Certified Ethical Hacker (CEH v13) — Question 287

As a cybersecurity analyst at XYZ Corp., you’re examining system logs and notice an array of activities that suggest the presence of an elusive rootkit. Given the stealthy nature of rootkits, their detection and eradication are pivotal to maintaining system security and preventing data compromise. Assessing the system, you find the rootkit has been embedded deeply within the operating system kernel.

In this critical situation, which strategy should you follow to remediate the rootkit effectively while minimizing potential damage?

Answer options

• A. Take the extreme measure of initiating a complete system format, followed by reinstalling the operating system from a trusted source.
• B. Immediately opt for the radical approach, which includes powering down the system and disconnecting it from the network, to cease the rootkit’s activities.
• C. Employ a systematic, multi-layered strategy, starting with the deployment of a specialized rootkit detection tool to verify the presence and type of rootkit, followed by an appropriately tailored removal procedure, specific to the identified rootkit.
• D. Implement a proactive defensive strategy by running a variety of high-interaction honeypots on the network, aiming to lure the attacker and reveal their tactics.

Correct answer: C

Explanation

The correct answer, C, is the best approach as it involves a systematic method to accurately detect and remove the rootkit, minimizing the risk of further damage. Option A is too extreme and could lead to unnecessary data loss, while option B may not address the rootkit's presence effectively. Option D focuses on proactive measures but does not directly resolve the current rootkit issue.