Certified Ethical Hacker (CEH v11) — Question 255

Chandler works as a pen-tester in an IT-firm in New York. As a part of detecting viruses in the systems, he uses a detection method where the anti-virus executes the malicious codes on a virtual machine to simulate CPU and memory activities. Which type of virus detection method did Chandler use in this context?

Answer options

• A. Heuristic Analysis
• B. Code Emulation
• C. Scanning
• D. Integrity checking

Correct answer: B

Explanation

The correct answer is B, Code Emulation, as it specifically refers to the process of executing potentially harmful code in a controlled virtual environment to observe its behavior. Heuristic Analysis (A) focuses on identifying unknown viruses by analyzing behavior patterns, while Scanning (C) generally involves searching for known signatures of malware, and Integrity checking (D) verifies the correctness of files but does not execute code.