A cybersecurity analyst observes that a server's processor usage has spiked to near 100% unexpectedly. Which of the following actions should they take first to diagnose whether this is related to potentially malicious activity?
Send memory dump files to an automated analysis tool to identify potential threats.
Reboot the server to reset processor usage and monitor if the issue reoccurs.
Examine running processes to check for any unusual or unauthorized activities.
Monitor incoming and outgoing network traffic for any suspicious patterns.
Checking ongoing processes first is a key step to identifying potentially malicious activity, such as suspicious processes that may have caused the high processor usage. Monitoring for known malicious software (malware) or unauthorized applications can provide the necessary clues to determine the root cause. Sending memory dump files to an analysis tool is more appropriate for memory-related issues, and monitoring incoming/outgoing network traffic though useful, might not immediately highlight the cause of the processor spike.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What kinds of unusual processes should I look for when examining running processes on a server?
Open an interactive chat with Bash
What tools can I use to examine running processes on a server?
Open an interactive chat with Bash
How can I determine if a process is authorized or malicious?