🔥 3-day streak
CompTIA CySA+ (CS0-003)138 / 147
Question 138 of 147
A CySA+ analyst is investigating suspicious behavior on a Windows file server. The organization uses a golden-image baseline and a configuration management database (CMDB) that documents every approved service, task, and application on each host tier. During the investigation, the analyst discovers a running executable that spawns outbound TLS connections at regular intervals. The binary is signed with a valid certificate, appears in the process list, and is not flagged by the EDR agent. Which analysis technique is MOST likely to confirm whether this executable represents malicious activity?
Reviewed for accuracy · Report an issueNext question