Which of the following should the analyst use to confirm this suspicion?

8 thoughts on “Which of the following should the analyst use to confirm this suspicion?”

1. it is Easy
   contain a zero-day exploit and backdoor = ( SAND BOX)

   1

   Reply

2. new questions
   https://vceguide.com/comptia/cas-003-comptia-advanced-security-practitioner-casp-v2/

   Reply

3. Question: How to confirm that the file contains a zero-day exploit and backdoor?
   Answer e) Sandboxing
   a) Incorrect. Filesize does not guarantee the origin of the file.
   b) incorrect. If the file has been manipulated, it won’t be signed, true. All patch executables are signed (For this reason. You should never install unsigned patches) however this does not tell you whether the file contains a zero-day exploit and back door, which is what the question asks.
   c) incorrect You can check whether the file matches the one on the download site, however it does not give you the content of the file.
   d) incorrect. Whilst a good idea, it will not pick up a zero-day exploit (As per the definition of zero-day)
   e) Correct. Your task is to identify if the file contains a zero-day exploit and back door. Sandboxing allows you to trigger the file (and this any exploits) in a safe environment and identify any malicious behaviour.

   1

   Reply

   1. Good morning Sandman!

      I do appreciate for your help. I would like to have all questions with answers (CAS-003) from you. If you please help that would be really appreciated.

      Thank you,
      Khondoker. ([email protected])

      Reply

      1. Same here please, have been struggling with this exam. Took it once only to find that the dumps were horribly wrong. (k i r i a n n a 2 1 @ h o t m a i l . c o m)

         Reply

      2. i’ve emailed you

         Reply

      3. i’ve emailed you

         Reply

         1. can you help me

            1

            Reply