Q: 10
The SIEM tool informs a SOC team of a suspicious file. The team initializes the analysis with an
automated sandbox tool, sets up a controlled laboratory to examine the malware specimen, and
proceeds with behavioral analysis. What is the next step in the malware analysis process?
Options
Discussion
Its B here. After behavioral analysis in a sandbox, unpacking and memory forensics is next to dig deeper into what the malware is doing in memory. Pretty sure that's the Cisco workflow for this stuff, agree?
I see what you mean, but it's still B. Unpacking and memory forensics usually follow lab behavioral analysis in malware workflows.
B (A seems tempting but static analysis usually comes after unpacking and memory forensics).
B, not A. Unpack and memory forensics fits after behavioral stuff from what I remember.
Ugh, Cisco loves these process order questions. B
B tbh. After sandboxing and behavioral checks, you typically unpack and jump into memory forensics. Anyone think dynamic code should come first?
Its B. Similar question was clear on unpacking before deeper forensics. Good step sequence here.
Be respectful. No spam.
