CISSP Question #1101: Real Exam Question with Answer & Explanation

Question

What is static analysis intended to do when analyzing an executable file?

Options

• ACollect evidence of the executable file's usage, including dates of creation and last use.
• BSearch the documents and files associated with the executable file.
• CAnalyze the position of the file in the file system and the executable file's libraries.
• DDisassemble the file to gather information about the executable file's function.

Explanation

Static analysis examines an executable file without executing it, using disassembly and other techniques to understand its structure and functionality.

Common mistakes.

• A. Collecting file metadata such as creation dates and last-used timestamps is a forensic artifact collection task, not static analysis of an executable's code or function.
• B. Searching associated documents and files describes a broader forensic investigation or file system analysis activity, not the disassembly and code inspection that defines static analysis.
• C. Examining a file's location in the file system and its linked libraries describes aspects of dynamic or environmental analysis and basic file profiling, not the deeper code-level disassembly that static analysis performs.

Concept tested. Static analysis techniques for malware examination

Reference. https://www.cisa.gov/sites/default/files/publications/CISA_Executive_Primer_Malware_Analysis.pdf

No community discussion yet for this question.