Latest GIAC GREM Actual Free Exam Questions & Community Discussion, Page 6

Exam Code/Number: GREM
Exam Name/Title: GIAC Reverse Engineering Malware
Certification Provider: GIAC
Corresponding Certification: GIAC Information Security

Exam Questions: 195
Updated On: Jun 03, 2026

Page: 6 / 15
Total 195 questions

What does the presence of DllImport attribute indicate in a .NET assembly? (Choose Two)

A. Direct invocation of unmanaged code

B. Interoperability with Windows API functions

C. An attempt to perform network communication

D. Automatic garbage collection

Discussion 0

Correct Answer: A,B Vote an answer

What is the primary purpose of using a disassembler in reverse engineering malware?

A. To translate machine code into human-readable assembly code

B. To observe runtime behavior of the malware

C. To decrypt encoded strings

D. To modify the malware's behavior

Discussion 0

Correct Answer: A Vote an answer

When analyzing a PDF file for malicious content, why is it important to examine the file's metadata?

A. To check the file size for comparison with standard documents

B. To identify the original author of the document

C. To find out the number of pages in the PDF

D. To determine the software used to create the PDF

Discussion 0

Correct Answer: C Vote an answer

Why is it important to analyze unpacked versions of malware?

A. To reduce the size of the malware sample

B. To improve the performance of antivirus software

C. To understand the core functionality and intent of the malware

D. To identify the compiler used to build the malware

Discussion 0

Correct Answer: C Vote an answer

Which of the following is the MOST reliable indicator that the payload is unpacked?

A. New thread is created

B. Strings become readable

C. API calls are resolved

D. Full PE header appears in memory

Discussion 0

Correct Answer: D Vote an answer

Which API calls are commonly used by malware to manipulate processes and inject code?
(Choose two)

A. SendMessage()

B. VirtualAllocEx()

C. WriteProcessMemory()

D. NtQueryInformationFile()

Discussion 0

Correct Answer: B,C Vote an answer

What is the primary purpose of analyzing loops in a malware sample?

A. To understand the conditions for the malware's persistence or termination

B. To determine the payload's execution frequency

C. To detect the presence of cryptographic routines

D. To quantify the malware's size

Discussion 0

Correct Answer: A Vote an answer

Which of the following methods can be used to analyze a suspicious PDF document? (Choose Two)

A. Dynamic analysis through network traffic monitoring

B. Inspecting the document in a text editor without specific PDF analysis tools

C. Running the PDF in a sandbox environment

D. Static analysis using PDF parsers

Discussion 0

Correct Answer: C,D Vote an answer

Which tool is most commonly used to analyze JavaScript embedded within a malicious PDF?

A. PEiD

B. Wireshark

C. PDFiD

D. Oletools

Discussion 0

Correct Answer: C Vote an answer

Which technique can be utilized to hide malicious macro code within an Office document?

A. Embedding the macro within a non-macro document section.

B. Using excessive whitespace in the macro code.

C. Encrypting the macro with a password.

D. Storing the macro in the document header.

Discussion 0

Correct Answer: B Vote an answer

Which methods are commonly used by malware authors to obfuscate their code? (Choose two)

A. Disabling logging functions

B. Packing the executable

C. Code encryption

D. Hardcoding URLs in plaintext

Discussion 0

Correct Answer: B,C Vote an answer

What is the primary advantage of .NET malware for attackers?

A. It can be easily decompiled and modified.

B. It can easily run on both Windows and Linux.

C. It leverages a large set of managed libraries in the .NET Framework.

D. It can evade network-based detection tools.

Discussion 0

Correct Answer: C Vote an answer

Which of the following techniques can be used to defeat code obfuscation in malware?

A. Analyzing encrypted traffic

B. Disassembling the obfuscated binary in IDA Pro

C. Using encryption to hide the payload

D. Deobfuscating strings during runtime

Discussion 0

Correct Answer: D Vote an answer

Page: 6 / 15
Total 195 questions

Previous Page Next Page

Download Free GIAC GREM Demo

Simply submit your e-mail address below to get started with our free demo of your GIAC GREM exam.

10 Years in Business