CompTIA Security+ (SY0-501) — Question 500
A security professional wants to test a piece of malware that was isolated on a user's computer to document its effect on a system. Which of the following is the
FIRST step the security professional should take?
Answer options
- A. Create a sandbox on the machine.
- B. Open the file and run it.
- C. Create a secure baseline of the system state.
- D. Harden the machine.
Correct answer: C
Explanation
Creating a secure baseline of the system state is essential as it provides a reference point to evaluate any changes caused by the malware. Opening and running the file (Option B) is dangerous and could lead to further infections. Creating a sandbox (Option A) can be part of the process, but it should be done after establishing a baseline. Hardening the machine (Option D) may improve security but does not directly relate to documenting the malware's effects.