CompTIA Updated 220-1202 Exam Questions and Answers by alexia

The correct answer is C. Perform a clean installation . When ransomware has encrypted files and the organization does not pay the ransom, the priority is to remove all traces of malware and rebuild the system from a trusted state. Quentin Docter’s Complete Study Guide explains that in ransomware situations, remediation may not be possible because user files are encrypted. It further states that in cases where no one can be certain what the malware payload has done, the proper remediation might be to sanitize the drive and reinstall the operating system from an image or manually reinstall it. A recovery partition or Windows Recovery Environment repair may leave infected files, settings, persistence mechanisms, or damaged user data behind. Upgrading to Windows 11 does not guarantee malware removal. A clean installation removes the existing compromised OS and provides the best path to full operation, followed by restoring clean data from known-good backups.

To prevent external access, the technician should avoid exposing the surveillance system’s port to the public internet. Port mapping (also known as port forwarding) is the method used to control which internal devices and ports are accessible from the outside. By not configuring port forwarding for the device, external login attempts are effectively blocked.

B. Subnetting organizes IP addresses but doesn ' t directly restrict access.

C. A static IP ensures consistent addressing but does not secure access.

D. Content filtering is used to restrict web content, not to block access to a web interface.

After containment and remediation, one of the final steps in incident response is user education. Since the root cause was a phishing attack, it is essential to educate users about identifying phishing attempts, safe browsing practices, and how to handle suspicious communications. This improves overall security posture and helps prevent future incidents.

A. Installing additional tools may be helpful but is a long-term step.

C. Flashing router firmware is not warranted unless the network hardware is known to be compromised.

D. Suggesting more advanced tools might be excessive given that the EDR successfully contained the incident.

“No OS found” commonly indicates the firmware can’t locate boot instructions for the installed OS. If the drive isn’t obviously failing (no unusual noises) and BIOS/UEFI settings are reasonable, a classic cause is a corrupt Master Boot Record (MBR) (on MBR-partitioned disks). Mike Meyers’ Lab Manual explains that when BIOS can’t find an OS, causes may include configuration issues or drive problems, but also states: “If the correct drive is already first in the boot sequence, the master boot record… may be corrupt and need to be rebuilt.”

The Lab Manual also explains what the MBR does: the first sector contains boot code that informs the system about installed operating systems, and “without this bit of code, your OS will never load.” The All-in-One guide describes the same: BIOS looks at the first sector for instructions, and without the MBR code, the OS won’t load.

NTFS corruption wouldn’t typically present as “no OS found” at the firmware stage, and TPM issues usually create different security/boot errors. Therefore, MBR (D) is most likely.