A security researcher wants to reverse engineer an executable file to determine if it is malicious.
The file was found on an underused server and appears to contain a zero-day exploit. Which of
the following can the researcher do to determine if the file is malicious in nature?

A.
TCP/IP socket design review

B.
Executable code review

C.
OS Baseline comparison

D.
Software architecture review

Explanation:
Zero-Day Exploits begin exploiting holes in any software the very day it is discovered. It is very
difficult to respond to a zero-day exploit. Often, the only thing that you as a security administrator
can do is to turn off the service. Although this can be a costly undertaking in terms of productivity,
it is the only way to keep the network safe. In this case you want to check if the executable file is
malicious. Since a baseline represents a secure state is would be possible to check the nature of
the executable file in an isolated environment against the OS baseline.