CS0-003 Question #644: Real Exam Question with Answer & Explanation

The correct answer is B: Determine whether sssh is a malicious program.. The presence of an unknown running process on a critical system is a strong indicator of compromise. Before taking any containment actions, the analyst must confirm whether the process is malicious. Identifying and validating the nature of the suspicious process provides the foun

Submitted by mateo_ar· Mar 6, 2026Security operations

Question

A security analyst investigates a malware alert from a critical system. The following information is present in the ticket: Which of the following should the analyst do first?

Options

ABlock the suspicious IP address 128.210.175.23.
BDetermine whether sssh is a malicious program.
CDelete the suspicious files.
DReview the Apache logs.

Explanation

The presence of an unknown running process on a critical system is a strong indicator of compromise. Before taking any containment actions, the analyst must confirm whether the process is malicious. Identifying and validating the nature of the suspicious process provides the foundation for correct next steps in containment and eradication.

Topics

#malware analysis#incident investigation#alert triage#security operations

Community Discussion

No community discussion yet for this question.

Full CS0-003 Practice Browse All CS0-003 Questions