Which of the following should be investigated?

The administrator suspects the system has been compromised and runs the ps command:

615 ? Ss 0:00 /usr/sbin/sshd
624 ? Ss 0:00 /usr/bin/X11/xfs -daemon
707 ? Ss 0:00 /usr/sbin/cron
709 ? Ss 0:00 /usr/.sbin/httpd
775 ? Ss 0:00 /usr/bin/X11/xdm
776 tty1 Ss+ 0:00 /sbin/getty 38400 tty1

Which of the following should be investigated?

A.
The httpd program is not normally in /usr/.sbin.

B.
The xfs process should not be run in daemon modes.

C.
The cron process should have a lower PID (Process ID).

D.
The getty program should not run with 38400 baud.