CompTIA Security+ (SY0-701) — Question 477

A security engineer needs to quickly identify a signature from a known malicious file. Which of the following analysis methods would the security engineer most likely use?

Answer options

• A. Static
• B. Sandbox
• C. Network traffic
• D. Package monitoring

Correct answer: A

Explanation

The correct answer is A, as static analysis involves examining the file without executing it, allowing for quick identification of signatures. Options B, C, and D involve different approaches such as dynamic execution, monitoring network activity, or observing package data, which are not as immediate for signature recognition.