CompTIA CySA+ (CS0-003) — Question 511

A security analyst is performing an investigation involving multiple targeted Windows malware binaries. The analyst wants to gather intelligence without disclosing information to the attackers. Which of the following actions would allow the analyst to achieve the objective?

Answer options

• A. Upload the binary to an air gapped sandbox for analysis
• B. Send the binaries to the antivirus vendor
• C. Execute the binaries on an environment with internet connectivity
• D. Query the file hashes using VirusTotal

Correct answer: A

Explanation

Uploading the binary to an air gapped sandbox allows for safe analysis without internet exposure, thus keeping information secure from attackers. Sending binaries to the antivirus vendor may reveal the investigation to third parties, while executing binaries online risks triggering malware actions. Querying file hashes with VirusTotal could expose the files to public scrutiny, potentially alerting the attackers.