Exam 220-1202 Topic 1 Question 352 Discussion
Actual exam question for CompTIA's 220-1202 exam
Question #: 352
Topic #: 1
Question #: 352
Topic #: 1
A small office reported a phishing attack that resulted in a malware infection. A technician is investigating the incident and has verified the following:
# All endpoints are updated and have the newest EDR signatures.
# Logs confirm that the malware was quarantined by EDR on one system.
# The potentially infected machine was reimaged.
Which of the following actions should the technician take next?
# All endpoints are updated and have the newest EDR signatures.
# Logs confirm that the malware was quarantined by EDR on one system.
# The potentially infected machine was reimaged.
Which of the following actions should the technician take next?
Suggested Answer: B Vote an answer
After containment and remediation, one of the final steps in incident response is user education. Since the root cause was a phishing attack, it is essential to educate users about identifying phishing attempts, safe browsing practices, and how to handle suspicious communications. This improves overall security posture and helps prevent future incidents.
A). Installing additional tools may be helpful but is a long-term step.
C). Flashing router firmware is not warranted unless the network hardware is known to be compromised.
D). Suggesting more advanced tools might be excessive given that the EDR successfully contained the incident.
Reference:
CompTIA A+ 220-1102 Objective 2.5: Given a scenario, detect, remove, and prevent malware using appropriate tools and methods.
Study Guide Section: Incident response and user education after a security event
A). Installing additional tools may be helpful but is a long-term step.
C). Flashing router firmware is not warranted unless the network hardware is known to be compromised.
D). Suggesting more advanced tools might be excessive given that the EDR successfully contained the incident.
Reference:
CompTIA A+ 220-1102 Objective 2.5: Given a scenario, detect, remove, and prevent malware using appropriate tools and methods.
Study Guide Section: Incident response and user education after a security event
by Duke at Jul 07, 2026, 08:36 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).