Exam4Training

Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?

A document that appears to be malicious has been discovered in an email that was sent to a company’s Chief Financial Officer (CFO).

Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?
A . Open the document on an air-gapped network
B . View the document’s metadata for origin clues
C . Search for matching file hashes on malware websites
D . Detonate the document in an analysis sandbox

Answer: D

Latest SY0-601 Dumps Valid Version with 396 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Exit mobile version