During off-peak hours, a security analyst observes a significant increase in system resource utilization that is atypical for the observed timeframe. To ascertain if this is indicative of a security incident, what is the BEST action for the analyst to take?
Reconfigure the system's settings to lower the overall resource usage thresholds.
Investigate potential unauthorized physical interactions with the affected system.
Perform immediate updates to the system's antivirus software and initiate an in-depth scan.
Inspect the history of executed processes and compare with established operational baselines.
Evaluating the history of executed processes and comparing it with established baselines of normal operation is fundamental in determining if unexpected or malicious processes are responsible for the elevated resource usage. It helps to identify unusual activities, such as an ongoing attack or unauthorized applications, which might not be detected by traditional antivirus scans. Additionally, updating antivirus software, while a standard security procedure, would not necessarily provide immediate insight into the recent surge in resource usage. Modifying system resource allocations may alleviate the symptoms but will not address the root cause, and inspecting for physical breaches assumes that the event has a physical component, which may not be the case for increased system resource utilization.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are operational baselines and why are they important in cybersecurity?
Open an interactive chat with Bash
What types of processes should analysts specifically look for when inspecting executed processes?
Open an interactive chat with Bash
How does a traditional antivirus scan compare to checking executed processes?