Information Technology Specialist (ITS) Cybersecurity Practice Exam

What should a cybersecurity technician do after quarantining a compromised system?

• A. Restore data from an external source
• B. Reinstall the operating systems and applications
• C. Conduct a full network scan
• D. Notify all employees of the breach

The correct answer is: Reinstall the operating systems and applications

After quarantining a compromised system, the most appropriate action is to reinstall the operating systems and applications. This step is crucial because it ensures that any potential malware or backdoors installed by an attacker are completely eradicated. Simply isolating the system does not guarantee that it is free from the compromise; remnants of the malicious software may still exist and can pose a threat if the system is restored to its original state without a clean installation. Reinstalling the operating systems and applications provides a fresh start, making it possible to reconfigure security settings and update all software to the latest versions. This process also helps to avoid reinfection if any vulnerabilities are present in the previously installed software. Ensuring a complete wipe and reinstall can significantly enhance the cybersecurity posture of the organization. In contrast, while restoring data from an external source may seem like an immediate solution to bring the system back online, it risks reintroducing any compromised files or malware that existed before the isolation. Conducting a full network scan and notifying all employees of the breach are also crucial steps in incident response, but they should follow the measures taken to secure the compromised system. Addressing the system's integrity by reinstalling the operating system first helps to establish a clean foundation for subsequent recovery processes.