CompTIA CySA+ (CS0-002) — Question 418

During the forensic analysis of a compromised machine, a security analyst discovers some binaries that are exhibiting abnormal behaviors. After extracting the strings, the analyst finds unexpected content. Which of the following is the NEXT step the analyst should take?

Answer options

• A. Validate the binaries' hashes from a trusted source.
• B. Use file integrity monitoring to validate the digital signature.
• C. Run an antivirus against the binaries to check for malware.
• D. Only allow whitelisted binaries to execute.

Correct answer: A

Explanation

The correct answer, A, is important because validating the binaries' hashes helps ensure that they have not been tampered with and can establish their authenticity. Options B and C, while useful, do not directly confirm the legitimacy of the binaries in question. Option D is more of a preventive measure rather than a step in the analysis process.