A penetration tester has concluded an assessment on a Windows server, during which they modified registry keys, disabled specific security services, and installed a custom toolkit to test endpoint defenses. Although the tester manually reverted most changes, management is concerned about residual risk from undiscovered modifications. Which of the following actions provides the highest assurance of restoring the server to its pre-assessment state?
Remove suspicious accounts in the user management console
Reload documented baseline images stored on separate media
Retrieve the configuration file from a remote server and overwrite the current version
Restrict inbound connections from newly established rules
Reloading a documented baseline image provides the highest assurance of returning a system to its pre-assessment state. This action ensures that all changes, including undocumented or hidden ones like rootkits or altered system files, are completely removed. Manually removing suspicious accounts or restricting network rules are important but incomplete cleanup steps that do not guarantee a full restoration. Overwriting a single configuration file is insufficient to revert system-wide changes, such as modified services or registry keys.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a baseline image in system recovery?
Open an interactive chat with Bash
Why are changes to inbound connections or user accounts insufficient for full system recovery?
Open an interactive chat with Bash
Why is retrieving a configuration file from a remote server incomplete for system restoration?