Exam 220-1102 All QuestionsBrowse all questions from this exam
Go to Exam
Question 10

A help desk technician is troubleshooting a workstation in a SOHO environment that is running above normal system baselines. The technician discovers an unknown executable with a random string name running on the system. The technician terminates the process, and the system returns to normal operation. The technician thinks the issue was an infected file, but the antivirus is not detecting a threat. The technician is concerned other machines may be infected with this unknown virus. Which of the following is the MOST effective way to check other machines on the network for this unknown threat?

    Correct Answer: B

    The most effective way to check other machines on the network for an unknown threat is to provide a sample of the executable to the antivirus vendor. The vendor can analyze the sample, develop detection signatures, and update their antivirus definitions. This ensures that all machines running the updated antivirus software will be able to detect and handle the threat. This method is comprehensive and efficient, as it leverages the expertise and resources of the antivirus vendor to protect all machines in the network.

Discussion
AntwonOption: C

It's a SOHO environment, meaning there are only a few machines. You can certainly manually check each one.

twobuckchuck

Have you ever heard the phrase "Size doesn't matter"

alexandrasexy

Actually, size does matter!

techteacherOption: C

I'm not sure how sending a sample to the vendor will help with checking other machines.

rodwave

The network being a SOHO environment is important here because manually checking each machine wouldn't really be practical in a large network, since it would be time-consuming. Since an enterprise would likely deploy the same AV across a network, you could send a sample to an AV vendor where they could create detection signatures that the vendor can use to update the AV agents deployed across a network. Again, not really something a small network would find necessary.

MehsotopesOption: B

B makes sense for this answer, because it would be easier to consult the antivirus distributor to set an automated way to check codes inside of machine that has this rogue line and to add it to their definitions incase the attack/mistake is created again. You can check each individually, but it's less inefficient and has less long term security.

AdamRachelOption: B

it is clearly stated that the virus is unknown to the technician. so the best way will be to send a sample to the vendor so they can send some useful information as they have a bigger base?

willywwOption: C

they are asking MOST effective way to check other machines not how to remediate the unknow virus, The script seems like a good idea but the technician does not have a specific file, option b is ruled out because they are not asking how to remedy the virus, option d does not make much sense, I think the most logical is option c

Jay23AmMonsIVOption: B

Here's why this is the best approach: The antivirus vendor can analyze the unknown executable to determine if it is indeed a new or variant form of malware. They have the expertise and tools to thoroughly investigate the file. If the file is confirmed to be malicious, the antivirus vendor can update their virus definitions to detect and remove the threat. This ensures that all machines protected by their antivirus software will be able to detect and handle the malware. This approach not only protects the machines within the current network but also helps other users globally who might be exposed to the same threat. While other options like running a startup script, manually checking each machine, or monitoring outbound network traffic can help in identifying or mitigating the issue, they are less comprehensive and may miss variations of the malware or fail to detect it completely. Providing a sample to the antivirus vendor ensures a thorough and expert analysis, leading to a more robust and effective solution.

Tural038Option: C

The answer is C

b0bbyOption: C

I can't answer this question. C is good for RIGHT NOW. B is good for LONG TERM. How long before Antivirus will be updated? This is a serious question I do not know the answer. SOHO size may determine which i do first.

yutfaceOption: B

Chat GPT by itself I often mistrust for these questions. But when Gemini suggests the same answer, I am more inclined to believe it. They both picked B: Here's why: Targeted approach: Submitting the unknown executable to the antivirus vendor allows them to analyze the file and potentially identify the threat. This targeted approach can lead to the creation of specific signatures that can accurately detect the threat on other machines. Scalability: Compared to manually checking each machine (option C), submitting a sample is much more efficient, especially in a SOHO environment with multiple devices. Future protection: If the vendor identifies the threat and creates a signature, it will not only help detect existing infections but also prevent future infections on all protected machines. Here's why not C: This is very time-consuming and impractical, even in a SOHO environment of up to 10 people. Additionally, manual searches might miss the threat if it's hiding or disguised.

DBregaOption: B

C would be feasible in a SOHO, but it is far from being the MOST EFFECTIVE way of dealing with viruses, unless you are a professional malware analyzer, and better than a whole team analyzing it, as it would be in a Antivirus vendor company. Spoiler, you aren't.

Psyc00Option: B

B. Provide a sample to the antivirus vendor. Providing a sample of the unknown executable to the antivirus vendor is a prudent step to identify and address the potential threat. Antivirus vendors can analyze the sample, develop detection signatures, and provide updates to their antivirus software to detect and remove the threat from other machines on the network. This approach helps protect all machines in the network without having to manually check each one (Option C), which can be time-consuming and less effective. Monitoring outbound network traffic (Option D) may help identify suspicious activity but may not directly lead to the identification of the specific threat. Running a startup script to remove files by name (Option A) may not be effective if the threat has multiple variants with random string names.

Onero_1zOption: B

"the most effective way" so i think its B. CHATGPT also said is B

FootieprogrammerOption: C

Easy to check SOHO network units manually, given that there are only a few units

glenpharmdOption: B

Given these options, B. Provide a sample to the antivirus vendor is the MOST effective way to check other machines on the network for this unknown threat. This way, once the vendor updates their definitions, all machines running the updated antivirus will be able to detect and potentially remove the threat

Onero_1zOption: C

the question made it clear stating "checking other machines" which makes c the right answer

PhrankOption: D

The MOST effective way to check other machines on the network for the unknown threat would be option D: Monitor outbound network traffic. By monitoring outbound network traffic, the technician can identify any network activity associated with the unknown executable. This can provide valuable information about the extent of the infection, including the number of machines affected, the nature of the traffic, and any communication with external servers.

ronniehaangOption: C

The most effective way to check other machines on the network for the unknown threat is to manually check each machine. Option C is the correct answer. Manually checking each machine on the network is the most effective way to identify whether any other machines are infected with the same unknown threat. This may involve running scans with various antivirus and anti-malware tools, reviewing system logs for suspicious activity, and inspecting system files for any anomalies. The technician should also interview users to see if they have experienced any unusual activity on their machines.

ronniehaang

Running a startup script that removes files by name (Option A) may remove the file from infected machines, but it will not identify other machines that are infected with the same threat. Providing a sample to the antivirus vendor (Option B) is a good step in detecting and preventing the spread of the threat, but it may take some time before the antivirus vendor can provide a detection and removal solution. Monitoring outbound network traffic (Option D) may help identify whether any machines are communicating with known malicious servers, but it may not be effective in identifying this unknown threat. In conclusion, manually checking each machine on the network is the most effective way to identify whether other machines are infected with the same unknown threat.