Office and makes sure that the PC is disconnected from all wired and wireless networks. What should the technician do next to further investigate the incident?

Office and makes sure that the PC is disconnected from all wired and wireless networks. What should the technician do next to further investigate the incident?

• Boot the PC in Safe Mode.
• Save log files to removable media.
• Disconnect the hard drive.
• Move the malware to the Quarantined Items folder.

Explanation: When a malware protection program detects that a computer is infected, it removes or quarantines the threat. However, the computer is most likely still at risk. The first step to remediating an infected computer is to remove the computer from the network to prevent other computers from becoming infected. The next step is to follow any incident response policies that are in place. The log files should be saved to a removable media for further analysis. Restarting an infected PC may destroy the evidence of infection.

Exam with this question: IT Essentials v7.0 - A+ 220-1002 Certification Practice Exam Answers