GIAC
GREM · Question #84
GREM Question #84: Real Exam Question with Answer & Explanation
Sign in or unlock GREM to reveal the answer and full explanation for question #84. The question stem and answer options stay visible for context.
Question
You are performing static analysis on a suspicious Windows executable. The file has an unusual section labeled .rsrc and imports numerous suspicious DLLs, such as advapi32.dll. What steps should you take to gather more information? (Choose three)
Options
- AReview the imports to identify key functions that might suggest malicious behavior.
- BUse a tool like Strings to extract any readable text from the binary.
- CPerform dynamic analysis to observe the behavior when the executable is run.
- DAnalyze the PE header to understand the executable's structure.
- EAttempt to execute the file to see if it triggers any network activity.
Unlock GREM to see the answer
You've previewed enough free GREM questions. Unlock GREM for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.