During malware analysis, a tester takes a system snapshot before and after running the malware and monitors ports, processes, and event logs for changes. Which security practice is this an example of?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $9.99Unlock all

Prepare for the EC-Council Certified Ethical Hacker (CEH) Certification. Master concepts with flashcards and multiple choice questions, each enriching your understanding. Ready yourself to succeed in your exam!

Multiple Choice

During malware analysis, a tester takes a system snapshot before and after running the malware and monitors ports, processes, and event logs for changes. Which security practice is this an example of?

Explanation:
Host integrity monitoring focuses on detecting deviations in a system’s state by establishing a trusted baseline and watching for changes to the host itself. Taking a snapshot before running malware creates a reference point of which processes were present, which ports were open, and what the event logs looked like. After the sample runs, monitoring for any changes to those elements helps reveal unauthorized modifications and suspicious activity typical of malware behavior. This approach targets the integrity and configuration of the individual host rather than just files or network traffic, which is why it fits best. File integrity monitoring would concentrate on changes to files (via hashes or permissions) specifically. Network intrusion detection focuses on monitoring network traffic for anomalies. Security information and event management centers on aggregating and correlating events from many sources. The described practice centers on the host’s state and its changes, which is the essence of host integrity monitoring.

Host integrity monitoring focuses on detecting deviations in a system’s state by establishing a trusted baseline and watching for changes to the host itself. Taking a snapshot before running malware creates a reference point of which processes were present, which ports were open, and what the event logs looked like. After the sample runs, monitoring for any changes to those elements helps reveal unauthorized modifications and suspicious activity typical of malware behavior. This approach targets the integrity and configuration of the individual host rather than just files or network traffic, which is why it fits best.

File integrity monitoring would concentrate on changes to files (via hashes or permissions) specifically. Network intrusion detection focuses on monitoring network traffic for anomalies. Security information and event management centers on aggregating and correlating events from many sources. The described practice centers on the host’s state and its changes, which is the essence of host integrity monitoring.

More Multiple Choice Questions
Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy