nerdexam
ExamsCAS-002Questions#653
CompTIA

CAS-002 · Question #653

CAS-002 Question #653: Real Exam Question with Answer & Explanation

The correct answer is B: Use a protocol analyzer to reverse engineer the transaction system's protocol.. To reproduce a network-based card value manipulation attack, the administrator must first capture and reverse engineer the proprietary protocol the transaction terminals use.

Question

A University uses a card transaction system that allows students to purchase goods using their student ID. Students can put money on their ID at terminals throughout the campus. The security administrator was notified that computer science students have been using the network to illegally put money on their cards. The administrator would like to attempt to reproduce what the students are doing. Which of the following is the BEST course of action?

Options

  • ANotify the transaction system vendor of the security vulnerability that was discovered.
  • BUse a protocol analyzer to reverse engineer the transaction system's protocol.
  • CContact the computer science students and threaten disciplinary action if they continue their
  • DInstall a NIDS in front of all the transaction system terminals.

Explanation

To reproduce a network-based card value manipulation attack, the administrator must first capture and reverse engineer the proprietary protocol the transaction terminals use.

Common mistakes.

  • A. Notifying the vendor is a remediation step, not a method for reproducing or understanding the attack mechanism.
  • C. Threatening students with disciplinary action does not provide any technical insight into how the attack works or allow the administrator to reproduce it.
  • D. Installing a NIDS monitors future network traffic for known signatures but does not help the administrator understand or reproduce the specific technique already used.

Concept tested. Protocol analysis for attack reproduction and vulnerability investigation

Reference. https://www.wireshark.org/docs/wsug_html_chunked/ChapterIntroduction.html

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice