A technician is troubleshooting a computer that has been infected with ransomware. The ransomware encrypted files and left a note demanding payment. After removing the malware, what is the most important step to prevent future infections?
Backups mitigate data loss, and user education reduces the likelihood of future infections.
Why this answer
Option C is correct because ransomware often enters through phishing emails or unpatched vulnerabilities. While removing the malware is necessary, preventing future infections requires a combination of user education to avoid phishing attempts and a strict backup policy to ensure data can be restored without paying the ransom. Without addressing the root cause (user behavior and data resilience), the system remains vulnerable to reinfection.
Exam trap
CompTIA often tests the misconception that technical controls alone (like reinstalling the OS or updating software) are sufficient, when in reality, user education and backup policies are the most critical steps to prevent future ransomware infections.
How to eliminate wrong answers
Option A is wrong because reinstalling the operating system removes the malware but does not address the underlying security gaps (e.g., unpatched software or user susceptibility to phishing) that allowed the infection. Option B is wrong because updating software patches known vulnerabilities, but it does not prevent infections caused by user actions like opening malicious email attachments or visiting compromised websites. Option D is wrong because disabling all browser plugins is overly restrictive and does not address the primary infection vector (phishing emails or drive-by downloads), nor does it protect against ransomware that arrives via other means like malicious macros in documents.