CompTIA
N10-005 · Question #445
N10-005 Question #445: Real Exam Question with Answer & Explanation
The correct answer is B: Virtual machines. Virtual machines provide isolated sandboxed environments where malware can be safely executed, observed, and reverse-engineered without risk of infecting the production system, and snapshots allow easy rollback.
Question
Which of the following assists a network administrator in reverse engineering malware and viruses?
Options
- AVirtual switches
- BVirtual machines
- CVLANs
- DIDS
Explanation
Virtual machines provide isolated sandboxed environments where malware can be safely executed, observed, and reverse-engineered without risk of infecting the production system, and snapshots allow easy rollback.
Common mistakes.
- A. Virtual switches are software-defined Layer 2 switches used to connect virtual machines within a hypervisor environment - they provide networking between VMs but are not themselves analysis or sandboxing tools.
- C. VLANs are used to logically segment networks to control traffic flow - they do not provide an execution environment for safely running and analyzing malware.
- D. An IDS (Intrusion Detection System) monitors network or host activity for suspicious patterns and generates alerts - it detects threats but does not provide an isolated environment for hands-on malware reverse engineering.
Concept tested. Virtual machines as malware analysis sandboxes
Reference. https://www.vmware.com/topics/glossary/content/virtual-machine
Community Discussion
No community discussion yet for this question.