Implementing Cisco Cybersecurity Operations (SECOPS, legacy) — Question 5

Which description of a retrospective malware detection is true?

Answer options

• A. You use Wireshark to identify the malware source.
• B. You use historical information from one or more sources to identify the affected host or file.
• C. You use information from a network analyzer to identify the malware source.
• D. You use Wireshark to identify the affected host or file.

Correct answer: B

Explanation

The correct answer, B, highlights the use of historical data to identify compromised systems or files, which is essential in retrospective malware detection. Options A and C incorrectly suggest that Wireshark or a network analyzer is used primarily to find the malware's source, while option D inaccurately states that Wireshark can identify affected hosts or files in this context.