ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 200-201 All Questions

View all questions & answers for the 200-201 exam
Go to Exam

Exam 200-201 topic 1 question 253 discussion

Actual exam question from Cisco's 200-201
Question #: 253
Topic #: 1
[All 200-201 Questions]


Refer to the exhibit. An engineer is reviewing a Cuckoo report of a file. What must the engineer interpret from the report?

  • A. The file will monitor user activity and send the information to an outside source.
  • B. The file will Insert itself into an application and execute when the application is run.
  • C. The file will appear legitimate by evading signature-based detection.
  • D. The file will not execute its behavior in a sandbox environment to avoid detection.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Eng_ahmedyoussef at Oct. 7, 2022, 10:19 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
SecurityGuy
9 months, 2 weeks ago
Selected Answer: D
vmdetect and anti_debug. Sandbox is usually done via VMs or isolated environment, these types of malware doesn't run when it detects those conditions.
upvoted 3 times
...
theodorrrr
1 year, 7 months ago
why D any explanation?
upvoted 1 times
weganos
1 year, 5 months ago
Because of the anti_dbg under Yara.
upvoted 4 times
...
...
Eng_ahmedyoussef
1 year, 8 months ago
D. The file will not execute its behavior in a sandbox environment to avoid detection.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel