A web server has been compromised due to a ransomware attack. Further investigation reveals the
ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services
back up as soon as possible. Which of the following should the administrator use to restore services to a
secure state?
A. The last incremental backup that was conducted 72 hours ago
B. The last known-good configuration
C. The last full backup that was conducted seven days ago
D. The baseline OS configuration
ransomware has been in the server for the past 72 hours. The systems administrator needs to get the services
back up as soon as possible. Which of the following should the administrator use to restore services to a
secure state?
A. The last incremental backup that was conducted 72 hours ago
B. The last known-good configuration
C. The last full backup that was conducted seven days ago
D. The baseline OS configuration