Exam 350-201 topic 1 question 85 discussion

A would be the smartest choice

this was on recent test question. Agree with A. Doesn't make sense to place it in a sandbox for online research.

The next step the engineer should take is to run the program through a debugger to see the sequential actions. This will allow the engineer to step through the malware code and understand what it is doing at each step, including any malicious actions it may be attempting. Debugging can help the engineer identify potential vulnerabilities in the system and develop effective countermeasures. - chatGPT

D. Disassemble the malware to understand how it was constructed After securing a location to perform reverse engineering on a piece of malware, the next step the engineer should take is to disassemble the malware. Disassembly is the process of converting machine code into assembly code, which is a more human-readable form of the code. This allows the engineer to understand how the malware was constructed and how it works. The engineer can also identify any malicious functions and understand the malware's behavior and purpose.

Second sentence says the RE is about to perform - so I will go with D as it is part of RE and that is the next step.

for me it should be A is the answer "Run the program through a debugger to see the sequential actions" before in the first place why did you put and analyze the malware on a isolated sandbox if you have just search it online? They're a lot of tools to perform static and dynamic malware analysis like Malware STATIC Analysis tools: Hybrid Analysis Cuckoo Sandbox Jotti Valkyrie Sandbox Malware DYNAMIC Analysis tools: Process Explorer OpManager Monit Advanced Windows Service Manager Process Hacker Netwrix Service Monitor AnVir Task Manager please correct me if I'm wrong.