CISSP · Question #1101
What is static analysis intended to do when analyzing an executable file?
The correct answer is D. Disassemble the file to gather information about the executable file's function.. Static analysis examines an executable file without executing it, using disassembly and other techniques to understand its structure and functionality.
Question
Options
- ACollect evidence of the executable file's usage, including dates of creation and last use.
- BSearch the documents and files associated with the executable file.
- CAnalyze the position of the file in the file system and the executable file's libraries.
- DDisassemble the file to gather information about the executable file's function.
How the community answered
(20 responses)- A10% (2)
- B5% (1)
- D85% (17)
Why each option
Static analysis examines an executable file without executing it, using disassembly and other techniques to understand its structure and functionality.
Collecting file metadata such as creation dates and last-used timestamps is a forensic artifact collection task, not static analysis of an executable's code or function.
Searching associated documents and files describes a broader forensic investigation or file system analysis activity, not the disassembly and code inspection that defines static analysis.
Examining a file's location in the file system and its linked libraries describes aspects of dynamic or environmental analysis and basic file profiling, not the deeper code-level disassembly that static analysis performs.
Static analysis involves inspecting a binary without running it, which includes disassembling the machine code into assembly language instructions to understand the program's logic, identify malicious functions, detect embedded strings, and map imported libraries - all without executing the potentially harmful code.
Concept tested: Static analysis techniques for malware examination
Source: https://www.cisa.gov/sites/default/files/publications/CISA_Executive_Primer_Malware_Analysis.pdf
Topics
Community Discussion
No community discussion yet for this question.