A security analyst is investigating an alert for a user's workstation that is exhibiting unusually high processor consumption. The user reports that no resource-intensive applications are actively running. Which of the following is the BEST next step for the analyst to take to determine if the cause is malicious?
Run a disk cleanup utility to free up storage space.
Analyze active processes and services.
Update the host's antivirus definitions and run a full scan.
Check the system's power settings for a high-performance profile.
Unusually high processor (CPU) consumption, especially when no demanding applications are running, is a common host-based indicator of malicious activity like cryptojacking malware or a persistent malicious process. The most effective initial step for an analyst is to examine the running processes and services to identify which one is consuming the resources. Updating antivirus is a valid but secondary step, while disk cleanup and power settings are irrelevant to investigating the cause of unexpected CPU usage.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What does 'analyzing active processes and services' involve?
Open an interactive chat with Bash
What is cryptojacking malware?
Open an interactive chat with Bash
Why is updating antivirus secondary in this situation?