Practice 220-1202 Malware Types and Removal questions with full explanations on every answer.
Start practicing
Malware Types and Removal — choose a session length
Free · No account required
Click any question to see the full explanation and answer options, or start a focused practice session above.
During a routine security audit, a technician discovers that a user's workstation has a program that records keystrokes and periodically sends the data to an external server. The user denies installing any software recently. Which type of malware is this?
2A technician is investigating a security incident where multiple workstations on the same network are showing signs of infection: slow performance, unusual network traffic, and the presence of a file named 'svch0st.exe' in the Startup folder. The technician suspects a worm that spreads through network shares. What is the most effective containment strategy?
3A technician is tasked with removing a persistent malware infection that survives reboots and re-infects the system even after a full antivirus scan in Safe Mode. The malware appears to hide in the Master Boot Record (MBR). Which removal method should the technician use?
4A small business owner calls for support because all of their files on the server have been renamed with a .encrypted extension, and a text file named 'README_TO_DECRYPT.txt' appears on the desktop demanding a Bitcoin payment. What is the first step the technician should take?
5A technician is dealing with a zero-day malware infection that has evaded all signature-based antivirus scans. The malware is polymorphic, changing its code each time it infects a new system. Which approach is most likely to detect and remove this type of malware?
6A user reports that their computer is infected with a virus and they have been trying to remove it using a free online scanner, but the problem persists. The technician suspects the malware may have disabled the antivirus software. Which safe mode should the technician use to run a full system scan?
7A user reports that their system is running very slowly, and they see frequent pop-up ads even when no browser is open. They also notice that their default search engine has changed without their permission. Which type of malware is most likely causing these symptoms?
8A user reports that their computer has been acting strangely: files are missing, and the mouse cursor moves on its own, opening programs and typing messages. The technician suspects a remote access Trojan (RAT). What is the most effective immediate action to stop the unauthorized access?
9A technician is troubleshooting a Windows 10 workstation that displays a fake security alert claiming the system is infected and prompting the user to call a toll-free number. The user cannot close the alert window or open Task Manager. Which type of malware is causing this behavior, and what is the best removal approach?
10A technician is removing malware from a Windows 10 PC and wants to ensure that no remnants remain in the registry or startup folders. After running an antivirus scan and deleting infected files, which additional step should the technician perform?
11A user reports that their web browser's homepage has changed to an unfamiliar search engine, and new toolbars have appeared without their consent. They have not installed any new software recently. Which type of malware is most likely responsible?
12A customer reports that their desktop computer is running extremely slowly, and they see frequent pop-up advertisements even when no browser is open. Task Manager shows a process named 'svch0st.exe' consuming 95% CPU. Which type of malware is most likely causing these symptoms?
13A small business owner reports that all their Microsoft Office documents are now encrypted with a '.crypt' extension and a ransom note demands payment in cryptocurrency. They have a backup from last week stored on an external drive that was disconnected after the backup. What is the best recovery strategy?
14A technician is investigating a security breach where sensitive customer data was exfiltrated. The only malware found is a hidden driver that intercepts keystrokes and sends them to a remote server. Which malware type is responsible, and what is the best removal strategy?
15During a routine security audit, a technician discovers that a user's computer has a program that opens a backdoor on port 4444 and allows remote control. The program was installed alongside a free PDF converter the user downloaded last week. Which malware type is this, and what is the most effective removal method?
16A technician is configuring a new Windows 11 workstation for a user who frequently downloads free software. To reduce the risk of malware infections from bundled applications, which security setting should be enabled?
17A user reports that their computer is sending out a large amount of network traffic even when they are not using the internet. The antivirus detects a file named 'expl0rer.exe' in the startup folder. What type of malware is most likely causing this behavior?
18A technician is troubleshooting a computer that displays a fake security alert claiming the system is infected and urging the user to call a toll-free number. The alert cannot be closed and appears on top of all other windows. What is the best removal approach?
19A technician is cleaning a computer that has been infected with a rootkit. After running a standard antivirus scan, the malware is still detected on reboot. Which step should the technician take next to ensure complete removal?
20During a security incident, a user's files have been renamed with a '.encrypted' extension, and a ransom note demands Bitcoin to restore them. The user has no backups. What is the most appropriate immediate action?
21A technician is investigating a computer that has been sending spam emails from the user's account without their knowledge. The user has not installed any new software recently. The technician finds a process running that matches a known botnet client. Which two steps should the technician take first to mitigate the threat?
22A user reports that their computer is displaying a message claiming their files are encrypted and they must pay 0.5 Bitcoin to a specific address to regain access. The user cannot open any documents or photos. What is the first step the technician should take to respond to this incident?
23A technician is troubleshooting a Windows 10 computer that exhibits strange behavior: system files are missing, and the computer fails to boot normally. A boot-time virus scan detects a virus that infected the Master Boot Record (MBR). Which tool should the technician use to repair the MBR?
24During a security incident, a technician discovers that a user's computer has a program that hides its processes from Task Manager and allows an attacker to remotely control the system. The technician suspects a rootkit. Which removal method is most effective for a rootkit?
25A technician is tasked with removing malware from a Windows 10 computer that has a Trojan horse that downloaded additional payloads. The technician has already run a full antivirus scan and removed the Trojan, but the computer still exhibits suspicious network activity. What should the technician do next?
26A customer reports that their Windows 10 computer is running very slowly, and they see frequent pop-up ads even when no browser is open. They also notice a new toolbar in their browser that they did not install. What type of malware is most likely causing these symptoms?
27A user reports that their computer is infected with a virus that has encrypted all their personal files and left a text file with instructions to pay a ransom. The technician has verified the infection is ransomware. The company has a backup policy. What is the best course of action to recover the data?
28During a routine security audit, a technician finds that a user's computer has an unknown program running that is sending keystrokes and screenshots to a remote server. The user did not install this program. Which type of malware is this?
29A user calls the help desk because their computer is running slowly and they see a fake antivirus program warning that their system is infected. The user cannot close the warning window. Which type of malware is this, and what is the best removal approach?
30A small business owner reports that all their employees are receiving emails from each other containing a link that, when clicked, downloads a file that installs a program that spreads to other contacts. The emails appear to come from known senders. What type of malware is this?
The Malware Types and Removal domain covers the key concepts tested in this area of the 220-1202 exam blueprint published by CompTIA. Courseiva provides free domain-focused practice, mock exams, missed-question review, and readiness tracking across all 220-1202 domains — no account required.
The Courseiva 220-1202 question bank contains 30 questions in the Malware Types and Removal domain. Click any question to see the full explanation and answer breakdown.
Start with a 10-question focused session to identify your baseline accuracy in this domain. Read every explanation — even for questions you answer correctly — to understand the reasoning. Once you score consistently above 80%, move to a 20–30 question session to confirm depth before moving to the next domain.
Yes — the session launcher on this page draws questions exclusively from the Malware Types and Removal domain. Choose 10, 20, 30, or 50 questions for a focused session, or click individual questions to review them one by one.
Save your results, see per-domain analytics, and get readiness scores — free, for every certification.
Sign Up FreeFree forever · Every certification included