Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?
A document that appears to be malicious has been discovered in an email that was sent to a company’s Chief Financial Officer (CFO).
Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?
A . Open the document on an air-gapped network
B . View the document’s metadata for origin clues
C . Search for matching file hashes on malware websites
D . Detonate the document in an analysis sandbox
Answer: D
Latest SY0-601 Dumps Valid Version with 396 Q&As
Latest And Valid Q&A | Instant Download | Once Fail, Full Refund
Detonating the code will execute it. “Search for matching file hashes on malware websites” should be the correct answer