CompTIA CySA+ (CS0-003) — Question 113

A security analyst has received an incident case regarding malware spreading out of control on a customer's network. The analyst is unsure how to respond. The configured EDR has automatically obtained a sample of the malware and its signature. Which of the following should the analyst perform next to determine the type of malware based on its telemetry?

Answer options

• A. Cross-reference the signature with open-source threat intelligence.
• B. Configure the EDR to perform a full scan.
• C. Transfer the malware to a sandbox environment.
• D. Log in to the affected systems and run netstat.

Correct answer: A

Explanation

The correct answer is A because cross-referencing the signature with open-source threat intelligence can provide valuable insights into the nature of the malware and its known behaviors. Options B and C, while useful for further analysis, do not directly help in quickly identifying the malware type. Option D does not assist in malware identification and is more focused on network connections.