GIAC Reverse Engineering Malware (GREM) Free Practice Test

Question 1

Which static analysis techniques are commonly used to investigate malware? (Choose two)

A. Disassembling the binary to view low-level instructions

B. Analyzing file execution in a sandbox environment

C. Viewing imported functions and libraries

D. Capturing network traffic

Correct Answer: A,C

Question 2

Why is it important to identify and understand conditional branches when analyzing assembly code?

A. They are used to mark the end of loops.

B. They highlight data transfer operations within the program.

C. They indicate the entry point of the program.

D. They determine the flow of execution based on certain conditions.

Correct Answer: D

Question 3

Which are common methods for analyzing malicious software? (Choose Two)

A. Code signing

B. Dynamic analysis

C. Syntax highlighting

D. Reverse engineering

Correct Answer: B,D

Question 4

Which tool is commonly used to extract metadata from a suspected malware file without executing it?

A. IDA Pro

B. Strings

C. OllyDbg

D. PEiD

Correct Answer: B

Question 5

Which of the following techniques can be used to defeat code obfuscation in malware?

A. Disassembling the obfuscated binary in IDA Pro

B. Deobfuscating strings during runtime

C. Using encryption to hide the payload

D. Analyzing encrypted traffic

Correct Answer: B

Question 6

Which of the following is a sign that a malware sample is packed?

A. The sample immediately executes its main payload.

B. The binary size is unusually small.

C. The sample generates extensive network traffic upon execution.

D. The binary contains large amounts of unreadable content in its PE sections.

Correct Answer: D

Question 7

Analyzing the decompressed content of an RTF file is essential for what reason?

A. To understand the document's formatting hierarchy

B. To detect hidden or obfuscated malicious payloads

C. To verify the integrity of embedded images

D. To identify any embedded scripts or macros

Correct Answer: B

Question 8

When analyzing a malware sample, why is it important to examine the strings contained within the binary?

A. To determine the encryption algorithm used by the malware

B. To enhance the readability of the binary

C. To find clues about the malware's functionality and intent

D. To identify potential user interaction elements

Correct Answer: C

Question 9

A PE file's .rsrc section contains an embedded executable. What is the MOST common malware characteristic?

A. Self-extracting stub

B. Persistence

C. C2 hardcoding

D. Heap spraying

Correct Answer: A

Welcome to TestSimulate

GIAC Reverse Engineering Malware (GREM) Free Practice Test