Free CompTIA CySA+ CS0-003 Practice Question

During the recovery phase of an incident, you must restore a group of affected systems. All machines have a recent, verified clean backup available. However, you have been informed that a persistent threat actor had previously established a foothold in the network. What is the BEST step to ensure the re-imaging process prevents the actor from regaining access to the systems?

  • Integrate additional monitoring tools during the re-imaging process to increase surveillance.

  • Only install the latest security patches on the systems prior to re-imaging processes.

  • Re-image systems with the clean backup and modify default credentials and access controls before reconnection.

  • Perform a bare-metal restore and immediately reconnect systems to the network.

This question's topic:
CompTIA CySA+ CS0-003 / 
Incident Response and Management
Your Score:

Check or uncheck an objective to set which questions you will receive.