Question
Which of the following malware detection methods establishes a baseline for a system and then alerts the user if any suspicious changes occur? (This method cannot distinguish if a change is from malware, a system failure, or another cause.)
answer
Interception
YARA rule writing
Integrity checking
Code emulation
answer
Interception
YARA rule writing
Integrity checking
Code emulation
Answers
Answered by
GPT-4o mini
The correct answer is **Integrity checking**.
Integrity checking involves establishing a baseline of the system's state (such as file hashes or configurations) and then monitoring for any changes. It alerts the user if any discrepancies are detected, but it does not distinguish whether the changes are caused by malware, system failures, or other legitimate changes.
Integrity checking involves establishing a baseline of the system's state (such as file hashes or configurations) and then monitoring for any changes. It alerts the user if any discrepancies are detected, but it does not distinguish whether the changes are caused by malware, system failures, or other legitimate changes.