A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was exfiltrated. Which of the following incident response procedures is best suited to restore the server?
A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup.
B. Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan.
C. Format the storage and reinstall both the OS and the data from the most current backup.
D. Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised.
Answer: A
Learn More :
SY0-401
- After a number of highly publicized and embarrassing customer data leaks as a result of social engineering attacks by phone, the Chief Information Officer (CIO) has decided user training will reduce the risk of another data leak. Which of the following would be MOST effective in reducing data leaks in this situation?
- Which of the following is BEST used to capture and analyze network traffic between hosts on the same network segment?
- Which of the following is BEST at blocking attacks and providing security at layer 7 of the OSI model?
- A bank has a fleet of aging payment terminals used by merchants for transactional processing. The terminals currently support single DES but require an upgrade in order to be compliant with security standards. Which of the following is likely to be the simplest upgrade to the aging terminals which will improve in-transit protection of transactional data?
- A merchant acquirer has the need to store credit card numbers in a transactional database in a high performance environment. Which of the following BEST protects the credit card data?
- Which of the following is true about input validation in a client-server architecture, when data integrity is critical to the organization?
- After analyzing and correlating activity from multiple sensors, the security administrator has determined that a group of very well organized individuals from an enemy country is responsible for various attempts to breach the company network, through the use of very sophisticated and targeted attacks. Which of the following is this an example of?
- A user attempting to log on to a workstation for the first time is prompted for the following information before being granted access: username, password, and a four-digit security pin that was mailed to him during account registration. This is an example of which of the following?
- Which of the following ciphers would be BEST used to encrypt streaming video?
- A server with the IP address of 10.10.2.4 has been having intermittent connection issues. The logs show repeated connection attempts from the following IPs:
- A network administrator has been tasked with securing the WLAN. Which of the following cryptographic products would be used to provide the MOST secure environment for the WLAN?
- Which of the following ports is used for SSH, by default?
- A network administrator is responsible for securing applications against external attacks. Every month, the underlying operating system is updated. There is no process in place for other software updates. Which of the following processes could MOST effectively mitigate these risks?
- A security administrator has concerns about new types of media which allow for the mass distribution of personal comments to a select group of people. To mitigate the risks involved with this media, employees should receive training on which of the following?
- A network administrator is configuring access control for the sales department which has high employee turnover. Which of the following is BEST suited when assigning user rights to individuals in the sales department?
- Which of the following should an administrator implement to research current attack methodologies?
- Encryption used by RADIUS is BEST described as:
- Due to limited resources, a company must reduce their hardware budget while still maintaining availability. Which of the following would MOST likely help them achieve their objectives?
- Deploying a wildcard certificate is one strategy to:
- A security manager must remain aware of the security posture of each system. Which of the following supports this requirement?
- Which of the following preventative controls would be appropriate for responding to a directive to reduce the attack surface of a specific host?
- Which of the following controls would allow a company to reduce the exposure of sensitive systems from unmanaged devices on internal networks?
- Which of the following is a step in deploying a WPA2-Enterprise wireless network?
- Which of the following implementation steps would be appropriate for a public wireless hot-spot?
- A network engineer is designing a secure tunneled VPN. Which of the following protocols would be the MOST secure?