CompTIA CySA+ (CS0-003) — Question 250

An employee received a phishing email that contained malware targeting the company. Which of the following is the best way for a security analyst to get more details about the malware and avoid disclosing information?

Answer options

• A. Upload the malware to the VirusTotal website.
• B. Share the malware with the EDR provider.
• C. Hire an external consultant to perform the analysis.
• D. Use a local sandbox in a microsegmented environment.

Correct answer: D

Explanation

Using a local sandbox in a microsegmented environment allows for safe analysis of the malware without risking exposure to the wider network. Uploading to VirusTotal or sharing with the EDR provider could potentially disclose sensitive information, while hiring an external consultant may not guarantee confidentiality.