Which of the following incident response procedures is best suited to restore the server?

A server dedicated to the storage and processing of sensitive information was compromised
with a rootkit and sensitive data was exfiltrated. Which of the following incident response
procedures is best suited to restore the server?

A server dedicated to the storage and processing of sensitive information was compromised
with a rootkit and sensitive data was exfiltrated. Which of the following incident response
procedures is best suited to restore the server?

A.
Wipe the storage, reinstall the OS from original media and restore the data from the last
known good backup.

B.
Keep the data partition, restore the OS from the most current backup and run a full
system antivirus scan.

C.
Format the storage and reinstall both the OS and the data from the most current backup.

D.
Erase the storage, reinstall the OS from most current backup and only restore the data
that was not compromised.



Leave a Reply 0

Your email address will not be published. Required fields are marked *