Ann, a member of the finance department at a large corporation, has submitted a suspicious email she received to the information security team. The team was not expecting an email from Ann, and it contains a PDF file inside a ZIP compressed archive. The information security learn is not sure which files were opened.
A security team member uses an air-gapped PC to open the ZIP and PDF, and it appears to be a social engineering attempt to deliver an exploit.
Which of the following would provide greater insight on the potential impact of this attempted attack?
A. Run an antivirus scan on the finance PC.
B. Use a protocol analyzer on the air-gapped PC.
C. Perform reverse engineering on the document.
D. Analyze network logs for unusual traffic.
E. Run a baseline analyzer against the user’s computer.
How to PASS CAS-004 in First Attempt?FULL Printable PDF and Software. VALID exam to help you PASS. |
 |
Reverse eng on a document is non-sense. I don’t know what the answer is, but I know that C is not. Why would you ever look at a PDF file and be like, hey, let me reverse engineer that.
a protocol analyzer is designed to view network traffic for an air gapped system 🙂
A baseline analyzer is good to find out what it did to this system but the question is about potential impact
Therefore reverse engineering is the only valid response.
I’m going with E on this one.
Everywhere I search has B as the answer, but none have an explanation. Anyone have any additional information on this one?
That is because you are looking at dumps, the answers are wrong, you need to do your own research, see my answer and explanation below
I think C too – to understand the impact of the attack you need to reverse engeer the document to understand what the exploit is capable of.
B will only tell you what protocols and traffic is being seen, not what the impact might be.
Agree with C. Other options like B and D are only related to network activities, while the malware may not even use the network (ie, delete files and make OS unusable).
C