Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 62

The SIEM tool informs a SOC team of a suspicious file. The team initializes the analysis with an automated sandbox tool, sets up a controlled laboratory to examine the malware specimen, and proceeds with behavioral analysis. What is the next step in the malware analysis process?

Answer options

• A. Perform static and dynamic code analysis of the specimen.
• B. Unpack the specimen and perform memory forensics.
• C. Contain the subnet in which the suspicious file was found.
• D. Document findings and clean-up the laboratory.

Correct answer: A

Explanation

The correct answer, A, is crucial as static and dynamic code analysis allows for a deeper understanding of how the malware operates and its potential impact. Options B and C are not the immediate next steps; unpacking and memory forensics or containing a subnet can come later. Documenting findings and cleaning up the lab (option D) is important but occurs after the analysis is completed.