Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?

SY0-601 1 Comment

A document that appears to be malicious has been discovered in an email that was sent to a company’s Chief Financial Officer (CFO) .

Which of the following would be BEST to allow a security analyst to gather information and confirm it is a malicious document without executing any code it may contain?
A . Open the document on an air-gapped network
B . View the document’s metadata for origin clues
C . Search for matching file hashes on malware websites
D . Detonate the document in an analysis sandbox

Answer: D

Latest SY0-601 Dumps Valid Version with 396 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download SY0-601 PDF     SY0-601 Questions Online Training
Subscribe
Notify of
guest
1 Comment
Inline Feedbacks
View all comments
Dirk
Dirk
2 years ago

But executing the code is exactly what detonating it does?
Shouldn’t the answer be C. Search for matching hashes?

0
Reply