After a security breach has been contained, an organization must eradicate the threat to prevent further damage. Which of the following actions is the MOST effective way to ensure a sophisticated rootkit is completely removed from a critical server, while maintaining the server's availability for ongoing mission-critical operations?
Powering off the server until a suitable removal method is determined.
Booting to a known clean recovery environment to conduct rootkit removal.
Patching the server with the latest security updates.
Updating antivirus signatures and rerunning a full scan.