An organization finds a suspicious application on a server that might transmit data to unknown destinations. The team wants to observe the application's true capabilities under real execution conditions, but they need a safe way to monitor its actions. Which approach is most likely to reveal the application's runtime behavior while reducing disruption to the enterprise environment?
Turn off system security features and run the program to log unrestricted behavior
Use a review tool that examines the program's code structure for suspicious export functions
Launch the program in a dedicated environment and monitor system and network interactions
Start the program on a production server to gather event data from live logs
Running suspicious programs in a sandboxed or isolated test environment allows safe observation of their behavior, including network activity, file changes, and memory usage. This dynamic analysis approach protects production systems while exposing threats missed by static reviews. Other options, such as code inspection or running the program live on production, either miss runtime behavior or pose significant security risks.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a sandboxed environment?
Open an interactive chat with Bash
How does dynamic analysis differ from static analysis?
Open an interactive chat with Bash
What are examples of suspicious behaviors to monitor in a sandbox environment?