Courseiva
Knowledge + Practice
CertificationsVendorsCareer RoadmapsLabs & ToolsStudy GuidesGlossaryPractice Questions
C
Courseiva

Free IT certification practice questions with explained answers for CCNA, CompTIA, AWS, Azure, Google Cloud, and more.

Certification Practice Questions

CCNA practice questionsSecurity+ SY0-701 practice questionsAWS SAA-C03 practice questionsAZ-104 practice questionsAZ-900 practice questionsCLF-C02 practice questionsA+ Core 1 practice questionsGoogle Cloud ACE practice questionsCySA+ CS0-003 practice questionsNetwork+ N10-009 practice questions
View all certifications →

Product

CertificationsCertification PathsExam TopicsPractice TestsExam Dumps vs Practice TestsStudy HubComparisons

Company

AboutContactEditorial PolicyQuestion Writing PolicyTrust Center

Legal

Privacy PolicyTerms of Service

Courseiva is a free IT certification practice platform offering original exam-style practice questions, detailed explanations, topic-based practice, mock exams, readiness tracking, and study analytics for Cisco, CompTIA, Microsoft, AWS, and other technology certifications.

© 2026 Courseiva. Courseiva is operated by JTNetSolutions Ltd. All rights reserved.

Courseiva is an independent certification practice platform and is not affiliated with, endorsed by, or sponsored by Cisco, Microsoft, AWS, CompTIA, Google, ISC2, ISACA, or any other certification vendor. Vendor names and certification marks are used only to identify the exams learners are preparing for.

HomeCertifications220-1202TopicsMalware Types and Removal
Free · No Signup RequiredCompTIA · 220-1202

220-1202 Malware Types and Removal Practice Questions

20+ practice questions focused on Malware Types and Removal — one of the most tested topics on the CompTIA A+ Core 2 220-1202 exam. Each question includes a detailed explanation so you learn why the right answer is correct.

Start Malware Types and Removal Practice

Exam Domains

Windows OS Features and ToolsWindows Settings and Control PanelWindows Command-Line ToolsWindows Administrative ToolsmacOS Features and ToolsLinux Commands and File PermissionsMobile OS Features and ToolsAll domains →

Study Tools

Practice TestMock ExamFlashcardsAll Topics

Sample Malware Types and Removal Questions

Practice all 20+ →
1.

During a routine security audit, a technician discovers that a user's workstation has a program that records keystrokes and periodically sends the data to an external server. The user denies installing any software recently. Which type of malware is this?

A.Trojan horse
B.Worm
C.Keylogger
D.Ransomware

Explanation: A keylogger is a type of spyware that records keystrokes to capture sensitive information like passwords. It often operates stealthily without the user's knowledge, matching the scenario where the user did not install anything. Spyware is the broader category, but keylogger is the specific variant described.

2.

A technician is investigating a security incident where multiple workstations on the same network are showing signs of infection: slow performance, unusual network traffic, and the presence of a file named 'svch0st.exe' in the Startup folder. The technician suspects a worm that spreads through network shares. What is the most effective containment strategy?

A.Run a full antivirus scan on all workstations simultaneously.
B.Disable network shares and isolate infected workstations from the network.
C.Update the antivirus definitions on one workstation and scan it.
D.Reboot all workstations into Safe Mode with Networking.

Explanation: A worm that spreads via network shares requires immediate network segmentation to stop propagation. Disabling the network shares on all workstations and isolating infected systems from the network prevents the worm from reaching other devices. Patching the vulnerability used for spread (e.g., SMB) is also critical, but containment is the priority.

3.

A technician is tasked with removing a persistent malware infection that survives reboots and re-infects the system even after a full antivirus scan in Safe Mode. The malware appears to hide in the Master Boot Record (MBR). Which removal method should the technician use?

A.Run a system file checker (sfc /scannow) from within Windows.
B.Use the Windows Recovery Environment to run bootrec /fixmbr.
C.Perform a clean installation of Windows without formatting the drive.
D.Disable System Restore and delete all restore points.

Explanation: MBR malware infects the boot sector, loading before the operating system, which allows it to survive standard scans and Safe Mode. The most effective removal is to use the Windows Recovery Environment (WinRE) with bootrec /fixmbr and bootrec /fixboot commands. This overwrites the infected boot sector. If that fails, a full reinstall may be necessary.

4.

A small business owner calls for support because all of their files on the server have been renamed with a .encrypted extension, and a text file named 'README_TO_DECRYPT.txt' appears on the desktop demanding a Bitcoin payment. What is the first step the technician should take?

A.Pay the ransom to get the decryption key immediately.
B.Disconnect the server from the network.
C.Run a full antivirus scan on the server.
D.Restore files from a recent backup immediately.

Explanation: The first step in a ransomware incident is to isolate the infected system from the network to prevent the malware from spreading to other devices. Paying the ransom is discouraged as it does not guarantee data recovery and funds criminal activity. After isolation, the technician can assess the damage and attempt recovery from backups.

5.

A technician is dealing with a zero-day malware infection that has evaded all signature-based antivirus scans. The malware is polymorphic, changing its code each time it infects a new system. Which approach is most likely to detect and remove this type of malware?

A.Update the antivirus to the latest signature definitions and run a full scan.
B.Use a bootable antivirus rescue disk to scan the system before the OS loads.
C.Employ a heuristic-based or behavior-based malware removal tool.
D.Reinstall the operating system from a known-good backup.

Explanation: Polymorphic malware changes its signature, making signature-based detection ineffective. Heuristic analysis and behavior-based detection tools, such as those used by advanced endpoint detection and response (EDR) solutions, can identify malware based on suspicious actions rather than static signatures. Running a tool that uses heuristic scanning can detect the malware's behavior, such as file encryption or unauthorized registry changes.

+15 more Malware Types and Removal questions available

Practice all Malware Types and Removal questions

How to master Malware Types and Removal for 220-1202

1. Baseline your knowledge

Start with 10 questions to gauge your current understanding of Malware Types and Removal. This tells you whether you need a concept refresher or just practice.

2. Review every explanation

For each question — right or wrong — read the full explanation. Understanding why an answer is correct is more valuable than knowing the answer itself.

3. Focus on exam traps

Malware Types and Removal questions on the 220-1202 frequently use trap wording. Look for subtle differences in answers that test your precision, not just general knowledge.

4. Reach 80% consistently

Do repeated sessions until you score 80%+ three times in a row. Then move to mixed-mode practice to test cross-topic recall under realistic conditions.

Frequently asked questions

How many 220-1202 Malware Types and Removal questions are on the real exam?

The exact number varies per candidate. Malware Types and Removal is tested as part of the CompTIA A+ Core 2 220-1202 blueprint. Practicing with targeted Malware Types and Removal questions ensures you can handle any format or difficulty that appears.

Are these 220-1202 Malware Types and Removal practice questions free?

Yes. Courseiva provides free 220-1202 practice questions across all exam topics and domains. The platform includes topic-based practice, mock exams, missed-question review, bookmarked questions, and readiness tracking — no account required.

Is Malware Types and Removal one of the harder 220-1202 topics?

Difficulty is subjective, but Malware Types and Removal is a high-priority exam concept tested in multiple ways — direct recall, scenario analysis, and command-output interpretation. Consistent practice is the best way to build confidence.

Ready to practice?

Launch a full Malware Types and Removal practice session with instant scoring and detailed explanations.

Start Malware Types and Removal Practice →

Topic Info

Topic

Malware Types and Removal

Exam

220-1202

Questions available

20+