312-50V13 Question #364: Real Exam Question with Answer & Explanation

Question

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?

Options

• AHeuristic Analysis
• BCode Emulation
• CScanning
• DIntegrity checking

Explanation

Chandler employed code emulation, a detection method where malicious code is run in a secure virtual environment to observe its behavior without risking the host system.

Common mistakes.

• A. Heuristic analysis detects viruses by looking for suspicious characteristics, patterns, or behaviors in the code itself, without necessarily executing it in a virtual machine.
• C. Scanning (signature-based detection) identifies viruses by comparing the code to a database of known malware signatures, not by executing it in a virtual machine.
• D. Integrity checking verifies the authenticity and unaltered state of files by comparing their current hashes or checksums against a known good baseline, which is not related to executing malicious code in a VM.

Concept tested. Antivirus detection methods

Reference. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/detect-and-block-potentially-unwanted-apps?view=o365-worldwide#what-are-potentially-unwanted-applications

No community discussion yet for this question.