An organization has detected a breach that resulted in unauthorized access to its customer database. Despite efforts to isolate the infected systems, the threat actor maintains persistence in the environment. Which of the following actions would be the MOST effective next step in the recovery process?
Re-image the infected systems to a known good state before reintegrating them back into the network environment.
Increase network monitoring to catch further malicious activities by the threat actor.
Disconnect the infected systems from the network and perform a basic clean-up using antivirus software.
Apply patches to the infected systems to close the vulnerabilities exploited by the threat actor.
Re-imaging the infected systems is considered an effective step in the eradication process as it ensures the complete removal of any malicious software or backdoors left by the threat actor. Simply disconnecting or performing basic clean-up on compromised systems may not guarantee the removal of all components of the threat.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does re-imaging a system involve?
Open an interactive chat with Bash
Why is using antivirus software alone not sufficient?
Open an interactive chat with Bash
What are the benefits of increasing network monitoring after a breach?