Add to collection(s) Add to saved
  1. No category
Uploaded by Katy Morgan

GIAC GREM Certification: Exam Details, Syllabus and Questions

advertisement 
GIAC GREM Certification:
Exam Details, Syllabus
and Questions
GIAC GREM Exam Guide
www.EduSum.com
Get complete detail on GREM exam guide to crack GIAC Reverse Engineering
Malware. You can collect all information on GREM tutorial, practice test, books,
study material, exam squestions, and syllabus. Firm your knowledge on GIAC
Reverse Engineering Malware and get ready to crack GREM certification.
Explore all information on GREM exam with number of questions, passing
percentage and time duration to complete test.
WWW.EDUSUM.COM
PDF
Introduction to GREM GIAC Reverse Engineering
Malware Exam
The GIAC GREM Exam is challenging and thorough preparation is essential for
success. This exam study guide is designed to help you prepare for the GIAC Reverse
Engineering Malware certification exam. It contains a detailed list of the topics covered
on the Professional exam, as well as a detailed list of preparation resources. This study
guide for the GIAC GREM will help guide you through the study process for your
certification.
GIAC Reverse Engineering Malware
1
WWW.EDUSUM.COM
PDF
GREM GIAC Reverse Engineering Malware Exam Summary
●
●
●
●
●
●
●
Exam Name: GIAC Reverse Engineering Malware
Exam Code: GREM
Exam Price: $979 (USD)
Duration: 180 mins
Number of Questions: 75
Passing Score: 73%
Reference Books: FOR610: Reverse-Engineering Malware: Malware
Analysis Tools and Techniques
● Schedule Exam: GIAC
● Sample Questions: GIAC GREM Sample Questions
● Recommended Practice: GIAC GREM Certification Practice Exam
Exam Syllabus: GREM GIAC Reverse Engineering Malware
Topic
Details
- The candidate will be able to analyze macros and scripts
Analyzing Malicious
embedded in suspicious Microsoft Office files to understand
Office Macros
their capabilities.
- The candidate will be able to analyze suspicious PDFs and
Analyzing Malicious
embedded scripts to understand the nature of the threat they
PDFs
might pose.
Analyzing Malicious
- The candidate will be able to analyze suspicious RTF files and
RTF Files
embedded shellcode to understand their capabilities.
- The candidate will be able to identify packed Windows
Analyzing Obfuscated
executables and obfuscated malicious JavaScript and unpack it
Malware
to gain visibility of it's key capabilities.
- The candidate will be able analyze static properties of a
Behavioral Analysis
suspected malware sample, develop theories regarding its
Fundamentals
nature, and determine subsequent analysis steps.
- The candidate will be able to identify common API calls used
by malware and understand what capabilities the APIs offer to
Common Malware
the malware samples. The candidate will be able to identify
Patterns
common techniques used by malware including code injection,
hooking, and process hollowing techniques.
- The candidate will apply dynamic analysis techniques to
Core Reverse
examine a malware sample in a debugger and will apply static
Engineering Concepts analysis techniques to interpret common assembly instructions
and patterns in Windows malware using a disassembler.
Examining .NET
- The candidate will be able to analyze .NET programs to
Malware
understand their capabilities.
Identifying and
- The candidate will be able to identify and bypass common
GIAC Reverse Engineering Malware
2
WWW.EDUSUM.COM
PDF
Topic
Bypassing AntiAnalysis Techniques
Details
debugger detection and data protection measures used in
malware, including the detection of security tools.
- The candidate will be able to describe key methods for
Malware Analysis
analyzing malicious software and identify the needs of malware
Fundamentals
analysis lab.
- The candidate will be able to analyze common execution flow
Malware Flow Control
control mechanisms, such as loops and conditional statements,
and Structures
in assembly language.
Overcoming
- The candidate will be able to overcome misdirecting execution
Misdirection
workflow as an anti-analysis technique used in malware.
Techniques
- The candidate will be able to analyze malware functions in
Reversing Functions in
assembly language to understand use of parameters, return
Assembly
values and other structural elements.
