A system administrator runs a file scan utility on a Windows PC and notices a file lsass.exe in the Program Files directory. What should the administrator do?

IT Questions BankCategory: CCNA CyberOpsA system administrator runs a file scan utility on a Windows PC and notices a file lsass.exe in the Program Files directory. What should the administrator do?

A system administrator runs a file scan utility on a Windows PC and notices a file lsass.exe in the Program Files directory. What should the administrator do?

  • Delete the file because it is probably malware.
  • Move it to Program Files (x86) because it is a 32bit application.
  • Uninstall the lsass application because it is a legacy application and no longer required by Windows.
  • Open the Task Manager, right-click on the lsass process and choose End Task .

Explanation: On Windows computers, security logging and security policies enforcement are carried out by the Local Security Authority Subsystem Service (LSASS), running as lsass.exe. It should be running from the Windows\System32 directory. If a file with this name, or a camouflaged name, such as 1sass.exe, is running or running from another directory, it could be malware.

Exam with this question: CCNA Cyber Ops Chapter 11 Exam Answers
Exam with this question: Modules 24 - 25: Protocols and Log Files Group Exam
Exam with this question: Checkpoint Exam: Evaluating Security Alerts Answers

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x