An administrator discovered a suspicious program running on a critical system after noticing unusual network connections. The program had elevated privileges. Which approach best reduces the risk and helps prevent further incidents?
Revert the machine to a previous state without investigating current user privileges
Remove the suspicious program, verify user permissions, and deploy monitoring to detect unexpected activity
Restrict resource usage so the unwanted process cannot consume as many system resources
Apply additional ciphers to secure data being transferred over the network
Removing the suspicious program and adjusting privileges ensures the immediate threat is removed. Performing regular monitoring with detection tools helps reveal future attempts to install unauthorized applications. Merely isolating the process or focusing on encryption settings alone would not address the root cause. Reverting the entire system to a past image can be effective in some scenarios, but verifying privileges and monitoring is more comprehensive for ongoing protection.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are user permissions and why are they important in securing a system?
Open an interactive chat with Bash
What tools can be used for monitoring and detecting unexpected activity on a critical system?
Open an interactive chat with Bash
What is the principle of least privilege (PoLP) and how does it enhance security?