CompTIA Security+ SY0-701 Practice Question

A rootkit is a type of malware known for its ability to hide its existence from standard detection methods, making it notoriously challenging to remove. While updating antivirus signatures is important for prevention and containment, it might not effectively remove an advanced rootkit. The use of a trusted clean recovery environment or operating system to run the eradication process is generally accepted as the best method to ensure that the rootkit is not able to evade removal efforts, as it may do if the infected operating system is used for removal. Patching the server is a key step in preventing future infections, but it does not address removing the existing rootkit. Lastly, turning off the server would indeed stop all current rootkit activity, but it is not practically viable in this context since the organization requires the server to remain operational for critical tasks, and the rootkit would likely still be present when the server is restarted.