CompTIA Security+ (SY0-501) — Question 84

An incident responder receives a call from a user who reports a computer is exhibiting symptoms consistent with a malware infection. Which of the following steps should the responder perform NEXT?

Answer options

• A. Capture and document necessary information to assist in the response.
• B. Request the user capture and provide a screenshot or recording of the symptoms.
• C. Use a remote desktop client to collect and analyze the malware in real time.
• D. Ask the user to back up files for later recovery.

Correct answer: A

Explanation

The correct answer is A, as capturing and documenting necessary information is crucial for understanding the incident and guiding further actions. Option B, while useful, does not prioritize immediate response actions. Option C involves real-time analysis, which is not the next step after a user report. Option D is not advisable until the situation is fully assessed, as backing up potentially infected files could lead to further issues.