A security team discovers a malicious script that launches daily on a workstation. They trace the behavior to an entry in a hidden configuration managed by an administrative account. Which action most effectively eliminates the malicious behavior so it will not launch again?
Clear system log files to remove any record of the script’s behavior
Restrict inbound traffic on the firewall for all external sources
Disable the user account associated with the hidden script
Delete the targeted entry that references the script in the hidden configuration
Removing the specific entry from the configuration prevents further triggers. Disabling the account or clearing logs does not address the actual trigger, and firewall changes do not affect a locally scheduled event.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a hidden configuration?
Open an interactive chat with Bash
Why is deleting the reference more effective than disabling the user account?
Open an interactive chat with Bash
How could firewall rules fail to stop locally scheduled scripts?