- The candidate will be able analyze static properties of a
Static Analysis
suspected malware sample, develop theories regarding its
Fundamentals
nature, and determine subsequent analysis steps.
Unpacking and
- The candidate will demonstrate process for unpacking
Debugging Packed
malware using a debugger and repairing unpacked malware for
Malware
further analysis.
GIAC GREM Certification Sample Questions and Answers
To make you familiar with GIAC Reverse Engineering Malware (GREM) certification
exam structure, we have prepared this sample question set. We suggest you to try our
Sample Questions for GIAC GREM Certification to test your understanding of the GIAC
GREM process with a real GIAC certification exam environment.
GREM GIAC Reverse Engineering Malware Sample Questions:01. When analyzing malicious software, what is an indicator of anti-emulation
techniques being used?
a) The malware performs redundant calculations.
b) The malware checks for the presence of a mouse or user interaction.
c) The malware avoids using system calls.
d) The malware exclusively targets 32-bit systems.
02. Which approach can help in bypassing malware that employs timing checks
to detect analysis tools?
a) Modifying the system clock
GIAC Reverse Engineering Malware
3
WWW.EDUSUM.COM
PDF
b) Patching the malware binary to remove the checks
c) Using network traffic generators
d) Increasing the priority of the malware process
03. Why is it important to analyze the control words within an RTF document
when investigating for malicious content?
a) To verify the document's compatibility with different viewers
b) To understand the document's layout structure
c) To identify custom styles applied to the document
d) To detect hidden instructions or shellcode
04. Analyzing the decompressed content of an RTF file is essential for what
reason?
a) To identify any embedded scripts or macros
b) To understand the document's formatting hierarchy
c) To detect hidden or obfuscated malicious payloads
d) To verify the integrity of embedded images
05. In malware analysis, what is the purpose of comparing the hash of a
suspicious file to known malware databases?
a) To identify the file's original author
b) To determine the exact changes made to the system by the malware
c) To potentially identify the malware and its known behaviors
d) To understand the network behavior of the malware
06. Why might malware use indirect jumps and calls as part of its execution flow?
a) To make decompilation and debugging more difficult by obscuring the control flow
b) To enhance the readability of the code for maintenance purposes
c) To reduce the overall size of the compiled binary
d) To improve the efficiency of execution on multi-core processors
07. When analyzing a function in assembly language, how can you identify the
function's parameters?
a) By locating values pushed onto the stack immediately before a call instruction
b) By identifying the first arithmetic instructions in the function
c) By counting the number of RET instructions
d) By looking for direct register assignments at the start of the function
08. How can an analyst use the entropy value of a file during malware analysis?
a) To measure the file's compression ratio
GIAC Reverse Engineering Malware
4
WWW.EDUSUM.COM
PDF
b) To determine the complexity and randomness within the file, indicating potential
obfuscation or encryption
c) To calculate the file's execution time
d) To identify the programming language used to create the file
09. Which of the following is a potential indicator that an Office macro is
attempting to download additional payloads?
a) Modification of document metadata.
b) Execution of complex mathematical calculations.
c) Interaction with a local database.
d) Use of system networking commands.
10. What aspects should be analyzed to determine if a macro in an Office file is
self-replicating?
(Choose Two)
a) The macro's ability to copy itself to other documents.
b) The presence of code that modifies the startup folder.
c) The macro's interaction with the Office clipboard.
d) Code snippets that duplicate the macro within the same document.
Answers:Answer 01:- b
Answer 02:- b
Answer 03:- d
Answer 04:- c
Answer 05:- c
Answer 06:- a
Answer 07:- a
Answer 08:- b
Answer 09:- d
Answer 10:- a, d
GIAC Reverse Engineering Malware
5
Related documents
Security Researcher
Security Researcher
ASSIGNMENT
ASSIGNMENT
Malicious Software A Technical B Breakdown
Malicious Software A Technical B Breakdown
Blue Yellow Round and Friendly Technology Comparison infographic
Blue Yellow Round and Friendly Technology Comparison infographic
alert analysis using NIST framework
alert analysis using NIST framework
Download
advertisement