Certified Information Security Manager (CISM) — Question 1118

During incident recovery, which of the following is the BEST approach to ensure the eradication of traces hidden by an attacker?

Answer options

• A. Reinstall the system from the original source.
• B. Perform continuous monitoring until validation is achieved.
• C. Prohibit use of the account suspected to be compromised.
• D. Conduct a forensic investigation to acquire evidence.

Correct answer: A

Explanation

Reinstalling the system from the original source ensures that all potentially compromised files and settings are removed, effectively eradicating any hidden traces left by the attacker. Continuous monitoring (Option B) is useful but does not guarantee complete eradication. Prohibiting the suspected account (Option C) helps prevent further access but does not address hidden traces. Conducting a forensic investigation (Option D) is important for gathering evidence but does not eliminate the risk of remaining traces.