A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server?
A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup. B. Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan. C. Format the storage and reinstall both the OS and the data from the most current backup. D. Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised.
Answer: A
Explanation: Rootkits are software programs that have the ability to hide certain things from the operating system. With a rootkit, there may be a number of processes running on a system that do not show up in Task Manager or connections established or available that do not appear in a netstat display—the rootkit masks the presence of these items. The rootkit is able to do this by manipulating function calls to the operating system and filtering out information that would normally appear. Theoretically, rootkits could hide anywhere that there is enough memory to reside: video cards, PCI cards, and the like. The best way to handle this situation is to wipe the server and reinstall the operating system with the original installation disks and then restore the extracted data from your last known good backup. This way you can eradicate the rootkit and restore the data.
After an installation of a video adapter, the screen on a Windows 7 system cannot be seen. Which of the following Windows 7 functions will resolve this?
A. Component Management B. Startup Repair C. Device Manager D. Task Manager
An alert needs to be sent to the administrator when the CPU stays above 90% for a period of time. Which of the following tools would BEST be used to accomplish this?
A. Performance Monitor B. Task Scheduler C. Task Manager D. System Configuration
An entry level network analyst calls and is not sure which Windows OS features to use to check for users who are currently logged on. Which of the following features would BEST assist this analyst?
A. Task Manager B. MSCONFIG C. Disk Management D. Administrative Tools
A new application is installed which adds three new services to a customers PC. The customer asks for help, because the new application will not start. A technician investigates and finds that one of the services has failed to start. They attempt to manually start the service but it fails. Where should the technician look NEXT for more information? (Select TWO).
A. Task Manager B. System registry C. Log files for the new application D. Event Viewer E. %SystemDir%System32Drivers
A technician receives an error every time a workstation boots up. The technician needs to find out what process is responsible for the error. Which of the following utilities would be used FIRST?
A. System Control Panel B. Task Manager C. Event Viewer D. MSCONFIG
The user is having trouble using the mouse. The technician believes a program stopped responding that caused the issue and asks the customer to hold down “Ctrl + Shift + Esc” to verify. Which of the following did the technician launch?
A. Task Manager B. Control Panel C. Services D. MSCONFIG
A technician is setting up automatic login to desktop for a non-domain Windows XP system. Which of the following administrative tools would accomplish this?
A. User Accounts B. Network and Sharing Center C. Task Manager D. System Configuration