PDF 220-1102 Study Guide

Recovery mode is a special boot option that allows the user to access advanced tools and features to troubleshoot and remove malware from the device. Recovery mode can also restore the system to a previous state or reset the device to factory settings. Running System Restore, scheduling a scan, or restarting the PC may not be effective in removing the malware, as it may still be active or hidden in the system files.

Loading the system in safe mode is a common troubleshooting step that allows the technician to isolate the problem by disabling unnecessary drivers and services. This can help determine if the issue is caused by a faulty device, a corrupted system file, or a malware infection.

Ease of Access is a utility in the Control Panel that allows users to adjust various accessibility settings on Windows, such as the on-screen keyboard, magnifier, narrator, high contrast, etc. The on-screen keyboard can be turned on by going to Ease of Access > Keyboard and toggling the switch to On12. Alternatively, the on-screen keyboard can be opened by pressing Windows + Ctrl + O keys or by typing osk.exe in the Run dialog box3.

The scenario described in the question suggests that the workstation has been infected by a ransomware, which is a type of malware that encrypts the files on the target system and demands a ransom for the decryption key12. The file extension .enc is commonly used by some ransomware variants to mark the encrypted files34. The developer is unable to open the database files manually because they are encrypted and require the decryption key, which is usually held by the attacker.

The best option for recovering the data is to utilize the backups, assuming that the backups are recent, valid, and not affected by the ransomware. Backups are copies of the data that are stored in a separate location or device, and can be used to restore the data in case of a disaster, such as a ransomware attack . By restoring the data from the backups, the developer can avoid paying the ransom and losing the data permanently.

Accessing a restore point is not a good option, because restore points are snapshots of the system settings and configuration, not the data files. Restore points can help to undo some system changes, such as installing a faulty driver or software, but they cannot recover the encrypted data files .

Rebooting into safe mode is also not a good option, because safe mode is a diagnostic mode that allows the system to run with minimal drivers and services, but it does not affect the data files. Safe mode can help to troubleshoot some system issues, such as malware infections, but it cannot decrypt the data files .

Using an AV to scan the affected files is also not a good option, because an AV is a software that can detect and remove some malware, but it cannot decrypt the data files. An AV can help to prevent or remove some ransomware infections, but it cannot recover the encrypted data files .

References1: CompTIA A+ Certification Exam Core 2 Objectives, page 10 2: CompTIA A+ Core 2 (220-1102) Complete Video Course, Lesson 26 Documentation 3: How to remove .enc file virus (Ransomware virus removal guide) 4: Enc File Extension - What is an .enc file and how do I open it? : CompTIA A+ Certification Exam Core 2 Objectives, page 13 : CompTIA A+ Core 2 (220-1102) Complete Video Course, Lesson 26 Documentation : What is a restore point? : How to use System Restore on Windows 10 : [What is Safe Mode?] : [How to boot into Safe Mode on Windows 10] : CompTIA A+ Certification Exam Core 2 Objectives, page 10 : [Can antivirus software remove ransomware?]