Security Operation Analysis > Chapter 5 Questions > Flashcards

Chapter 5 Questions Flashcards

(21 cards)

Study These Flashcards
1
Q

What is static analysis?

A. Running malware
B. Analysing without execution
C. Deleting malware
D. Encrypting malware

A

Answer: B

Explanation:
Static analysis involves examining malware without running it. This includes checking file properties, strings, and headers. It is safe but can be limited because malware may hide its behaviour using obfuscation or packing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Why is dynamic analysis useful?

A. It deletes malware
B. It runs malware safely
C. It encrypts malware
D. It blocks attacks

A

Answer: B

Explanation:
Dynamic analysis involves executing malware in a controlled environment such as a virtual machine or sandbox. This allows analysts to observe real behaviour, such as network activity or file changes, which may not be visible in static analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is malware?

A. Safe software
B. Malicious software
C. Firewall
D. IDS

A

Answer: B

Explanation:
Malware refers to any software designed to harm systems, such as viruses, worms, trojans, and spyware. It can steal data, damage systems, or give attackers control. It is a key component in many cyberattacks and often delivered via exploits.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is static analysis?

A. Running malware
B. Analysing without execution
C. Deleting malware
D. Encrypting malware

A

Answer: B

Explanation:
Static analysis examines malware without running it, using techniques like string analysis and inspecting file headers (e.g., PE files). It is safe but may not reveal full behaviour, especially if the malware is obfuscated or packed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is dynamic analysis?

A. No execution
B. Running malware in controlled environment
C. Encrypting malware
D. Deleting logs

A

Answer: B

Explanation:
Dynamic analysis involves executing malware in a safe environment such as a sandbox or virtual machine. This allows analysts to observe real behaviour, including network activity and file changes, which static analysis may miss.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is obfuscation?

A. Encrypt network traffic
B. Make code unreadable
C. Delete logs
D. Analyse logs

A

Answer: B

Explanation:
Obfuscation is a technique used by attackers to make malware code difficult to understand. It transforms readable code into a complex format, making static analysis harder and delaying detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is packing?

A. Compressing malware to hide content
B. Encrypting network traffic
C. Deleting logs
D. Blocking attacks

A

Answer: A

Explanation:
Packing compresses or encrypts malware to hide its contents. When executed, it unpacks itself in memory. This helps evade detection and makes static analysis more difficult.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is a sandbox?

A. Firewall
B. Isolated environment for safe execution
C. SIEM
D. IDS

A

Answer: B

Explanation:
A sandbox is an isolated environment, often using virtual machines, where malware can be safely executed. It allows analysts to study behaviour without risking real systems.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is sandbox evasion?

A. Blocking malware
B. Techniques to avoid detection in sandbox
C. Encrypting data
D. Deleting logs

A

Answer: B

Explanation:
Sandbox evasion techniques allow malware to detect when it is being analysed and avoid executing malicious behaviour. This prevents analysts from observing its real actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Why do sandboxes use virtual machines?

A. Faster performance
B. Ability to reset using snapshots
C. Encrypt data
D. Block malware

A

Answer: B

Explanation:
Virtual machines allow analysts to take snapshots and revert to a clean state after running malware. This makes repeated testing safe and efficient without affecting the host system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Example of sandbox evasion?

A. Fast execution
B. Long sleep delay
C. Logging activity
D. Backup

A

Answer: B

Explanation:
Malware may delay execution using long sleep calls because sandboxes often run for a limited time. If the malware waits long enough, it avoids detection.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

User activity detection means:

A. Logging activity
B. Waiting for user input before executing
C. Encrypting data
D. Backup

A

Answer: B

Explanation:
Some malware waits for user interaction (e.g., mouse movement) before executing. Since sandboxes usually have no user activity, this helps malware avoid detection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why do malware detect VMs?

A. Improve speed
B. Avoid analysis
C. Encrypt data
D. Delete logs

A

Answer: B

Explanation:
Malware checks for VM artefacts (e.g., drivers, system behaviour) to determine if it is in a sandbox. If detected, it may stop execution to avoid analysis.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Static analysis limitation?

A. Slow
B. Cannot bypass obfuscation easily
C. Expensive
D. Complex

A

Answer: B

Explanation:
Static analysis struggles when malware is obfuscated or packed because the code is hidden or unreadable. This limits its effectiveness without additional techniques.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Why must malware execute?

A. To hide
B. To achieve its goal
C. To encrypt
D. To log

A

Answer: B

Explanation:
Malware must run to perform actions like stealing data or spreading. This is why dynamic analysis is effective — it forces malware to reveal itself.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is a PE file?

A. Network protocol
B. Executable file format
C. Firewall rule
D. Log

Study These Flashcards
A

Answer: B

Explanation:
Portable Executable (PE) is a file format used for executables in Windows. Static analysis often involves examining PE headers for useful information.

17
Q

Which is static analysis activity?

A. Running malware
B. Checking strings
C. Monitoring traffic
D. Executing code

Study These Flashcards
A

Answer: B

Explanation:
String analysis involves examining readable text within a file, which can reveal URLs, commands, or suspicious behaviour without executing the malware.

18
Q

Which is dynamic analysis activity?

A. Checking headers
B. Running malware in VM
C. Viewing code
D. Reading logs

19
Q

Why use sandbox snapshots?

A. Encrypt data
B. Restore clean state
C. Delete malware
D. Monitor logs

20
Q

Malware categories include:

A. Firewall
B. Virus, worm, trojan
C. SIEM
D. IDS

21
Q

Rootkits are:

A. Safe tools
B. Malware hiding deep access
C. Firewall
D. SIEM

Study These Flashcards
A

Answer: B

A rootkit is a type of malware designed to provide an attacker with hidden, persistent, high‑privilege access to a system. It works by modifying low‑level components such as the kernel, bootloader, or system libraries to conceal malicious activity. Rootkits are difficult to detect because they hide processes, files, and network traffic from security tools. They are often used to maintain long‑term control of a compromised device.

Security Operation Analysis
flashcards
Decks in class (15)
# Cards
Brainscape helps you reach your goals faster, through stronger study habits.
© 2026 Bold Learning Solutions. Terms and Conditions