PrepAway - Latest Free Exam Questions & Answers

Which of the following should the security administrato…

The security administrator is implementing a malware storage system to archive all malware seen by the
company into a central database. The malware must be categorized and stored based on similarities in the
code. Which of the following should the security administrator use to identify similar malware?

PrepAway - Latest Free Exam Questions & Answers

A.
TwoFish

B.
SHA-512

C.
Fuzzy hashes

D.
HMAC

Explanation:
Hashing is used to ensure that a message has not been altered. It can be useful for positively identifying
malware when a suspected file has the same hash value as a known piece of malware. However, modifying a
single bit of a malicious file will alter its hash value. To counter this, a continuous stream of hash values is
generated for rolling block of code. This can be used to determine the similarity between a suspected file and
known pieces of malware.

PrepAway - Latest Free Exam Questions & Answers

Leave a Reply