350-201(NEW-127Q) · Question #58
350-201(NEW-127Q) Question #58: Real Exam Question with Answer & Explanation
The correct answer is B. Perform malware string analysis.. Malware string analysis (B) is correct because the strings command (or similar tools) extracts human-readable text embedded in a binary - this is precisely how analysts surface hardcoded IP addresses, error messages, and code comments without executing the file. It's a core stati
Question
Options
- APerform portable executable header analysis.
- BPerform malware string analysis.
- CExamine the malware using antivirus scanners.
- DExamine the malware hash types.
Explanation
Malware string analysis (B) is correct because the strings command (or similar tools) extracts human-readable text embedded in a binary - this is precisely how analysts surface hardcoded IP addresses, error messages, and code comments without executing the file. It's a core static analysis technique that works on any file format, including Linux ELF binaries.
Why the distractors are wrong:
- A (PE header analysis) applies to Windows Portable Executable files, not Linux ELF binaries - wrong platform entirely.
- C (antivirus scanners) is a detection tool, not an inspection tool; it tells you if something is malicious, not what IPs or messages are embedded.
- D (hash analysis) only produces a fingerprint for identification/lookup purposes - it reveals nothing about the file's internal content.
Memory tip: Think of strings analysis as "reading the mail inside the package" - you're pulling out all readable text before ever running the code. If the question mentions finding embedded IPs, URLs, error messages, or comments in a static context, the answer is almost always strings.
Topics
Community Discussion
No community discussion yet for this question.