CASP+ Exam: Preventive Options for Reducing Recurrence of Malware Incidents in Financial Consulting Firms

Preventive Options for Reducing Recurrence of Malware Incidents in Financial Consulting Firms

Question

A financial consulting firm recently recovered from some damaging incidents that were associated with malware installed via rootkit.

Post-incident analysis is ongoing, and the incident responders and systems administrators are working to determine a strategy to reduce the risk of recurrence.

The firm's systems are running modern operating systems and feature UEFI and TPMs.

Which of the following technical options would provide the MOST preventive value?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

Of the options provided, the technical option that would provide the MOST preventive value in reducing the risk of recurrence of malware installed via rootkit is to configure and use measured boot (Option B).

Measured boot is a security mechanism that ensures the integrity of the boot process and helps protect against rootkit and other boot-time attacks. Measured boot utilizes the Trusted Platform Module (TPM) chip, which is present on modern systems, to measure and store information about the boot process in a secure and tamper-evident manner. This information can later be used to verify the integrity of the boot process and detect any unauthorized changes.

In order to implement measured boot, the system administrator would need to configure the system's Unified Extensible Firmware Interface (UEFI) to enable the TPM and configure the boot process to measure and store the boot components. Once configured, the measured boot process would be automatically initiated each time the system starts up.

Updating and deploying Group Policy Objects (GPOs) (Option A) and strengthening password complexity requirements (Option C) are important security measures, but they are not directly related to preventing rootkit and boot-time attacks. While updating the antivirus software and definitions (Option D) is also important, it is a reactive measure that may not prevent all rootkit and boot-time attacks, especially if the malware used is a zero-day exploit that is not yet recognized by the antivirus software.

Therefore, the best preventive measure against rootkit attacks would be to configure and use measured boot, which provides an additional layer of security for the boot process and can help detect and prevent unauthorized changes to the system.