During an incident in which a user machine was compromised, an analyst recovered a binary file that potentially caused the exploitation. Which of the following techniques could be used for further analysis?
During an incident in which a user machine was compromised, an analyst recovered a binary file that potentially caused the exploitation. Which of the following techniques could be used for further analysis?
Static analysis involves examining the binary file without executing it. This includes reviewing the file's metadata, headers, strings, and disassembled code to understand its characteristics, potential vulnerabilities, and indicators of malicious behavior. This allows for thorough analysis of the binary file’s structure and potential risks without the danger of triggering any malicious activities that might be embedded in the file.
a typical comptia question to make you fail the exam because both B C are correct answers
Both B and C could be good answers.
We cant analyse a binary file without first reverse engineering it to understand its functions, right ? If thats the case, the only valid option here is to run it using a sandbox and stuying it behaviour. This is how I see it.
it also could be C !!
i would go with B. Always look for keywords... BINARY which is code & they are looking for ANALYSIS.
But you could also ANALYSE while you are using it in a sandboxed environment. I dont get this question ...
i rather chose sandboxing because this is binary type of files
an observation about question 46. In that scenario "a security analyst is performing an investigation involving multiple targeted Windows malware BINARIES. The analyst wants to gather intelligence without disclosing information to the attackers. Which of the following actions would allow the analyst to achieve that objective?" ANSWER: Upload the binary to ...sandbox... This is true, clearly so that information is not disclosed to attackers. For this question - I go with Static analysis
B. Static analysis Static analysis involves examining the binary file without executing it. This technique includes reviewing the file's metadata, headers, strings, and disassembled code to understand its characteristics, potential vulnerabilities, and indicators of malicious behavior. Static analysis can provide valuable insights into the file's structure, behavior, and potential risks without running the risk of triggering any malicious activities.
Static analysis is a technique that involves examining the code or binary file without executing it. In the context of the scenario described, where a binary file potentially caused exploitation on a user machine, static analysis would be a suitable technique for further analysis.