The security administrator is implementing a malware storage system to archive all malware seen

by the company into a central database. The malware must be categorized and stored based on
similarities in the code. Which of the following should the security administrator use to identify
similar malware?

A.
TwoFish

B.
SHA-512

C.
Fuzzy hashes

D.
HMAC

Explanation:
Hashing is used to ensure that a message has not been altered. It can be useful for positively
identifying malware when a suspected file has the same hash value as a known piece of malware.
However, modifying a single bit of a malicious file will alter its hash value. To counter this, a
continuous stream of hash values is generated for rolling block of code. This can be used to
determine the similarity between a suspected file and known pieces of malware.