CAS-003 · Question #32
A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and
The correct answer is D. Update the antivirus software and definitions. While Option B (measured boot) might seem compelling given the mention of UEFI and TPM, the stated correct answer is D - updating antivirus software and definitions. Modern endpoint protection platforms with current definitions include rootkit-specific detection engines that can
Question
A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit. Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence. The firm's systems are running modern operating systems and feature UEFI and TPMs. Which of the following technical options would provide the MOST preventive value?
Options
- AUpdate and deploy GPOs
- BConfigure and use measured boot
- CStrengthen the password complexity requirements
- DUpdate the antivirus software and definitions
How the community answered
(22 responses)- A18% (4)
- B5% (1)
- C9% (2)
- D68% (15)
Explanation
While Option B (measured boot) might seem compelling given the mention of UEFI and TPM, the stated correct answer is D - updating antivirus software and definitions. Modern endpoint protection platforms with current definitions include rootkit-specific detection engines that can identify and block rootkit installation attempts and remove existing rootkits. Updated AV definitions address the broadest range of known and recently documented rootkits. Option B (measured boot) uses the TPM to create a cryptographic log of the boot process and can detect if the boot chain has been tampered with; however, it is a detection mechanism that requires additional response actions rather than direct prevention of rootkit installation at runtime. Option A (GPOs) are administrative controls with limited direct anti-rootkit effect. Option C (password complexity) does not address malware installation vectors.
Topics
Community Discussion
No community discussion yet for this question.