caused a device to become infected with invasive malware. The incident response analyst has:

• created the initial evidence log.
• disabled the wireless adapter on the device.
• interviewed the employee, who was unable to identify the website that was accessed.
• reviewed the web proxy traffic logs.

Which of the following should the analyst do to remediate the infected device?

Answer options

• A. Update the system firmware and reimage the hardware.
• B. Install an additional malware scanner that will send email alerts to the analyst.
• C. Configure the system to use a proxy server for Internet access.
• D. Delete the user profile and restore data from backup.

Correct answer: A

Explanation

The correct answer is A because updating the system firmware and reimaging the hardware eliminates the malware fully, ensuring no remnants remain. Options B and C do not directly address the infection and may allow the malware to persist. Option D may lead to loss of user data and does not guarantee the removal of the malware.