If a user clicks a malicious link and their computer shows signs of being compromised, the first step should be to quarantine the workstation to prevent further damage.
Table of Contents
Question
A user clicked a link in an email, and now the cursor is moving around on its own. A technician notices that File Explorer is open and data is being copied from the local drive to an unknown cloud storage location. Which of the following should the technician do first?
A. Investigate the reported symptoms.
B. Run anti-malware software.
C. Educate the user about dangerous links.
D. Quarantine the workstation.
Answer
D. Quarantine the workstation.
Explanation
The correct first step in this scenario is to quarantine the workstation (Option D). Based on the symptoms described – the cursor moving on its own and data being copied to an unknown cloud storage location – the computer has most likely been compromised by malware. Malicious actors now have remote access and control of the system.
The top priority is to immediately isolate the infected machine from the network to prevent the malware from spreading to other systems or the attacker from stealing more data. Quarantining involves disconnecting the workstation from the internet and any shared network drives. This stops the active attack in progress.
Only after quarantining should you proceed with the other steps like investigating the incident in more detail (Option A), running anti-malware scans to attempt to remove the malicious software (Option B), and educating the user about the dangers of clicking links from unknown sources (Option C). But quarantining to halt further damage is the essential first action to take when a computer has been compromised through a malicious link.
CompTIA 220-1102 certification exam assessment practice question and answer (Q&A) dump including multiple choice questions (MCQ) and objective type questions, with detail explanation and reference available free, helpful to pass the CompTIA 220-1102 exam and earn CompTIA 220-1102 certification.