What is the term for capturing the initial system state for comparison during malware analysis?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

What is the term for capturing the initial system state for comparison during malware analysis?

Explanation:
Baselining is the practice of capturing the initial system state to establish a reference for comparison during malware analysis. By recording what a known-good system looks like at the start—what software is installed, which processes and services are running, registry keys and startup items, file hashes, open network connections, and overall configuration—you create a snapshot you can reuse later. When malware or suspicious activity is introduced, you compare current evidence to this baseline to spot deviations such as new or modified files, unexpected processes, changed registry entries, or unusual network behavior. This makes it easier to detect stealthy changes and quantify the impact of the malware. Other options don’t fit as the method for capturing the initial state. Host integrity monitoring focuses on ongoing protection and alerting for changes, rather than establishing a reference snapshot you can compare against over time. Netstat shows current active network connections, not a stored state for later comparison. Strings is a tool for extracting readable text from binaries, not for documenting or preserving the system’s baseline state.

Baselining is the practice of capturing the initial system state to establish a reference for comparison during malware analysis. By recording what a known-good system looks like at the start—what software is installed, which processes and services are running, registry keys and startup items, file hashes, open network connections, and overall configuration—you create a snapshot you can reuse later. When malware or suspicious activity is introduced, you compare current evidence to this baseline to spot deviations such as new or modified files, unexpected processes, changed registry entries, or unusual network behavior. This makes it easier to detect stealthy changes and quantify the impact of the malware.

Other options don’t fit as the method for capturing the initial state. Host integrity monitoring focuses on ongoing protection and alerting for changes, rather than establishing a reference snapshot you can compare against over time. Netstat shows current active network connections, not a stored state for later comparison. Strings is a tool for extracting readable text from binaries, not for documenting or preserving the system’s baseline state.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy