CompTIA Security+ (SY0-701) — Question 578

A security analyst receives an alert that there was an attempt to download known malware. Which of the following actions would allow the best chance to analyze the malware?

Answer options

• A. Review the IPS logs and determine which command-and-control IPs were blocked.
• B. Analyze application logs to see how the malware attempted to maintain persistence.
• C. Run vulnerability scans to check for systems and applications that are vulnerable to the malware
• D. Obtain and execute the malware in a sandbox environment and perform packet captures.

Correct answer: D

Explanation

The best option for analyzing the malware is to obtain and execute it in a sandbox environment, as this allows for safe observation of its behavior without risking the production environment. Reviewing IPS logs, analyzing application logs, and running vulnerability scans provide useful information but do not directly allow for the detailed analysis of the malware's actions.