The DLP solution has been showing some unidentified encrypted data being sent using FTP to a remote
server. A vulnerability scan found a collection of Linux servers that are missing OS level patches. Upon further
investigation, a technician notices that there are a few unidentified processes running on a number of the
servers. What would be a key FIRST step for the data security team to undertake at this point?

A.
Capture process ID data and submit to anti-virus vendor for review.

B.
Reboot the Linux servers, check running processes, and install needed patches.

C.
Remove a single Linux server from production and place in quarantine.

D.
Notify upper management of a security breach.

E.
Conduct a bit level image, including RAM, of one or more of the Linux servers.