ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-201 All Questions

View all questions & answers for the 350-201 exam
Go to Exam

Exam 350-201 topic 1 question 109 discussion

Actual exam question from Cisco's 350-201
Question #: 109
Topic #: 1
[All 350-201 Questions]

The SIEM tool informs a SOC team of a suspicious file. The team initializes the analysis with an automated sandbox tool, sets up a controlled laboratory to examine the malware specimen, and proceeds with behavioral analysis. What is the next step in the malware analysis process?

  • A. Perform static and dynamic code analysis of the specimen.
  • B. Unpack the specimen and perform memory forensics.
  • C. Contain the subnet in which the suspicious file was found.
  • D. Document findings and clean-up the laboratory.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by Bobster02 at Nov. 29, 2021, 1:04 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bobster02
Highly Voted 3 years, 5 months ago
Selected Answer: A
A. Perform static and dynamic code analysis of the specimen.
upvoted 7 times
...
TrainingTeam
Most Recent 6 months, 2 weeks ago
Selected Answer: A
Following behavioral analysis in a controlled laboratory, the next step in the malware analysis process is to perform static and dynamic code analysis of the specimen. Static analysis involves examining the malware without executing it, while dynamic analysis involves observing the malware's behavior in a controlled environment. These analyses provide deeper insights into the malware's capabilities and intentions2.
upvoted 1 times
...
jay_c_an
1 year, 10 months ago
B. A is for software developers to identify vulnerabilites. Memory forensics is required.
upvoted 1 times
jay_c_an
1 year, 9 months ago
It is malware so no source code to run static analysis. Only dynamic analysis can be performed. Also, isn't static and dynamic analysis run to identify vulnerabilities in the code?
upvoted 1 times
...
...
DrVoIP
2 years, 2 months ago
The next step in the malware analysis process would be to perform static and dynamic code analysis of the specimen. After performing behavioral analysis, static analysis involves examining the code and characteristics of the malware to identify any recognizable patterns or signatures, while dynamic analysis involves observing the behavior of the malware in a controlled environment to understand its methods of attack and any associated network communications. These steps help in developing countermeasures and detection methods for similar types of malware. - ChatGPT
upvoted 2 times
...
ETSec
2 years, 3 months ago
Selected Answer: A
A. Perform static and dynamic code analysis of the specimen.
upvoted 1 times
...
kyle942
2 years, 3 months ago
Selected Answer: B
https://www.sans.org/blog/3-phases-of-malware-analysis-behavioral-code-and-memory-forensics/ Memory analysis examines memory of the infected system to extract artifacts relevant to the malicious program. In the context of reverse-engineering malware, memory analysis can help identify malicious code that is trying to hide itself (i.e., rootkits), can clarify the program's run-time dependencies, and can explain how the specimen was used on the victim's system. Memory analysis saves time and allows the investigator to take shortcuts when studying the specimen's behavior or code.
upvoted 1 times
...
jaciro11
2 years, 8 months ago
Selected Answer: A
https://sansorg.egnyte.com/dl/oZleNgF6uF A would be the next step :)
upvoted 1 times
...
chongchangchi
3 years ago
Selected Answer: B
The static and dynamic analysis was already done. the question is the next step for the behavioral analysis I'll go with the answer B for memory forensic.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago