PrepAway - Latest Free Exam Questions & Answers

Which of the following can the researcher do to determi…

A security researcher wants to reverse engineer an executable file to determine if it is malicious. The file was
found on an underused server and appears to contain a zero-day exploit. Which of the following can the
researcher do to determine if the file is malicious in nature?

PrepAway - Latest Free Exam Questions & Answers

A.
TCP/IP socket design review

B.
Executable code review

C.
OS Baseline comparison

D.
Software architecture review

Explanation:
Zero-Day Exploits begin exploiting holes in any software the very day it is discovered. It is very difficult to
respond to a zero-day exploit. Often, the only thing that you as a security administrator can do is to turn off the
service. Although this can be a costly undertaking in terms of productivity, it is the only way to keep the network
safe. In this case you want to check if the executable file is malicious. Since a baseline represents a secure
state, it would be possible to check the nature of the executable file in an isolated environment against the OS
baseline.


Leave a Reply