CompTIA Security+ (SY0-601) — Question 858

A web server has been compromised due to a ransomware attack. Further investigation reveals the ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services back up as soon as possible. Which of the following should the administrator use to restore services to a secure state?

Answer options

• A. The last incremental backup that was conducted 72 hours ago
• B. The last known-good configuration
• C. The last full backup that was conducted seven days ago
• D. The baseline OS configuration

Correct answer: C

Explanation

The correct answer is C because a full backup from seven days ago will provide a clean state of the server before the ransomware infection occurred. Option A is inadequate since it only captures changes made in the last 72 hours, including the ransomware. Option B may not have the necessary files for complete recovery, and option D does not ensure the restoration of data before the attack.