nerdexam
Cisco

210-255 · Question #197

Refer to the exhibit. Which event is occurring?

The correct answer is D. A binary is being submitted to run on device cuckoo1.. This question tests understanding of the Cuckoo malware analysis sandbox, where a binary file is submitted to a sandboxed device for behavioral execution and analysis.

Host-Based Analysis

Question

Refer to the exhibit. Which event is occurring?

Options

  • AA URL is being evaluated to see if it has a malicious binary.
  • BA binary on device cuckoo1 is being submitted for evaluation.
  • CA binary named "submit" is running on cuckoo1.
  • DA binary is being submitted to run on device cuckoo1.

How the community answered

(55 responses)
  • A
    5% (3)
  • B
    11% (6)
  • C
    2% (1)
  • D
    82% (45)

Why each option

This question tests understanding of the Cuckoo malware analysis sandbox, where a binary file is submitted to a sandboxed device for behavioral execution and analysis.

AA URL is being evaluated to see if it has a malicious binary.

URL evaluation for malicious binaries is a different analytical function - the exhibit depicts a file submission command, not a URL reputation lookup.

BA binary on device cuckoo1 is being submitted for evaluation.

The binary is being submitted to cuckoo1 for analysis, meaning cuckoo1 is the destination sandbox host, not the source of the submission.

CA binary named "submit" is running on cuckoo1.

The command shown is a client-side submission utility sending a file to the Cuckoo service, not a binary named 'submit' executing natively on cuckoo1.

DA binary is being submitted to run on device cuckoo1.Correct

Cuckoo is an automated malware analysis sandbox that accepts binary submissions and executes them within a controlled environment on a specified host. The exhibit shows a submission command directing a binary file to device cuckoo1, where it will be executed in isolation so its behavior can be observed and recorded. The distinction is that the binary is sent TO cuckoo1 for execution, not originating from it.

Concept tested: Cuckoo sandbox binary submission and dynamic analysis

Source: https://cuckoo.sh/docs/usage/submit.html

Topics

#Cuckoo sandbox#dynamic malware analysis#sandboxing#binary submission

Community Discussion

No community discussion yet for this question.

Full 210-255 Practice