CompTIA Exam CS0-003 Topic 3 Question 19 Discussion

Actual exam question for CompTIA's CS0-003 exam

Question #: 19
Topic #: 3

A security analyst is performing an investigation involving multiple targeted Windows malware binaries. The analyst wants to gather intelligence without disclosing information to the attackers. Which of the following actions would allow the analyst to achieve the objective?

AUpload the binary to an air-gapped sandbox for analysis.

BSend the binaries to the antivirus vendor.

CExecute the binaries on an environment with internet connectivity.

DQuery the file hashes using VirusTotal.

Show Suggested Answer

Suggested Answer: A

An air-gapped sandbox is a virtual machine or a physical device that is isolated from any network connection. This allows the analyst to safely execute the malware binaries and observe their behavior without risking any communication with the attackers or any damage to other systems. Uploading the binary to an air-gapped sandbox is the best option to gather intelligence without disclosing information to the attackers12 Reference: 1: Dynamic Analysis of a Windows Malicious Self-Propagating Binary 2: GitHub - mikesiko/PracticalMalwareAnalysis-Labs: Binaries for the book Practical Malware Analysis

by Jaime at May 11, 2024, 09:35 AM

Limited Time Offer

25%

Off

Get Premium CS0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!