The Chief Information Security Officer (CISO) has asked the security analyst to examine abnormally high processor utilization on a key server. The output below is from the company’s research and development (R&D) server.
Which of the following actions should the security analyst take FIRST?
A. Initiate an investigation
B. Isolate the R&D server
C. Reimage the server
D. Determine availability
CS0-002: CompTIA CySA+ ExamFULL Printable PDF and Software. VALID exam to help you PASS. |
Sorry, but I don’t agree with B. There is not enough information to suggest that the high processor utilization is due to malware or some other malicious activity to justify isolating it. For all we know, a scheduled AV scan kicked off at 19:06:52 that caused the high CPU utilization. I think the answer is A, the security analyst should initiate an investigation first. In the course of the investigation, the analyst can then determine availability and if it is found to be malicious activity, isolate the server.