Which term describes the process of capturing the system state at the start of malware analysis?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the Certified Ethical Hacker Version 11 Exam with a comprehensive test featuring flashcards and multiple choice questions, each accompanied by hints and explanations to ensure a thorough understanding. Ace your ethical hacking exam with confidence!

Multiple Choice

Which term describes the process of capturing the system state at the start of malware analysis?

Explanation:
Baselining is the practice of capturing a reference snapshot of a system’s state at a known point in time, usually at the start of malware analysis. This initial capture includes running processes, open network connections, startup items, loaded modules, registry keys, file hashes, and other indicators of normal operation. Having this baseline makes it possible to compare future data and quickly spot deviations caused by malware, such as new processes, unfamiliar connections, altered files, or changed registry entries, which helps map the malware’s activity and persistence. Other options don’t fit this specific purpose. Host integrity monitoring is ongoing, continuous monitoring for changes rather than a one-time initial snapshot. Netstat shows current network connections, not a comprehensive snapshot of the system state. Strings scans binaries for readable text, which is unrelated to recording the system’s baseline.

Baselining is the practice of capturing a reference snapshot of a system’s state at a known point in time, usually at the start of malware analysis. This initial capture includes running processes, open network connections, startup items, loaded modules, registry keys, file hashes, and other indicators of normal operation. Having this baseline makes it possible to compare future data and quickly spot deviations caused by malware, such as new processes, unfamiliar connections, altered files, or changed registry entries, which helps map the malware’s activity and persistence.

Other options don’t fit this specific purpose. Host integrity monitoring is ongoing, continuous monitoring for changes rather than a one-time initial snapshot. Netstat shows current network connections, not a comprehensive snapshot of the system state. Strings scans binaries for readable text, which is unrelated to recording the system’s baseline.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy