You are working as a cybersecurity analyst when you notice a process on a user’s workstation consuming an unusually high percentage of CPU resources and attempting to make outbound network connections. Which action should you take first to determine if this process is malicious?
Capture and analyze the memory snapshot of the process.
Evaluate the process name and its associated metadata.
Stop the process if it is determined to be harmful.
The correct first step is to evaluate the process name and its associated metadata because it allows the analyst to establish legitimacy. Comparing this data against known malicious signatures and behaviors can reveal if the process is harmful. Stopping the process, capturing its memory snapshot, or notifying senior management are subsequent steps that can be taken based on the initial assessment.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What kind of metadata should I look for when evaluating a process?
Open an interactive chat with Bash
What tools can I use to evaluate process metadata?
Open an interactive chat with Bash
Why is it important to establish legitimacy before taking further action on a suspicious process?