A server dedicated to the storage and processing of sensitive information was compromised with a rootkit and sensitive data was extracted. Which of the following incident response procedures is best suited to restore the server?
A. Wipe the storage, reinstall the OS from original media and restore the data from the last known good backup. B. Keep the data partition, restore the OS from the most current backup and run a full system antivirus scan. C. Format the storage and reinstall both the OS and the data from the most current backup. D. Erase the storage, reinstall the OS from most current backup and only restore the data that was not compromised.
Answer: A
Explanation: Rootkits are software programs that have the ability to hide certain things from the operating system. With a rootkit, there may be a number of processes running on a system that do not show up in Task Manager or connections established or available that do not appear in a netstat display—the rootkit masks the presence of these items. The rootkit is able to do this by manipulating function calls to the operating system and filtering out information that would normally appear. Theoretically, rootkits could hide anywhere that there is enough memory to reside: video cards, PCI cards, and the like. The best way to handle this situation is to wipe the server and reinstall the operating system with the original installation disks and then restore the extracted data from your last known good backup. This way you can eradicate the rootkit and restore the data.
Jane, a home user, brings a PC in for repair and reports that performance has become extremely slow when working on documents and viewing pictures. Which of the following suggestions should a technician make?
A. Upgrade to a solid state drive B. Increase the clock speed on the CPU C. Run the file system check tool D. Upgrade to a high performance video card
A technician is trying to diagnose a laptop that is experiencing heavy artifact corruption and random loss of video during operation. Which of the following are MOST likely causes of this problem? (Select TWO).
A. Integrated system video chip is failing and/or near death. B. Video drivers were not installed directly from Microsoft update. C. Incompatible or untested video drivers have been installed. D. The BIOS is not set for the proper operation temperature of the video chipset. E. The BIOS is underclocking the video cards operating speed.
A technician recently installed a new video card in a PC. The PC already has integrated video on the motherboard. When the technician turns on the PC, there is no video. Which of the following is MOST likely the cause?
A. The motherboard BIOS version is out of date. B. The incorrect video card drivers are installed. C. The power connector for the video card is unplugged. D. The video card is unsupported by the motherboard.
A technician is repairing a workstation that exhibits random reboots at odd times of the day. Which of the following should be performed FIRST when troubleshooting the issue? (Select TWO).
A. Check the PSU integrity B. Check the CMOS battery C. Check the video card integrity D. Check the memory integrity E. Check the optical drive integrity
Multiple users have reported that there are black dots on the conference room LCD when doing presentations. Which of the following is MOST likely the problem?
A. The video card displaying to the LCD is incompatible. B. The LCD has dead pixels. C. The LCD needs to be recalibrated. D. The conference room PC is overheating.
A user has just installed an old CRT monitor on their home PC, and is connected to the onboard VGA port. The user notes that the display has a green tint at all times. Which of the following is the MOST likely cause of the issue?
A. Old video card drivers B. Loose video cable C. Monitor D. Video card