nerdexam
CompTIA

SY0-301 · Question #789

A security researcher wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the fo

The correct answer is C. OS Baseline comparison. Because the exploit is zero-day, it will not have known signatures in antivirus databases, making traditional signature scanning ineffective. An OS Baseline comparison involves comparing the current system state - files, registry entries, running processes, and configurations - a

Threats, vulnerabilities, and mitigations

Question

A security researcher wants to reverse engineer an executable file to determine if it is malicious. The file was found on an underused server and appears to contain a zero-day exploit. Which of the following can the researcher do to determine if the file is malicious in nature?

Options

  • ATCP/IP socket design review
  • BExecutable code review
  • COS Baseline comparison
  • DSoftware architecture review

How the community answered

(18 responses)
  • A
    6% (1)
  • B
    17% (3)
  • C
    72% (13)
  • D
    6% (1)

Explanation

Because the exploit is zero-day, it will not have known signatures in antivirus databases, making traditional signature scanning ineffective. An OS Baseline comparison involves comparing the current system state - files, registry entries, running processes, and configurations - against a known-good, clean snapshot (the baseline). Deviations from the baseline reveal unauthorized files, modified system files, or suspicious changes the executable may have caused, indicating malicious behavior. This is a key forensic and heuristic technique for detecting unknown malware. Executable code review (B) is a valid reverse engineering technique, but OS baseline comparison is more practical for quickly determining if the file has already impacted the system. TCP/IP socket and software architecture reviews (A, D) do not directly analyze the binary's behavior or impact.

Topics

#malware analysis#OS baseline comparison#zero-day exploit#forensics

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice