Performing CyberOps Using Cisco Security Technologies (CBRCOR) — Question 87

An engineer is utilizing interactive behavior analysis to test malware in a sandbox environment to see how the malware performs when it is successfully executed.
A location is secured to perform reverse engineering on a piece of malware. What is the next step the engineer should take to analyze this malware?

Answer options

• A. Run the program through a debugger to see the sequential actions
• B. Unpack the file in a sandbox to see how it reacts
• C. Research the malware online to see if there are noted findings
• D. Disassemble the malware to understand how it was constructed

Correct answer: A

Explanation

The correct answer is A because using a debugger allows the engineer to step through the malware's execution, observing its actions in real-time. Option B is incorrect as unpacking in a sandbox does not provide the same level of detailed insight into the execution flow. Option C, while useful for context, does not directly aid in immediate analysis, and Option D focuses on static analysis rather than the dynamic behavior being observed.