After a security breach that resulted in data loss, which of the following is the BEST step to restore the affected systems to their operational state?
Re-image affected systems with the latest system images
Wipe the drives and perform system replication from a similar environment
Use verified backups to restore affected systems
Apply the latest security patches to affected systems
To correctly restore affected systems to their operational state after a breach, it is crucial to utilize verified backups. Verified backups have been checked for integrity and are free from the corruption or compromise that affected the original data. Using the latest system images would not be ideal as they might contain vulnerabilities that led to the breach. Applying the latest patches does not address the data loss issue. Simply wiping the drives could result in further data loss if no backup is available. Replication, while useful for high availability, may propagate the breach effects if not segregated and verified.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why are verified backups critical in restoring systems after a breach?
Open an interactive chat with Bash
What steps are involved in verifying the integrity of a backup?
Open an interactive chat with Bash
When is re-imaging a system a better option than restoring from a backup?