312-50V12 Question #218: Real Exam Question with Answer & Explanation

Question

In the process of setting up a lab for malware analysis, a cybersecurity analyst is tasked to establish a secure environment using a sheep dip computer. The analyst must prepare the testbed while adhering to best practices. Which of the following steps should the analyst avoid when configuring the environment?

Options

• AInstalling malware analysis tools on the guest OS
• BConnecting the system to the production network during the malware analysis
• CSimulating Internet services using tools such as INetSim
• DInstalling multiple guest operating systems on the virtual machine(s)

Explanation

To maintain a secure malware analysis environment, analysts must prevent any potential threat from escaping the testbed and compromising the production network. Connecting the system to the production network during malware analysis directly violates this critical security principle.

Common mistakes.

• A. Installing malware analysis tools on the guest OS is a necessary step to perform the actual analysis within the isolated environment.
• C. Simulating Internet services using tools like INetSim is a best practice to trick malware into thinking it has external connectivity, allowing its behavior to be observed without actually connecting to the real Internet, thereby maintaining containment.
• D. Installing multiple guest operating systems allows for comprehensive testing of malware across different platforms and versions, which is a common and often crucial aspect of thorough analysis.

Concept tested. Secure Malware Lab Network Isolation

Reference. https://learn.microsoft.com/en-us/azure/security/fundamentals/network-best-practices

No community discussion yet for this question.