A security administrator is investigating a compromised host. Which of the following commands could the investigator use to display executing processes in real time?
A security administrator is investigating a compromised host. Which of the following commands could the investigator use to display executing processes in real time?
To display executing processes in real time, the 'top' command is the appropriate choice. 'top' provides a dynamic, real-time view of system processes, including their CPU and memory usage. The 'ps' command, on the other hand, generates a static snapshot of processes at the moment of execution, and does not update in real-time. 'nice' is used to set the priority of a process, not to display them. 'pstree' shows a tree of processes, but it is also a static representation. Therefore, to monitor processes as they happen, 'top' is the most suitable command.
The answer is B, top. The "top" command is commonly used to display a real-time view of executing processes on a system. It provides information about CPU usage, memory usage, and other system statistics.