CompTIA CySA+ (CS0-003) — Question 108

During an incident in which a user machine was compromised, an analyst recovered a binary file that potentially caused the exploitation. Which of the following techniques could be used for further analysis?

Answer options

• A. Fuzzing
• B. Static analysis
• C. Sandboxing
• D. Packet capture

Correct answer: B

Explanation

Static analysis is the correct choice as it involves examining the code of the binary file without executing it, allowing the analyst to identify vulnerabilities or malicious patterns. Fuzzing tests how the program reacts to unexpected inputs, Sandboxing runs the program in isolation to observe behavior, and Packet capture involves monitoring network traffic, which is not directly related to analyzing the binary itself.