Which description of a retrospective maKvare detection is true?
A. You use Wireshark to identify the malware source.
B. You use historical information from one or more sources to identify the affected host or file.
C. You use information from a network analyzer to identify the malware source.
D. You use Wireshark to identify the affected host or file.
B – Key word is retrospective which means looking back, i.e. historical as per Ray
B. You use historical information from one or more sources to identify the affected host or file.
is the correct answer, Look at the definition of retrospective = from history
i think the answer is D
Don’t think, look into the book or google or NIST docs
Agree with Ray! Can’t just guess at answers….. need to understand the questions fully as well as all the possible answers! When you get to that point, some answers don’t even make sense.