May 15, 2021

Help me with a Multiple Choice CySA exam question please

Here is the question.

A user receives a potentially malicious email that contains spelling errors and a PDF document. A security analyst reviews the email and decides to download the attachment to a Linux sandbox for review. Which of the following commands would MOST likely indicate if the email is malicious?

A. sha256sum ~/Desktop/file.pdf 
B. file ~/Desktop/file.pdf
C. strings ~/Desktop/file.pdf | grep “<script”
D. cat < ~/Desktop/file.pdf | grep -i .exe

I’m pretty sure the answer is A but I would like to be able to provide context as to why A is correct and why the other choices are wrong. Would someone be willing to help me out here? Thanks!

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.