The DLP solution has been showing some unidentified encrypted data being sent using FTP to a remote server. A vulnerability scan found a collection of Linux servers that are missing OS level patches. Upon further investigation, a technician notices that there are a few unidentified processes running on a number of the servers. What would be a key FIRST step for the data security team to undertake at this point?
A . Capture process ID data and submit to anti-virus vendor for review.
B . Reboot the Linux servers, check running processes, and install needed patches.
C . Remove a single Linux server from production and place in quarantine.
D . Notify upper management of a security breach.
E . Conduct a bit level image, including RAM, of one or more of the Linux servers.
Answer: E
Leave a Reply