A server dedicated to the storage and processing of sensitive information was compromised with a
rootkit and sensitive data was exfiltrated. Which of the following incident response procedures is
best suited to restore the server?
A.
Wipe the storage, reinstall the OS from original media and restore the data from the last known
good backup.
B.
Keep the data partition, restore the OS from the most current backup and run a full system
antivirus scan.
C.
Format the storage and reinstall both the OS and the data from the most current backup.
D.
Erase the storage, reinstall the OS from most current backup and only restore the data that was
not compromised.