20+ practice questions focused on Malware Types and Removal — one of the most tested topics on the CompTIA A+ Core 2 220-1202 exam. Each question includes a detailed explanation so you learn why the right answer is correct.
Start Malware Types and Removal PracticeDuring a routine security audit, a technician discovers that a user's workstation has a program that records keystrokes and periodically sends the data to an external server. The user denies installing any software recently. Which type of malware is this?
Explanation: A keylogger is a type of spyware that records keystrokes to capture sensitive information like passwords. It often operates stealthily without the user's knowledge, matching the scenario where the user did not install anything. Spyware is the broader category, but keylogger is the specific variant described.
A technician is investigating a security incident where multiple workstations on the same network are showing signs of infection: slow performance, unusual network traffic, and the presence of a file named 'svch0st.exe' in the Startup folder. The technician suspects a worm that spreads through network shares. What is the most effective containment strategy?
Explanation: A worm that spreads via network shares requires immediate network segmentation to stop propagation. Disabling the network shares on all workstations and isolating infected systems from the network prevents the worm from reaching other devices. Patching the vulnerability used for spread (e.g., SMB) is also critical, but containment is the priority.
A technician is tasked with removing a persistent malware infection that survives reboots and re-infects the system even after a full antivirus scan in Safe Mode. The malware appears to hide in the Master Boot Record (MBR). Which removal method should the technician use?
Explanation: MBR malware infects the boot sector, loading before the operating system, which allows it to survive standard scans and Safe Mode. The most effective removal is to use the Windows Recovery Environment (WinRE) with bootrec /fixmbr and bootrec /fixboot commands. This overwrites the infected boot sector. If that fails, a full reinstall may be necessary.
A small business owner calls for support because all of their files on the server have been renamed with a .encrypted extension, and a text file named 'README_TO_DECRYPT.txt' appears on the desktop demanding a Bitcoin payment. What is the first step the technician should take?
Explanation: The first step in a ransomware incident is to isolate the infected system from the network to prevent the malware from spreading to other devices. Paying the ransom is discouraged as it does not guarantee data recovery and funds criminal activity. After isolation, the technician can assess the damage and attempt recovery from backups.
A technician is dealing with a zero-day malware infection that has evaded all signature-based antivirus scans. The malware is polymorphic, changing its code each time it infects a new system. Which approach is most likely to detect and remove this type of malware?
Explanation: Polymorphic malware changes its signature, making signature-based detection ineffective. Heuristic analysis and behavior-based detection tools, such as those used by advanced endpoint detection and response (EDR) solutions, can identify malware based on suspicious actions rather than static signatures. Running a tool that uses heuristic scanning can detect the malware's behavior, such as file encryption or unauthorized registry changes.
+15 more Malware Types and Removal questions available
Practice all Malware Types and Removal questions1. Baseline your knowledge
Start with 10 questions to gauge your current understanding of Malware Types and Removal. This tells you whether you need a concept refresher or just practice.
2. Review every explanation
For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.
3. Focus on exam traps
Malware Types and Removal questions on the 220-1202 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.
4. Reach 80% consistently
Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.
The exact number varies per candidate. Malware Types and Removal is tested as part of the CompTIA A+ Core 2 220-1202 blueprint. Practicing with targeted Malware Types and Removal questions ensures you can handle any format or difficulty that appears.
Yes. Courseiva provides free 220-1202 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.
Difficulty is subjective, but Malware Types and Removal is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.
Launch a full Malware Types and Removal practice session with instant scoring and detailed explanations.
Start Malware Types and Removal Practice →