During the recovery phase of an incident, you must restore a group of affected systems. All machines have a recent, verified clean backup available. However, you have been informed that a persistent threat actor had previously established a foothold in the network. What is the BEST step to ensure the re-imaging process prevents the actor from regaining access to the systems?
Re-image systems with the clean backup and modify default credentials and access controls before reconnection.
Only install the latest security patches on the systems prior to re-imaging processes.
Perform a bare-metal restore and immediately reconnect systems to the network.
Integrate additional monitoring tools during the re-imaging process to increase surveillance.
The correct answer is 'Re-image systems with the clean backup and modify default credentials and access controls before reconnection.' In the case of a persistent threat actor, it is essential to assume that simply restoring a clean backup is insufficient if default credentials or predictable access controls remain unchanged, as the actor could potentially regain access using the same methods as before. The response encompasses not just restoration from a clean backup but also emphasizes altering access mechanisms to prevent the recurrence of the breach. 'Perform a bare-metal restore and immediately reconnect systems to the network' fails to consider that unchanged credentials can be reused by the adversary. 'Install the latest patches prior to re-imaging' is important for system security, but it does not directly thwart an actor who may have knowledge of current credentials or backdoors. 'Integrate additional monitoring tools during the re-imaging process' may help with detection of future breaches but does not necessarily impede the threat actor from accessing the systems using the same methods as before.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are default credentials and why are they a risk?
Open an interactive chat with Bash
What is a clean backup and why is it essential?
Open an interactive chat with Bash
What are access controls and how do they help prevent breaches?