CompTIA CySA+ (CS0-003) — Question 138

A security analyst has identified a new malware file that has impacted the organization. The malware is polymorphic and has built-in conditional triggers that require a connection to the internet. The CPU has an idle process of at least 70%. Which of the following best describes how the security analyst can effectively review the malware without compromising the organization’s network?

Answer options

• A. Utilize an RDP session on an unused workstation to evaluate the malware.
• B. Disconnect and utilize an existing infected asset off the network.
• C. Create a virtual host for testing on the security analyst workstation.
• D. Subscribe to an online service to create a sandbox environment.

Correct answer: D

Explanation

The correct answer is D because subscribing to an online service to create a sandbox environment allows the analyst to safely analyze the malware in isolation without risking the organization's network. Option A is risky as it involves using a potentially compromised machine, B could lead to further infections, and C does not provide the same level of isolation and security as a dedicated sandbox environment.