You are working as a cybersecurity analyst when you notice a process on a user’s workstation consuming an unusually high percentage of CPU resources and attempting to make outbound network connections. Which action should you take first to determine if this process is malicious?
You selected this option
Notify senior management about the incident.
You selected this option
Evaluate the process name and its associated metadata.
You selected this option
Capture and analyze the memory snapshot of the process.
You selected this option
Stop the process if it is determined to be harmful.
The correct first step is to evaluate the process name and its associated metadata because it allows the analyst to establish legitimacy. Comparing this data against known malicious signatures and behaviors can reveal if the process is harmful. Stopping the process, capturing its memory snapshot, or notifying senior management are subsequent steps that can be taken based on the initial assessment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What kind of metadata should I look for when evaluating a process?
Open an interactive chat with Bash
What tools can I use to evaluate process metadata?
Open an interactive chat with Bash
Why is it important to establish legitimacy before taking further action on a suspicious process?