A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was exfiltrated. Which of the following incident response procedures is best suited to restore the server?
A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup.
B. Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan.
C. Format the storage and reinstall both the OS and the data from the most current backup.
D. Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised.
Answer: A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup.
You might also like to view...
A caption does not just refer to a description but can actually be a transcript of spoken words
Indicate whether the statement is true or false
You would perform an authoritative restore if an object such as a user, group, or OU was deleted by mistake because _____________________________
a. Performing a nonauthoratitive restore would only restore deleted objects temporarily, since AD DS replication would replicate the most recent copy back to the restored server, and the restored information would be lost b. An authoritative restore specifically queries for recently deleted objects c. An authoritative restore replicates changes made to the AD DS database since the last backup d. None of the above.
List the steps to locate, install, and then run a program or mobile app.
What will be an ideal response?
To create a public synonym, the user requires this privilege:
A. CREATE PUBLIC SYNONYM B. CREATE SYNONYM C. GRANT SYNONYM D. GRANT PUBLIC SYNONYM