A technician receives a device with the following anomalies: Frequent pop-up ads - Show response-time switching between active programs Unresponsive peripherals The technician reviews the following log file entries: File Name Source MD5 Target MD5 - Status - antivirus.exe F794F21CD33E4F57890DDEA5CF267ED2 F794F21CD33E4F57890DDEA5CF267ED2 Automatic iexplore.exe 7FAAF21CD33E4F57890DDEA5CF29CCEA AA87F21CD33E4F57890DDEAEE2197333 Automatic service.exe 77FF390CD33E4F57890DDEA5CF28881F 77FF390CD33E4F57890DDEA5CF28881F Manual USB.exe E289F21CD33E4F57890DDEA5CF28EDC0 E289F21CD33E4F57890DDEA5CF28EDC0 Stopped Based on the above output, which of the following should be reviewed?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
Based on the provided information, the device appears to be exhibiting signs of malware infection. The frequent pop-up ads, switching response times between active programs, and unresponsive peripherals are all indications of potential malware activity. Additionally, the log file entries show that several files have been modified or accessed.
The MD5 hashes provided in the log file entries can be used to verify the integrity of the files. If the MD5 hash of a file has been modified, it suggests that the file has been tampered with, which could indicate malware activity. Therefore, the file integrity check should be reviewed to determine if any files have been modified or accessed without authorization.
The log file entries also provide information about the status of each file, such as whether it was accessed automatically or manually, or if it is currently running. This information can be used to identify any suspicious activity related to the files.
Given this information, the most appropriate answer to the question is B. The file integrity check should be reviewed to determine if any files have been modified or accessed without authorization. This can help identify any potential malware activity on the device.
It's worth noting that while the other options (web application firewall, data execution prevention, and removable media control) may also be relevant in a broader security context, they are not directly related to the specific anomalies and log file entries described in the scenario.