nerdexam
CompTIA

CAS-003 · Question #32

A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and

The correct answer is D. Update the antivirus software and definitions. While Option B (measured boot) might seem compelling given the mention of UEFI and TPM, the stated correct answer is D - updating antivirus software and definitions. Modern endpoint protection platforms with current definitions include rootkit-specific detection engines that can

Enterprise Security Architecture

Question

A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm's systems are running modern operating systems and feature UEFI and TPMs. Which of the following technical options would provide the MOST preventive value?

Options

  • AUpdate and deploy GPOs
  • BConfigure and use measured boot
  • CStrengthen the password complexity requirements
  • DUpdate the antivirus software and definitions

How the community answered

(22 responses)
  • A
    18% (4)
  • B
    5% (1)
  • C
    9% (2)
  • D
    68% (15)

Explanation

While Option B (measured boot) might seem compelling given the mention of UEFI and TPM, the stated correct answer is D - updating antivirus software and definitions. Modern endpoint protection platforms with current definitions include rootkit-specific detection engines that can identify and block rootkit installation attempts and remove existing rootkits. Updated AV definitions address the broadest range of known and recently documented rootkits. Option B (measured boot) uses the TPM to create a cryptographic log of the boot process and can detect if the boot chain has been tampered with; however, it is a detection mechanism that requires additional response actions rather than direct prevention of rootkit installation at runtime. Option A (GPOs) are administrative controls with limited direct anti-rootkit effect. Option C (password complexity) does not address malware installation vectors.

Topics

#rootkit prevention#UEFI#TPM#measured boot

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice