Question

In: Computer Science

A security analyst is reviewing an endpoint mat was found to have a rootkit installed. The...

A security analyst is reviewing an endpoint mat was found to have a rootkit installed. The root kit survived multiple attempts to clean the endpoint as well as an attempt to reinstall the OS. The security analyst needs to implement a method to prevent other endpoints from having similar issues. Which of the following would BEST accomplish this objective?

  1. Utilize measured boot attestation

  2. Enforce the secure boot process

  3. Reset the motherboard's TPM chip

  4. Reinstall the OS with Known-good media

  5. Configure custom anti malware rules

Solutions

Expert Solution

Fifth option is the correct answer.

Configuring custom anti-malware rules will prevent other endpoints from having similar issues. Malwares can prevent rootkit. The application should be properly updated and there should be specific custom anti-malware rules configuration to prevent the rootkit.

First option is incorrect as utilizing measured boot attestation will not resolve the problem. The rootkit has not been removed after reinstalling the operating system.

Second option is incorrect as enforcing the secure boot process will not resolve it. The rootkit has not been removed after reinstalling the operating system.

Third option is incorrect as hardware configuration can't resolve nay software problem.

Fourth option is incorrect as reinstalling the Operating System with Known-good media will not resolve it. The rootkit has not been removed after reinstalling the operating system.

Please comment in case of any doubt.
Please upvote if this helps.


Related Solutions

A security analyst is reviewing output from a CVE-based vulnerability scanner. Before conducting the scan, the...
A security analyst is reviewing output from a CVE-based vulnerability scanner. Before conducting the scan, the analyst was careful to select only Windows-based servers in a specific datacenter. The scan revealed that the datacenter includes 27 machines running Windows 2003 Server Edition (Win2003SE). In 2015, there were 36 new vulnerabilities discovered in the Win2003SE environment. Which of the following statements are MOST likely applicable? (Choose two.) A. Remediation is likely to require some form of compensating control. B. Microsoft's published...
If the analyst does not have the security permissions to access the data directly, then a...
If the analyst does not have the security permissions to access the data directly, then a data request form is required. There are a number of fields that the analyst is required to complete. What fields are necessary in a data request form? Who needs to be included in the routing of this form? Explain the form and the approval process you would recommend. Adapted from Richardson, V. J., Teeter, R., & Terrell, K. (n.d.). Data analytics for accounting. Problems...
You have been hired as a security and data analyst for a company operating an online...
You have been hired as a security and data analyst for a company operating an online social media platforman. You are tasked to work on a project to identify possible threats related to fake user accounts (so called sibyls ). How can you get started on the project? Try to break it down using the the six phases of the CRISP-DM process. Start your analysis by explaining briefly what the goal of each phase of CRISP-DM is. Use bullet structured...
You have joined a company as a network security analyst. Your CTO came to know you...
You have joined a company as a network security analyst. Your CTO came to know you are a graduate from MIT Melbourne/Sydney and successfully completed a VPN unit. Therefore, you have been asked to develop a security plan for your customers and remote managers for their Internet access to the business. You need to analyse the following cases and recommend the solutions for the question quen-1) You want to assist customers in building trust with your company. Discuss with your...
Marisa is a new marketing analyst for the Paragould Hotel chain. She is reviewing the hotel's...
Marisa is a new marketing analyst for the Paragould Hotel chain. She is reviewing the hotel's current social media activities and trying to classify where each will fit into the three main areas the company wants to focus on. 1) Give your customers a specific hashtag and CTA so you can easily monitor and reward mentions. 2) Assign a social currency or value to the social actions your consumers take. 3) Be prepared to surprise and delight someone for his...
Based on information from the National Cyber Security Alliance, 93% of computer owners believe that they have antivirus programs installed on
Based on information from the National Cyber Security Alliance, 93% of computer owners believe that they have antivirus programs installed on their computers. In a random sample of 400 scanned computers, it is found that 380 of them (or 95%) actually have antivirus programs. Use the sample data from the scanned computers to test the claim that 93% of computers have antivirus programs.  
When reviewing the summary of misstatements found in the​ audit, A. auditors only need to consider...
When reviewing the summary of misstatements found in the​ audit, A. auditors only need to consider the misstatements that impact the income statement. B. an adjusting journal entry must be made by the auditor for all material misstatements. C. auditors must combine individually immaterial misstatements to evaluate whether the combined amount is material. D. the auditor is not required to consider the impact on the current financial statements of misstatements in the prior year that were not corrected.
How are the security vulnerabilities found on Microsoft Windows systems different or similar with those found...
How are the security vulnerabilities found on Microsoft Windows systems different or similar with those found on Linux systems? Which operating environment is more vulnerable and what is the basis of your assertion? How would these differences or similarities impact the work of a security administrator? Are virtual private networks (VPNs) always secure? What could make a VPN environment vulnerable to attacks? And how would defense-in-depth and creating a layered-technology approach enhance VPN networks?
A security analyst is interested in setting up an IDS to monitor the company network. The...
A security analyst is interested in setting up an IDS to monitor the company network. The analyst has been told there can be no network downtime to implement the solution, but the IDS must capture all of the network traffic. Which of the following should be used for the IDS implementation? A. Network tap B. Honeypot C. Aggregation D. Port mirror
An analyst finds that the beta coefficient of the security-DTX is 1.86 and the expected rate...
An analyst finds that the beta coefficient of the security-DTX is 1.86 and the expected rate of return from this security is 17.71% as per CAPM. If the government bond is yielding 4.71%, find the market risk premium. [Round the final answer to two decimal places. If your answer is 12.34%, write only 12.34]
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT