I passed with 900 points.
The correct answer to this question is static analysis, not reverse engineering.
I believe reverse engineering is the term for analyzing software.
Congratulations,
I have a question, did you use only this dump? or did you use 002 as well. Also, Were the questions the same or similar? How many would you say you saw same questions from this dump. 900 is impressive.
I only used this question bank.
I think I got a good score because I had some work experience.
The questions were very similar, but there were a few questions that were not in this book.
Thanks for your support!
Good luck!
C) Reverse engineering.
From Certmaster Topic 5B: Understanding Vulnerability Scanning Methods:
Reverse Engineering
Reverse engineering describes deconstructing software and/or hardware to determine how it is crafted. Reverse engineering's objective is to determine how much information can be extracted from delivered software. For example, reverse engineering can sometimes extract source code, identify software methods and languages used, developer comments, variable names and types, system and web calls, and many other things. An adversary can perform reverse engineering on a software patch to identify the vulnerabilities it is crafted to fix, or an analyst can perform reverse engineering on malware to determine how it operates.
It's a compiled binary, the only static analysis you can do would be on the assembly. At that point you would just throw it into a decomplier and call it reverse engineering. Plus, reverse engineering is a more comprehensive term that includes active analysis like running it in a sandbox.
Here is why I will go with C:
B. Static Analysis – While static analysis (examining the binary without executing it) is useful, reverse engineering provides a deeper level of understanding, especially when debugging or decompiling the file.
Static analysis involves examining the binary without executing it, looking at its structure, headers, strings, and other embedded data. This technique helps identify suspicious patterns, imports, or potential exploits within the binary, and is the most common initial step for analyzing malicious binaries.
No offense to anyone who scored well on this. But static would not be the best to analyze this code. Static is what we would likely do first to determine if it's malicious or vulnerable. Here... We know that it's malicious and static does not run the code to determine it's actions and what it might be targeting and that would be the entire purpose around analyzing this code. We need to dissect it in a sandbox and figure out not only what the code does, but what it's target is, how it's intended to exploit, what techniques it may use for privelege escalation and more. Once again, you know it's malicious, why do you run a static? Root cause people. Static will not allow us to see enough to even report this on Mitre Attack. :)
Answer is C
Revrse Engineering allows the analyst to disassemble the binary to understand its behavior, functionality and potential impact, which is crucial for malware analysis. Static and code analysis can also be useful but reverse engineering provides a deeper understanding of compiled binaries
In compiled languages, such as Java and C/C++, the developer uses a tool called a compiler to convert the source code into binary code that is readable by the computer. This binary code is what is often distributed to users of the software, and it is very difficult, if not impossible, to examine binary code and determine what it is doing, making the reverse engineering of compiled languages much more difficult.
Even a donkey would know it's D.
Reverse engineering is much more broad and you were ask the specific TECHNIQUE of what you were going to do, not WHAT you were going to do.
I'm voting for B because I've seen this on multiple study sources that static analysis is the safe way to analyze malicious code, and reverse engineering is incredibly difficult.
static analysis (static code analysis)Static analysis, also called static code analysis, is a method of computer program debugging that is done by examining the code without executing the program. The process provides an understanding of the code structure and can help ensure that the code adheres to industry standards. Static analysis is used in software engineering by software development and quality assurance teams. Automated tools can assist programmers and developers in carrying out static analysis. The software will scan all code in a project to check for vulnerabilities while validating the code.https://www.techtarget.com/whatis/definition/static-analysis-static-code-analysis
A and B are the same think, Static analysis or Code Analysis means the same the, the names are used interchangeably. Therefore C is the best correct answer.
Static analysis and reverse engineering are both helpful but if you have to choose, it is better to go for reverse engineering because it will provide you with much more information. If the question specifically said: what is the first thing you have to do? then the answer would be static analysis. But often with static analysis you don't get much information, so in this case it should be reverse engineering I believe.
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
hiraharu06
Highly Voted 9 months, 4 weeks agoIykbay
9 months, 1 week agokaankaan967
9 months, 3 weeks agohiraharu06
9 months, 2 weeks ago[Removed]
Highly Voted 1 year, 5 months agoRandomPerson3
Most Recent 1 week, 3 days agonewenglandgirl1078
2 weeks, 4 days agoTyrionL26
1 month, 2 weeks agoRobuste7
2 months, 2 weeks agoMarcinEm
2 months, 2 weeks agofuzzyguzzy
5 months, 3 weeks agoFreshly
6 months ago[Removed]
7 months, 1 week agocy_analyst
7 months, 1 week agokazanrani
8 months, 2 weeks agokazanrani
9 months agoMyfeedins479
9 months agoRee1234
11 months, 2 weeks agoKanika786
12 months agoMehe323
12 months agodave_delete_me
1 year ago