New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA CS0-003 Exam - Topic 3 Question 19 Discussion

Actual exam question for CompTIA's CS0-003 exam
Question #: 19
Topic #: 3
[All CS0-003 Questions]

A security analyst is performing an investigation involving multiple targeted Windows malware binaries. The analyst wants to gather intelligence without disclosing information to the attackers. Which of the following actions would allow the analyst to achieve the objective?

Show Suggested Answer Hide Answer
Suggested Answer: A

An air-gapped sandbox is a virtual machine or a physical device that is isolated from any network connection. This allows the analyst to safely execute the malware binaries and observe their behavior without risking any communication with the attackers or any damage to other systems. Uploading the binary to an air-gapped sandbox is the best option to gather intelligence without disclosing information to the attackers12 Reference: 1: Dynamic Analysis of a Windows Malicious Self-Propagating Binary 2: GitHub - mikesiko/PracticalMalwareAnalysis-Labs: Binaries for the book Practical Malware Analysis


by Jaime at May 11, 2024, 09:35 AM

Limited Time Offer

25%

Off

Get Premium CS0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Antonio
3 months ago
Querying hashes on VirusTotal might expose the files too.
upvoted 0 times
...
Dacia
3 months ago
I’m surprised they even suggested executing binaries online!
upvoted 0 times
...
Latrice
3 months ago
Sending to antivirus vendors could leak info, right?
upvoted 0 times
...
Paris
4 months ago
Totally agree, air-gapped is the way to go!
upvoted 0 times
...
Lorrie
4 months ago
A is the safest option for analysis.
upvoted 0 times
...
Lenna
4 months ago
Querying file hashes on VirusTotal seems like a safe option, but I wonder if it could still leak some information to the attackers.
upvoted 0 times
...
Mari
4 months ago
I feel like executing the binaries in a connected environment is definitely a bad idea, but I can't recall why exactly.
upvoted 0 times
...
Melina
4 months ago
I'm not entirely sure, but I think sending binaries to antivirus vendors might not be the best choice since it could potentially alert the attackers.
upvoted 0 times
...
Krystina
5 months ago
I remember we discussed the importance of using an air-gapped environment for malware analysis to avoid any risk of exposure.
upvoted 0 times
...
Chanel
5 months ago
Hmm, querying the file hashes on VirusTotal might be a good starting point, but I'm not sure if that would give me the level of detail I need for this investigation.
upvoted 0 times
...
Sherly
5 months ago
Sending the binaries to the antivirus vendor could be a good idea, but I'm not sure if that would fully achieve the objective of gathering intelligence without disclosing information.
upvoted 0 times
...
Francoise
5 months ago
Uploading the binary to an air-gapped sandbox sounds like the safest bet to me. That way, I can analyze it without risking any exposure to the attackers.
upvoted 0 times
...
Stevie
5 months ago
Hmm, this seems like a tricky one. I'll need to think carefully about the potential risks and benefits of each option.
upvoted 0 times
...
Lore
5 months ago
Okay, let's see. I'm pretty sure executing the binaries on an internet-connected environment is a big no-no, so I can rule that out right away.
upvoted 0 times
...
Alonzo
5 months ago
I'm a bit confused by this question. I know the Power Platform is related to Microsoft Business Applications, but I'm not sure which specific products are included. I'll have to make an educated guess.
upvoted 0 times
...
Lavonda
5 months ago
I'm pretty confident on this one. Since the data was obtained from other sources, the controller has a reasonable period to provide the privacy information, but no later than one month. Option C seems like the clear answer here.
upvoted 0 times
...
Keneth
5 months ago
Okay, let's think this through step-by-step. The key is to identify the two conditions that would allow the sales reps to change account or contract details for a created order.
upvoted 0 times
...
Olive
5 months ago
I think Option D is saying that family rates end up being higher, which makes sense from what we've studied, but I feel like I need to double-check that assumption.
upvoted 0 times
...
Jesusita
5 months ago
I feel pretty confident about this one. The third option about legal requirements affecting contract content and language seems like the most comprehensive and accurate statement to me. I'll go with that.
upvoted 0 times
...

Save Cancel