GREM Static & Dynamic Code Analysis

Question 1

What is static code analysis?

Accepted Answer

Examining the code without executing it

Answer

Running the program and monitoring results.

Answer

Compiling the code.

Answer

Creating documentation for the code.

Question 2

What is the primary benefit of dynamic code analysis?

Accepted Answer

It provides runtime behavior insights

Answer

It helps with documentation.

Answer

It speeds up compilation.

Answer

It checks code styling only.

Question 3

Which tool is typically used for static analysis?

Accepted Answer

IDA Pro

Answer

Wireshark.

Answer

Metasploit.

Answer

Burp Suite.

Question 4

Which scenario is best suited for dynamic analysis?

Accepted Answer

When analyzing runtime behavior

Answer

When verifying license agreement terms.

Answer

When generating code comments.

Answer

When scanning documentation.

Question 5

Why might analysts use both static and dynamic analysis?

Accepted Answer

To understand both code logic and runtime behavior

Answer

To speed up scanning time.

Answer

To enhance user interface.

Answer

To automate unit testing.

Question 6

Which dynamic analysis tool allows you to monitor program behavior in a sandbox?

Accepted Answer

Cuckoo Sandbox

Answer

Ghidra.

Answer

GitHub.

Answer

Visual Studio.

Question 7

How can obfuscation affect code analysis?

Accepted Answer

It hides the true intent of the code

Answer

It speeds up analysis.

Answer

It simplifies code readability.

Answer

It makes analysis easier.

Question 8

What is an indicator of compromise (IOC) revealed by code analysis?

Accepted Answer

A file hash of a known malware

Answer

Marketing material.

Answer

Memory address used for debugging.

Answer

Code annotations.

Question 9

Which of the following best describes dynamic taint analysis?

Accepted Answer

It tracks untrusted data through a program

Answer

It encrypts data before execution.

Answer

It generates user manuals.

Answer

It archives execution logs.