CompTIA CASP+ (CAS-004) — Question 211
A security analyst has concerns about malware on an endpoint. The malware is unable to detonate by modifying the kernel response to various system calls. As a test, the analyst modifies a Windows server to respond to system calls as if it was a Linux server. In another test, the analyst modifies the operating system to prevent the malware from identifying target files. Which of the following techniques is the analyst MOST likely using?
Answer options
- A. Honeypot
- B. Deception
- C. Simulators
- D. Sandboxing
Correct answer: B
Explanation
The correct answer is B, Deception, as the analyst is using techniques to mislead the malware, such as altering the system's responses and masking target files. A Honeypot (A) involves creating a fake environment to attract attackers, Simulators (C) replicate environments for testing but do not deceive malware, and Sandboxing (D) isolates malware to analyze its behavior, which does not align with the described modifications.