CompTIA Exam CS0-003 Topic 3 Question 5 Discussion

Actual exam question for CompTIA's CS0-003 exam

Question #: 5
Topic #: 3

During the forensic analysis of a compromised machine, a security analyst discovers some binaries that are exhibiting abnormal behaviors. After extracting the strings, the analyst finds unexpected content. Which of the following is the next step the analyst should take?

AValidate the binaries' hashes from a trusted source.

BUse file integrity monitoring to validate the digital signature

CRun an antivirus against the binaries to check for malware.

DOnly allow binaries on the approve list to execute.

Show Suggested Answer

Suggested Answer: A

Validating the binaries' hashes from a trusted source is the next step the analyst should take after discovering some binaries that are exhibiting abnormal behaviors and finding unexpected content in their strings. A hash is a fixed-length value that uniquely represents the contents of a file or message. By comparing the hashes of the binaries on the compromised machine with the hashes of the original or legitimate binaries from a trusted source, such as the software vendor or repository, the analyst can determine whether the binaries have been modified or replaced by malicious code. If the hashes do not match, it indicates that the binaries have been tampered with and may contain malware.

by Alesia at Jul 28, 2023, 11:16 PM

Limited Time Offer

25%

Off

Get Premium CS0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Currently there are no comments in this discussion, be the first to comment!