Exam CISSP topic 1 question 186 discussion

D. Disassemble the file to gather information about the executable file's function. Static analysis involves examining the code and structure of an executable file without actually executing it. This process can help uncover potential security vulnerabilities, malware, or other issues by disassembling the file and examining its code and behavior without running it.

Static analysis is a technique used to examine an executable file without executing it. The goal is to understand how the file functions and what it does by analyzing its code and structure. Disassembling the file is a common static analysis technique that involves converting the executable code into assembly code to allow for easier analysis of the file's functions and operations. Therefore, option D is the correct answer.

There are multiple places in the CISSP Official Study Guide where static analysis is discussed/defined, but pg 1114 sums it up - "Static analysis performs assessment of the code itself, analyzing the sequence of instructions for security flaws."

B is static analysis. D is static code analysis. 1. Static analysis: This is the process of analyzing a binary without executing it. It is easiest to perform and allows you to extract the metadata associated with the suspect binary. Static analysis might not reveal all the required information, but it can sometimes provide interesting information that helps in determining where to focus your subsequent analysis efforts. Static Analysis, covers the tools and techniques to extract useful information from the malware binary using static analysis. 2. Dynamic analysis (Behavioral Analysis): 3. Code analysis: Static code analysis involves disassembling the suspect binary and looking at the code to understand the program's behavior, whereas Dynamic code analysis involves debugging the suspect binary in a controlled manner to understand its functionality. Code analysis requires an understanding of the programming language and operating system concepts. 4. Memory analysis (Memory forensics): https://subscription.packtpub.com/book/networking-&-servers/9781788392501/1/ch01lvl1sec13/4-types-of-malware-analysis

Static analysis is intended to disassemble the file and gather information about the executable file's function. It involves analyzing the code of the file without actually executing it, in order to identify potential vulnerabilities or security risks. This can include analyzing the code to identify the functions it performs, the variables it uses, and the algorithms it employs, as well as searching for known vulnerabilities or malicious code. Static analysis is an important tool for ensuring the security and reliability of software, as it allows developers to identify and fix potential issues before the software is released.

D for sure

B. Static Analysis is the automated analysis of source code without executing the application. And here's examples on how to analyze binary files in Linux, it's all about libraries. https://opensource.com/article/20/4/linux-binary-analysis

D is the right answer

https://infosecwriteups.com/malware-analysis-101-basic-static-analysis-db59119bc00a

Static analysis consists of examining the executable file without viewing the actual instructions. It is used to confirm, at least get an idea whether the file being inspected is malicious or not. We do this by figuring out the functions and libraries that are being called by the executable.