GIAC
GREM · Question #188
GREM Question #188: Real Exam Question with Answer & Explanation
The correct answer is A. Use Process Monitor to track the process creation and registry modifications. B. Use a network monitoring tool to capture and analyze outbound network traffic. D. Isolate the malware in a sandbox environment to prevent it from affecting the host system.. See the full explanation below for the reasoning.
Question
You are performing malware analysis on a suspicious executable. The sample creates multiple new processes, modifies the registry, and connects to external IP addresses during execution. How would you proceed to capture and analyze this behavior? (Choose three)
Options
- AUse Process Monitor to track the process creation and registry modifications.
- BUse a network monitoring tool to capture and analyze outbound network traffic.
- CHash the sample to ensure its integrity before and after execution.
- DIsolate the malware in a sandbox environment to prevent it from affecting the host system.
- EUse IDA Pro to statically analyze the malware's assembly code.
Community Discussion
No community discussion yet for this question.