An analyst is reviewing a system's task scheduler and notices a newly added task that launches a script at midnight daily. Upon further investigation, it is found that the script is obfuscated and has no documentation regarding its purpose. To determine if this task is benign or should be elevated as a security incident, which of the following actions would BEST establish the legitimacy of the scheduled task?
Inspect the scheduling pattern to check for consistency with other administrative tasks.
Analyze the script's code and behavior in a sandbox environment.
Review the account that created the scheduled task for any correlations with other known user activities.
Monitor resource utilization during the task's operation to identify any abnormal consumption patterns.
Analyzing the script's code and behavior in a sandbox environment is the correct answer because it allows the analyst to observe the script's actions in a safe and isolated environment without affecting the production system. If the script acts maliciously or intends to perform unauthorized actions, the sandbox analysis will reveal such behavior without subjecting the actual system to any risk.
Reviewing the job creator or scheduling pattern can provide contextual information but does not conclusively determine the script's functionality or intent. Monitoring resource utilization would only offer indirect evidence if the script were causing an observable anomaly and would not directly assess the script's legitimacy.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a sandbox environment?
Open an interactive chat with Bash
What does it mean for a script to be obfuscated?
Open an interactive chat with Bash
Why is analyzing code critical for determining a task's legitimacy?