Certified Information Systems Security Professional (CISSP) — Question 86

Which of the following is the MOST effective measure for dealing with rootkit attacks?

Answer options

• A. Restoring the system from the last backup
• B. Finding and replacing the altered binaries with legitimate ones
• C. Turning off unauthorized services and rebooting the system
• D. Reinstalling the system from trusted sources

Correct answer: D

Explanation

Reinstalling the system from trusted sources ensures that any potential rootkits and their modifications are completely removed, providing a clean slate. While restoring from a backup or replacing altered binaries can help, they may not eliminate all traces of the rootkit. Turning off unauthorized services is a temporary fix and does not address the root cause.