CompTIA Server+ (SK0-005) — Question 221

IDS alerts indicate abnormal traffic patterns are coming from a specific server in a data center that hosts sensitive data. Upon further investigation, the server administrator notices this server has been infected with a virus due to an exploit of a known vulnerability from its database software. Which of the following should the administrator perform after removing the virus to mitigate this issue from reoccurring and to maintain high availability? (Choose three.)

Answer options

• A. Run a vulnerability scanner on the server.
• B. Repartition the hard drive that houses the database.
• C. Patch the vulnerability.
• D. Enable a host firewall.
• E. Reformat the OS on the server.
• F. Update the antivirus software.
• G. Remove the database software.
• H. Air gap the server from the network.

Correct answer: A, C, F

Explanation

Running a vulnerability scanner (A), patching the vulnerability (C), and updating the antivirus software (F) are essential steps to prevent future infections and maintain the security of the server. The other options, while they may have their uses, do not directly address the need for vulnerability management, software updates, or immediate security measures relevant to the current situation.