Which technique is used to detect new or unknown viruses by analyzing behavior rather than signatures?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which technique is used to detect new or unknown viruses by analyzing behavior rather than signatures?

Explanation:
Detecting new or unknown viruses by analyzing behavior rather than relying on known patterns is accomplished through heuristic analysis. This approach looks at what the software does and how it behaves—suspicious actions like unusual file changes, attempts to modify startup items, code injection, self-replication, or unusual network communication—and uses rules or general behavioral indicators to flag potential malware. Since it doesn’t hinge on a specific signature, it can identify new or mutated threats that haven’t been cataloged yet, making it valuable for zero-day detection. However, because it evaluates behavior rather than exact byte patterns, it can produce some false positives, which is a trade-off for catching unknown malware. The other options don’t fit this use: API Monitor is a tool for observing API calls rather than a malware detection method; DNSChanger refers to a specific malware family that alters DNS settings; and network analysis covers broader traffic inspection, not the targeted behavioral-detection technique described here.

Detecting new or unknown viruses by analyzing behavior rather than relying on known patterns is accomplished through heuristic analysis. This approach looks at what the software does and how it behaves—suspicious actions like unusual file changes, attempts to modify startup items, code injection, self-replication, or unusual network communication—and uses rules or general behavioral indicators to flag potential malware. Since it doesn’t hinge on a specific signature, it can identify new or mutated threats that haven’t been cataloged yet, making it valuable for zero-day detection. However, because it evaluates behavior rather than exact byte patterns, it can produce some false positives, which is a trade-off for catching unknown malware. The other options don’t fit this use: API Monitor is a tool for observing API calls rather than a malware detection method; DNSChanger refers to a specific malware family that alters DNS settings; and network analysis covers broader traffic inspection, not the targeted behavioral-detection technique described here.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy