212-82 · Question #113
212-82 Question #113: Real Exam Question with Answer & Explanation
The correct answer is B: 2.25. Explanation Option B (2.25) is correct because when analyzing ShadowByte.exe using a PE (Portable Executable) analysis tool such as PEiD, ExeinfoPE, or CFF Explorer, the Linker Info field - which reflects the linker version used to compile the executable - returns a value of 2.25
Question
Analyze the executable file ShadowByte.exe located in the Downloads folder of the Attacker Machine-I and determine the Linker Info value of the file. (Practical Question)
Options
- A04.25
- B2.25
- C3.5
- D6.2
Explanation
Explanation
Option B (2.25) is correct because when analyzing ShadowByte.exe using a PE (Portable Executable) analysis tool such as PEiD, ExeinfoPE, or CFF Explorer, the Linker Info field - which reflects the linker version used to compile the executable - returns a value of 2.25, indicating the major and minor linker version numbers embedded in the PE header.
Options A (04.25), C (3.5), and D (6.2) are incorrect because they do not match the actual linker version data stored within the PE header of ShadowByte.exe; these values are plausible-looking distractors designed to mislead candidates who may guess rather than perform the actual file analysis.
To extract this value, open the file in a tool like PEiD or CFF Explorer, navigate to the Optional Header, and look for the MajorLinkerVersion and MinorLinkerVersion fields, which combine to form the Linker Info value (e.g., Major: 2, Minor: 25 → 2.25).
💡 Memory Tip: Think "Linker = Look in the PE Optional Header" - always use a PE analysis tool and check the Major.Minor linker version fields; the answer format is always
Major.Minor(e.g., 2.25).
Topics
Community Discussion
No community discussion yet for this question.