Certified Information Security Manager (CISM) — Question 1140
Which of the following eradication methods is MOST appropriate when responding to an incident resulting in malware on an application server?
Answer options
- A. Disconnect the system from the network.
- B. Change passwords on the compromised system.
- C. Restore the system from a known good backup.
- D. Perform operation system hardening.
Correct answer: C
Explanation
Restoring the system from a known good backup is the most effective way to eliminate malware, as it returns the system to a clean state. Disconnecting the system from the network can help prevent further spread but does not eliminate the malware. Changing passwords may help secure accounts but does not remove the malware itself. Operating system hardening improves security but does not address the current infection.