What is the significance of analyzing the macro's trigger mechanism in a Microsoft Office document?
A. It reveals how and when the macro will execute within the document.
B. It indicates the document's compatibility with different Office versions.
C. It determines how the macro is shared across networks.
D. It identifies the interaction with external applications.
正解:A
質問 2:
IsDebuggerPresent() returns false but debugging artifacts are detected. What is the malware likely doing?
A. Anti-sandbox
B. Hollowing
C. API hashing
D. Manual debugger detection
正解:D
質問 3:
When encountering obfuscated JavaScript within a webpage, what is the initial step an analyst should take?
A. Execute the script in a browser to observe its behavior.
B. Deobfuscate the script manually line by line.
C. Use automated tools to attempt initial deobfuscation.
D. Report the script as malicious without further analysis.
正解:C
質問 4:
What aspect of an embedded object within an RTF file is crucial to analyze for determining potential malicious intent?
A. The metadata describing the creation date of the object
B. The binary data representing the object
C. The file extension of the embedded object
D. The spatial positioning of the object within the document
正解:B
質問 5:
Which dynamic observation MOST reliably confirms keylogging behavior?
A. DNS queries
B. High entropy in memory
C. Use of VirtualAlloc
D. Hooks on window message events
正解:D
840 お客様のコメント





Miyauchi -
GREM問題集だけで勉強し、先日GREM試験に合格しました。模擬試験のソフトも、GREM試験の形式とほぼ同じで非常に役に立つと思います。ありがとうございました。