Question

Bob's manager has asked him to ensure that a compromised system has been completely purged of the compromise. What is Bob' best course of action?

A. Use an antivirus tool to remove any associated malware
B. Use an antimalware tool to completely scan and clean the system
C. Wipe and rebuild the system
D. Restore a recent backup

Answer 1

Bob should opt to wipe and rebuild the system to ensure complete removal of any compromise, as antivirus and antimalware tools may not be entirely effective and backups could also be compromised.

Step-by-step explanation:

The best course of action for Bob to ensure that a compromised system has been completely purged of the compromise is C. Wipe and rebuild the system. While using an antivirus or antimalware tool can help remove many forms of malware, they may not catch everything, especially if the compromise is sophisticated or deeply rooted. In these cases, malware can persist beyond initial cleaning efforts. Restoring from a backup may not be effective if the backup is also compromised or if the time of compromise is unknown. Therefore, wiping the system clean and doing a fresh rebuild is often considered the most thorough approach to ensuring all traces of the compromise are removed.