CompTIA CySA+ (CS0-003) — Question 246

An incident responder was able to recover a binary file through the network traffic. The binary file was also found in some machines with anomalous behavior. Which of the following processes most likely can be performed to understand the purpose of the binary file?

Answer options

• A. File debugging
• B. Traffic analysis
• C. Reverse engineering
• D. Machine isolation

Correct answer: C

Explanation

Reverse engineering is the most appropriate method to analyze the binary file's purpose, as it involves dissecting the file to understand its functionality and behavior. File debugging is focused on identifying errors in code, traffic analysis looks at data flow rather than file behavior, and machine isolation is about containing the affected systems rather than analyzing the binary itself.