220-1202 · topic practice

Malware Types and Removal practice questions

Practise CompTIA A+ Core 2 220-1202 Malware Types and Removal practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Malware Types and Removal

What the exam tests

What to know about Malware Types and Removal

Malware Types and Removal questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Malware Types and Removal exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Malware Types and Removal questions

20 questions · select your answer, then reveal the explanation

During a routine security audit, a technician discovers that a user's workstation has a program that records keystrokes and periodically sends the data to an external server. The user denies installing any software recently. Which type of malware is this?

A technician is investigating a security incident where multiple workstations on the same network are showing signs of infection: slow performance, unusual network traffic, and the presence of a file named 'svch0st.exe' in the Startup folder. The technician suspects a worm that spreads through network shares. What is the most effective containment strategy?

A technician is tasked with removing a persistent malware infection that survives reboots and re-infects the system even after a full antivirus scan in Safe Mode. The malware appears to hide in the Master Boot Record (MBR). Which removal method should the technician use?

A small business owner calls for support because all of their files on the server have been renamed with a .encrypted extension, and a text file named 'README_TO_DECRYPT.txt' appears on the desktop demanding a Bitcoin payment. What is the first step the technician should take?

Question 5hardmultiple choice
Read the full NAT/PAT explanation →

A technician is dealing with a zero-day malware infection that has evaded all signature-based antivirus scans. The malware is polymorphic, changing its code each time it infects a new system. Which approach is most likely to detect and remove this type of malware?

A user reports that their computer is infected with a virus and they have been trying to remove it using a free online scanner, but the problem persists. The technician suspects the malware may have disabled the antivirus software. Which safe mode should the technician use to run a full system scan?

A user reports that their system is running very slowly, and they see frequent pop-up ads even when no browser is open. They also notice that their default search engine has changed without their permission. Which type of malware is most likely causing these symptoms?

A user reports that their computer has been acting strangely: files are missing, and the mouse cursor moves on its own, opening programs and typing messages. The technician suspects a remote access Trojan (RAT). What is the most effective immediate action to stop the unauthorized access?

A technician is troubleshooting a Windows 10 workstation that displays a fake security alert claiming the system is infected and prompting the user to call a toll-free number. The user cannot close the alert window or open Task Manager. Which type of malware is causing this behavior, and what is the best removal approach?

A technician is removing malware from a Windows 10 PC and wants to ensure that no remnants remain in the registry or startup folders. After running an antivirus scan and deleting infected files, which additional step should the technician perform?

A user reports that their web browser's homepage has changed to an unfamiliar search engine, and new toolbars have appeared without their consent. They have not installed any new software recently. Which type of malware is most likely responsible?

A customer reports that their desktop computer is running extremely slowly, and they see frequent pop-up advertisements even when no browser is open. Task Manager shows a process named 'svch0st.exe' consuming 95% CPU. Which type of malware is most likely causing these symptoms?

A small business owner reports that all their Microsoft Office documents are now encrypted with a '.crypt' extension and a ransom note demands payment in cryptocurrency. They have a backup from last week stored on an external drive that was disconnected after the backup. What is the best recovery strategy?

A technician is investigating a security breach where sensitive customer data was exfiltrated. The only malware found is a hidden driver that intercepts keystrokes and sends them to a remote server. Which malware type is responsible, and what is the best removal strategy?

During a routine security audit, a technician discovers that a user's computer has a program that opens a backdoor on port 4444 and allows remote control. The program was installed alongside a free PDF converter the user downloaded last week. Which malware type is this, and what is the most effective removal method?

A technician is configuring a new Windows 11 workstation for a user who frequently downloads free software. To reduce the risk of malware infections from bundled applications, which security setting should be enabled?

A user reports that their computer is sending out a large amount of network traffic even when they are not using the internet. The antivirus detects a file named 'expl0rer.exe' in the startup folder. What type of malware is most likely causing this behavior?

A technician is troubleshooting a computer that displays a fake security alert claiming the system is infected and urging the user to call a toll-free number. The alert cannot be closed and appears on top of all other windows. What is the best removal approach?

A technician is cleaning a computer that has been infected with a rootkit. After running a standard antivirus scan, the malware is still detected on reboot. Which step should the technician take next to ensure complete removal?

During a security incident, a user's files have been renamed with a '.encrypted' extension, and a ransom note demands Bitcoin to restore them. The user has no backups. What is the most appropriate immediate action?

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Malware Types and Removal sessions

Start a Malware Types and Removal only practice session

Every question in these sessions is drawn from the Malware Types and Removal domain — nothing else.

Related practice questions

Related 220-1202 topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the 220-1202 exam test about Malware Types and Removal?
Malware Types and Removal questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Malware Types and Removal questions in a focused session?
Yes — the session launcher on this page draws every question from the Malware Types and Removal domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other 220-1202 topics?
Use the topic links above to move to related areas, or go back to the 220-1202 question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the 220-1202 exam covers. They are not copied from any real exam or dump site.