An IT security analyst at a financial institution has been tasked to inspect a suspected compromised workstation after several employees reported unusual activity. The analyst needs to verify if a keylogger software is installed on the system. Which of the following actions is MOST effective in determining the presence of keylogging software on the workstation?
Check for unusual file permissions on critical system files and directories.
Review the list of running processes and installed programs on the system.
Ensure that the operating system and security software are up to date with the latest patches.
Examine outbound network traffic for transmission of sensitive data to unauthorized destinations.
Reviewing the list of running processes and installed programs on the system can help in identifying any unauthorized software, including keylogging applications, which may not be immediately visible to the end user. This method is effective in finding both known keyloggers and suspicious software that could potentially be keyloggers. Examining network traffic may not reveal keyloggers specifically, as they might only log keystrokes without sending them out immediately. Checking for unusual file permissions may indicate a security concern but does not directly pertain to identifying keylogging software. Ensuring operating system updates are current is a good security practice but on its own does not aid in detecting a keylogger already present on a workstation.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a keylogger and how does it work?
Open an interactive chat with Bash
What are the signs of a compromised workstation?
Open an interactive chat with Bash
Why is reviewing the list of running processes important in cybersecurity?