Cisco
350-201(NEW-127Q) · Question #37
350-201(NEW-127Q) Question #37: Real Exam Question with Answer & Explanation
Sign in or unlock 350-201(NEW-127Q) to reveal the answer and full explanation for question #37. The question stem and answer options stay visible for context.
Incident Response and Investigation
Question
An analyst is investigating a potentially malicious program. Static analysis showed suspicious header details, hashes, and strings embedded within the executable file. The analyst cannot determine the indications of compromise and other file characteristics. Which set of steps should an analyst take next?
Options
- APerform interactive behavior analysis to understand how the file uses memory and connectivity to reveal behavioral characteristics.
- BAnalyze the static properties of the file as a part of the incident triage effort, summarize the results, and report to management that the file is suspicious, but indicators of compromise were not defined.
- CUse a limited guest account and production environment to determine the connectivity to reveal if the file uses the host as a command-and-control server.
- DAnalyze the program in antivirus engines and compare the file to the known malware to determine the attack vector of the file and define its attributes.
Unlock 350-201(NEW-127Q) to see the answer
You've previewed enough free 350-201(NEW-127Q) questions. Unlock 350-201(NEW-127Q) for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.
Topics
#Malware Analysis#Dynamic Analysis#Incident Response#Forensics