nerdexam
GIAC

GREM · Question #67

GREM Question #67: Real Exam Question with Answer & Explanation

The correct answer is A. Disable macros and examine the document in a sandbox. B. Decompile the macro and search for obfuscated code. C. Investigate network traffic for outgoing connections made by the macro.. See the full explanation below for the reasoning.

Question

You are analyzing a suspicious Office document received as an email attachment. Upon opening, you notice the document attempts to run a macro that accesses external servers and makes changes to the registry. Which of the following actions should be taken to confirm the malicious intent of the macro? (Choose three)

Options

  • ADisable macros and examine the document in a sandbox.
  • BDecompile the macro and search for obfuscated code.
  • CInvestigate network traffic for outgoing connections made by the macro.
  • DCheck if the macro is digitally signed by a trusted authority.
  • EVerify if the document contains unusual formatting commands.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full GREM Practice