exam questions

Exam 312-50v11 All Questions

View all questions & answers for the 312-50v11 exam

Exam 312-50v11 topic 1 question 185 discussion

Actual exam question from ECCouncil's 312-50v11
Question #: 185
Topic #: 1
[All 312-50v11 Questions]

A friend of yours tells you that he downloaded and executed a file that was sent to him by a coworker. Since the file did nothing when executed, he asks you for help because he suspects that he may have installed a trojan on his computer.
What tests would you perform to determine whether his computer is infected?

  • A. Upload the file to VirusTotal.
  • B. You do not check; rather, you immediately restore a previous snapshot of the operating system.
  • C. Use ExifTool and check for malicious content.
  • D. Use netstat and check for outgoing connections to strange IP addresses or domains.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
mil1989
Highly Voted 1 year, 10 months ago
The correct option is A - Upload to a Virus total, because you don't know the strange IPs in advance, you need to gather IoCs from Virus total to look for it in 'netstat'
upvoted 19 times
...
yaboyb
Highly Voted 2 years ago
The question asks how we would determine if his PC is infected. It does not ask how we'll determine if the file is corrupt or malicious. The only PC tests of these options is D.
upvoted 14 times
...
Rocko1
Most Recent 1 week, 5 days ago
Selected Answer: A
This is one of the EC-Council recommended way of checking if file is infected.
upvoted 1 times
...
victorfs
1 month, 2 weeks ago
Selected Answer: D
Really, te correcto option is D
upvoted 1 times
...
victorfs
1 month, 2 weeks ago
Selected Answer: A
The correcto option is A! You need identify the virus type, signature, name, etc
upvoted 1 times
victorfs
1 month, 2 weeks ago
No, sorry. The correct option is D
upvoted 1 times
...
...
White_T_10
1 month, 2 weeks ago
What tests would you perform to determine whether his computer is infected? This can be checked by the netstat command and not the virus total.
upvoted 1 times
...
NunoF4
3 months, 1 week ago
The answer is A VirusTotal is an Alphabet product that analyzes suspicious files, URLs, domains and IP addresses to detect malware and other types of threats, and automatically shares them with the security community. To view VirusTotal reports, you'll be submitting file attachment hashes, IP addresses, or domains to VirusTotal.
upvoted 2 times
...
Shin_Frankie
4 months, 2 weeks ago
Selected Answer: A
D cannot identify the connection make by virus
upvoted 1 times
...
cristina22
5 months ago
Selected Answer: A
Static Malware Analysis: Local and Online Malware Scanning You can also upload the code to online websites such as VirusTotal to get it scanned by a wide-variety of different scan engines (p. 982)
upvoted 3 times
...
Charpaz0
5 months, 3 weeks ago
Selected Answer: A
i guest that the malware can be designed to hide its communication from tools
upvoted 1 times
...
josevirtual
5 months, 3 weeks ago
Selected Answer: D
Hard to say for me. It's true that the malware could be idle, but it is also true that VirusTotal could not know this malware. The ideal answer would be to detonate the malware in an isolated environment, but for this case, to know if the computer is infected, I go with D.
upvoted 1 times
...
boog
6 months, 2 weeks ago
A. You are wasting time unless you know precisely what this malware's communication looks like, if it is communicating at all. It may also be designed to hide its communication from tools like netstat.
upvoted 2 times
...
Daniel8660
8 months, 1 week ago
Selected Answer: D
Dynamic Malware Analysis: Port Monitoring Malware programs open system input/output ports to establish connections with remote systems, networks, or servers to accomplish various malicious tasks. Use port monitoring tools such as netstat, and TCPView to scan for suspicious ports and look for any connection established to unknown or suspicious IP addresses. # netstat -an (P.1014/998)
upvoted 2 times
...
baybay
8 months, 1 week ago
A. Virustotal
upvoted 1 times
...
Ligeti15
11 months ago
Both A and D are valid, BUT -IMHO- a Trojan doesn't always mean backdoor/reverse-shell, maybe his friend created a user or installed a keylogger. Think of ransomware, once the "downloader" is done there is no need to communicate, so netstat will give you nothing (because it is a snapshot in time), also, think of rootkit, maybe the malware replaced netstat... and so on. Your thoughts? In real life, you have to do more than this, but in any case, you should use external tools instead of the system tools, so I think A is the best choice here.
upvoted 12 times
TroyMcLure
9 months, 2 weeks ago
The best explanation so far. I totally agree! Correct Answer: A
upvoted 1 times
...
baybay
8 months, 1 week ago
I agree with this explanation.
upvoted 1 times
...
...
DuncanTu
1 year, 2 months ago
Selected Answer: A
Shoud be A, because the infection symptoms may not direction relation to the network status , for example maybe this is a bmob.
upvoted 1 times
...
pawel_ceh
1 year, 3 months ago
Selected Answer: A
Easiest things first, so VirusTotal seems to be the easiest thing.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago