Exam 220-1202 Topic 1 Question 352 Discussion

Actual exam question for CompTIA's 220-1202 exam
Question #: 352
Topic #: 1
A small office reported a phishing attack that resulted in a malware infection. A technician is investigating the incident and has verified the following:
# All endpoints are updated and have the newest EDR signatures.
# Logs confirm that the malware was quarantined by EDR on one system.
# The potentially infected machine was reimaged.
Which of the following actions should the technician take next?

Suggested Answer: B Vote an answer

After containment and remediation, one of the final steps in incident response is user education. Since the root cause was a phishing attack, it is essential to educate users about identifying phishing attempts, safe browsing practices, and how to handle suspicious communications. This improves overall security posture and helps prevent future incidents.
A). Installing additional tools may be helpful but is a long-term step.
C). Flashing router firmware is not warranted unless the network hardware is known to be compromised.
D). Suggesting more advanced tools might be excessive given that the EDR successfully contained the incident.
Reference:
CompTIA A+ 220-1102 Objective 2.5: Given a scenario, detect, remove, and prevent malware using appropriate tools and methods.
Study Guide Section: Incident response and user education after a security event

by Duke at Jul 07, 2026, 08:36 PM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

0
0
0
10