After a security breach that resulted in data loss, which of the following is the BEST step to restore the affected systems to their operational state?
Apply the latest security patches to affected systems
Use verified backups to restore affected systems
Wipe the drives and perform system replication from a similar environment
Re-image affected systems with the latest system images
To correctly restore affected systems to their operational state after a breach, it's crucial to utilize verified backups. Verified backups have been checked for integrity and are free from the corruption or compromise that affected the original data. Using the latest system images would not be ideal as they might contain vulnerabilities that led to the breach. Applying the latest patches does not address the data loss issue and simply wiping the drives could result in further data loss if no backup is available. Replication, while useful for high availability, may propagate the breach effects if not segregated and verified.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are verified backups and why are they important?
Open an interactive chat with Bash
What does it mean to re-image a system and why might it be risky after a breach?
Open an interactive chat with Bash
Why is applying the latest security patches not sufficient for data loss restoration?