In: Computer Science
A security analyst is reviewing an endpoint mat was found to have a rootkit installed. The root kit survived multiple attempts to clean the endpoint as well as an attempt to reinstall the OS. The security analyst needs to implement a method to prevent other endpoints from having similar issues. Which of the following would BEST accomplish this objective?
Utilize measured boot attestation
Enforce the secure boot process
Reset the motherboard's TPM chip
Reinstall the OS with Known-good media
Configure custom anti malware rules
Fifth option is the correct answer.
Configuring custom anti-malware rules will prevent other endpoints from having similar issues. Malwares can prevent rootkit. The application should be properly updated and there should be specific custom anti-malware rules configuration to prevent the rootkit.
First option is incorrect as utilizing measured boot attestation will not resolve the problem. The rootkit has not been removed after reinstalling the operating system.
Second option is incorrect as enforcing the secure boot process will not resolve it. The rootkit has not been removed after reinstalling the operating system.
Third option is incorrect as hardware configuration can't resolve nay software problem.
Fourth option is incorrect as reinstalling the Operating System with Known-good media will not resolve it. The rootkit has not been removed after reinstalling the operating system.
Please comment in case of any doubt.
Please upvote if this helps.