A security team discovers a malicious script that launches daily on a workstation. They trace the behavior to an entry in a hidden configuration managed by an administrative account. Which action most effectively eliminates the malicious behavior so it will not launch again?
Disable the user account associated with the hidden script
Delete the targeted entry that references the script in the hidden configuration
Clear system log files to remove any record of the script’s behavior
Restrict inbound traffic on the firewall for all external sources
Removing the specific entry from the configuration prevents further triggers. Disabling the account or clearing logs does not address the actual trigger, and firewall changes do not affect a locally scheduled event.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a hidden configuration in a system?
Open an interactive chat with Bash
How does deleting the targeted entry prevent malicious scripts from running?
Open an interactive chat with Bash
Why are disabling accounts or clearing logs insufficient to stop the malicious behavior?