Which of the following is a suspicious process behavior?
Which of the following is a suspicious process behavior?
A non-network process like notepad.exe making an outbound network connection is highly suspicious because such applications generally do not require internet access. This behavior could indicate that malware is attempting to establish communication with a remote server or exfiltrate data, making it a significant red flag for potential malicious activity.
C. PowerShell launching a PowerShell script This behavior can be suspicious because it indicates the use of PowerShell to execute scripts, which is commonly exploited by attackers to run malicious code on a system. It's often a sign of potential compromise or unauthorized activity.
Correct answer and LETTER (D) This is the most suspicious behavior because programs like notepad.exe typically don't need internet access. It could indicate malware attempting to communicate with a remote server.
Support answer is D