After isolating a network segment due to an incident, an analyst identifies that the affected systems are part of a distributed high-availability cluster. Remediation must occur with minimal downtime. Which of the following remediation techniques should the analyst employ FIRST?
Re-image all affected nodes simultaneously and restore services once verification is complete.
Restore all nodes from the most recent backup after confirming no signs of compromise in the backup.
Apply security patches to the nodes without re-imaging, to return to operational status quickly.
Re-image nodes one at a time, ensuring that the rest of the cluster is operational throughout the process.
Re-imaging nodes one at a time, while ensuring the rest of the cluster continues to function, is the correct remediation technique in this scenario. This approach allows for maintaining high-availability and business continuity while each node is being addressed sequentially. Re-imaging all nodes simultaneously would reduce the redundancy and could lead to downtime, violating the high-availability requirement. Patching without re-imaging may not remove the threat completely if the system is deeply compromised, and restoring from backup is an option only after confirming the backups are clean and doing so one at a time to maintain uptime.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a distributed high-availability cluster?
Open an interactive chat with Bash
What does re-imaging a node entail?
Open an interactive chat with Bash
Why is it important to maintain high availability during remediation?