nerdexam
EC-Council

312-50V10 · Question #47

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machi

The correct answer is B. Code Emulation. Code emulation runs suspect code inside a virtual machine or sandbox to observe its runtime behavior against CPU and memory activity, distinguishing it from static analysis techniques.

Malware Threats

Question

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?

Options

  • AHeuristic Analysis
  • BCode Emulation
  • CIntegrity checking
  • DScanning

How the community answered

(42 responses)
  • A
    7% (3)
  • B
    90% (38)
  • D
    2% (1)

Why each option

Code emulation runs suspect code inside a virtual machine or sandbox to observe its runtime behavior against CPU and memory activity, distinguishing it from static analysis techniques.

AHeuristic Analysis

Heuristic analysis inspects code structure and behavioral patterns without fully executing it in a virtual machine - it flags suspicious characteristics rather than simulating execution.

BCode EmulationCorrect

Code emulation (also called dynamic analysis or sandboxing) works by actually executing the malicious code within a controlled virtual environment. The AV engine monitors the simulated CPU instructions and memory operations in real time, allowing detection of polymorphic or obfuscated malware that evades static signatures.

CIntegrity checking

Integrity checking computes checksums or hashes of files to detect unauthorized modifications; it does not execute code or simulate CPU and memory activity.

DScanning

Scanning refers to signature-based detection that compares file content against a database of known malware patterns; it does not involve executing code on a virtual machine.

Concept tested: Antivirus code emulation detection method

Source: https://www.techtarget.com/searchsecurity/definition/code-emulation

Topics

#code emulation#virus detection#virtual machine#malware analysis

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice