An analyst notices suspicious network requests from a workstation with an unverified productivity tool. Which action best locates unauthorized background code introduced by that program?
Consolidating a snapshot of running programs from memory for deeper examination
Reviewing directories for newly created executable files
Comparing event entries with established reference records
Adjusting firewall parameters to reduce suspicious network communication
An in-depth inspection of running programs in volatile memory can expose executables that do not appear through normal file scanning methods, helping uncover malicious tasks. Adjusting firewall rules does not isolate tasks already active, log comparisons may overlook processes loaded dynamically, and scanning default file locations can miss assets never written to disk.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is volatile memory, and why is it important for program analysis?
Open an interactive chat with Bash
How do analysts take a memory snapshot to examine running programs?
Open an interactive chat with Bash
Why are traditional file scans insufficient for detecting some threats?