During an incident response operation, a compromised server needs to be restored to a trusted state. Describe the proper action to re-image the server effectively.
Perform a system restore from the compromised server's own backup files.
Install the latest operating system patches and restore system settings from a recent backup.
Erase the current system and install a pre-configured, verified clean image
Run a comprehensive antivirus program to clean the malware and then update security patches.
The correct action in re-imaging a compromised server is to replace its current system image with a clean, known-good image. This involves erasing the current system to remove any potential malware or unauthorized changes and then installing a pre-configured image that is verified to be secure. Failing to use a clean image or not verifying the image can allow threats to persist. Pulling backups from the potentially compromised server or running standard antivirus software alone is insufficient.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a pre-configured, verified clean image?
Open an interactive chat with Bash
Why is erasing the current system important before re-imaging?
Open an interactive chat with Bash
What are the risks of using backup files from a compromised server?