A security analyst receives a suspicious executable from an external partner for review. Company policy states the file must be opened in an environment that prevents any changes to production systems and can be discarded after testing. Which virtual machine use case BEST satisfies this requirement?
Deploy the executable inside a Docker container on the analyst's workstation.
Open the file in the company's VDI pool so it runs on a remote desktop session.
Create a temporary sandbox VM with no network access and delete it after testing.
Install a Type 1 hypervisor on the analyst's PC and run the file on the host OS.
Running the file inside a sandboxed virtual machine is the best choice because the VM is isolated from the host and other network resources. If the executable is malicious, its activity is confined to the sandbox, and the analyst can simply delete the VM or revert to a clean snapshot afterward. A VDI session, containers, or installing a Type 1 hypervisor do not inherently provide the same disposable, highly isolated test space needed for analyzing potentially harmful code.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is a sandbox VM?
Open an interactive chat with Bash
Why is network access restricted in a sandbox VM?
Open an interactive chat with Bash
What is the difference between a Type 1 and Type 2 hypervisor?