comptia-a-plus-core2/quizzes/SEC-6-quiz.md

# SEC-6 Quiz: Malware Removal Process

Take this after studying `notes/SEC-6-malware-removal-process.md`.

Reply with answers like:
`1B 2A 3D 4C 5B 6A 7D`

## Questions

1. What is the first step in the malware removal process?

A. Educate the end user  
B. Investigate and verify symptoms  
C. Reimage immediately  
D. Enable System Restore  

2. After verifying malware symptoms, what should be done next?

A. Create a restore point  
B. Re-enable System Protection  
C. Install random cleanup tools  
D. Quarantine the infected system  

3. Why is System Restore/System Protection disabled before remediation?

A. It improves Wi-Fi range  
B. It resets the BIOS password  
C. Malware may be stored in restore points  
D. It assigns DHCP addresses  

4. After malicious files are remediated, what should be updated before scanning?

A. Desktop wallpaper  
B. Anti-virus/anti-malware signatures and engine  
C. Monitor refresh rate  
D. Printer queue  

5. If malware cannot be trusted as fully removed, especially with persistent infection, what is often the best response?

A. Ignore the issue  
B. Disable all updates  
C. Share the files over the network  
D. Reimage or reinstall from known-good media/image  

6. When should System Protection be re-enabled and a restore point created?

A. After cleanup, updates, and scans are complete  
B. Before quarantine  
C. Before investigating symptoms  
D. While malware is still active  

7. What is the final step in the malware removal process?

A. Disable the firewall permanently  
B. Delete all backups  
C. Educate the end user  
D. Turn off antivirus  

8. What is the correct order of the first three steps in the CompTIA malware removal process?

A. Scan → Quarantine → Educate  
B. Reimage → Update → Educate  
C. Identify and research → Quarantine → Disable System Restore  
D. Update signatures → Scan → Report  

9. An infected system is connected to the corporate network. What is the immediate risk if not quarantined?

A. The system will run out of disk space  
B. The malware could spread to other systems on the network  
C. System Restore will fail  
D. Antivirus signatures will not update  

10. A user was tricked into running a malicious file from a phishing email. Which step in the removal process addresses preventing this from happening again?

A. Quarantine  
B. Disable System Restore  
C. Educate the end user  
D. Run a full scan  

11. Which scanning tool is recommended for a second-opinion scan during malware removal?

A. A dedicated on-demand scanner from a different vendor than the primary AV  
B. The same antivirus already installed  
C. System Restore  
D. Task Manager only  

12. After malware removal, a technician checks that the system is fully patched. What is the reason?

A. Patches change file permissions automatically  
B. Vulnerabilities may have been exploited or left open and need to be closed  
C. Updates reset System Restore  
D. Patches disable antivirus  

13. A technician runs a full scan and the system appears clean. What should be done before returning the machine to the user?

A. Delete all backups  
B. Skip re-enabling System Protection  
C. Verify system functionality, re-enable System Protection, and create a restore point  
D. Immediately reimage  

14. Why is System Restore disabled before running remediation scans?

A. System Restore blocks antivirus tools from running  
B. Restore points may contain copies of the malware that could re-infect after cleanup  
C. System Restore uses extra CPU during scans  
D. It forces the network adapter to disable  

15. After completing all cleanup and verification steps, what is the very last thing to do?

A. Disable the firewall permanently  
B. Delete all backups  
C. Educate the end user on how to avoid reinfection  
D. Turn off antivirus  

## Answer Key For Instructor

1. B
2. D
3. C
4. B
5. D
6. A
7. C
8. C
9. B
10. C
11. A
12. B
13. C
14. B
15. C