CompTIA
CAS-003 · Question #361
CAS-003 Question #361: Real Exam Question with Answer & Explanation
The correct answer is A: Malicious actors intercepting inbound and outbound communication to determine the scope of the. Despite layered controls, adversaries can still intercept communications and use traffic analysis to infer mission scope and operational patterns even without decrypting content.
Question
The government is concerned with remote military missions being negatively being impacted by the use of technology that may fail to protect operational security. To remediate this concern, a number of solutions have been implemented, including the following: End-to-end encryption of all inbound and outbound communication, including personal email and chat sessions that allow soldiers to securely communicate with families. Layer 7 inspection and TCP/UDP port restriction, including firewall rules to only allow TCP port 80 and 443 and approved applications A host-based whitelist of approved websites and applications that only allow mission-related tools and sites The use of satellite communication to include multiple proxy servers to scramble the source IP address Which of the following is of MOST concern in this scenario?
Options
- AMalicious actors intercepting inbound and outbound communication to determine the scope of the
- BFamily members posting geotagged images on social media that were received via email from
- CThe effect of communication latency that may negatively impact real-time communication with
- DThe use of centrally managed military network and computers by soldiers when communicating
Explanation
Despite layered controls, adversaries can still intercept communications and use traffic analysis to infer mission scope and operational patterns even without decrypting content.
Common mistakes.
- B. Family members posting geotagged images occurs outside the controlled military network perimeter and represents a secondary OPSEC risk that does not directly compromise the secured communication channel or expose real-time mission activity.
- C. Communication latency caused by satellite links and proxy servers is an operational performance concern, not a security or OPSEC threat, and does not create a path for information compromise.
- D. Centrally managed military networks and computers are a security control that increases visibility, enforces policy, and reduces risk rather than introducing a new vulnerability or concern.
Concept tested. Traffic analysis and OPSEC risk against encrypted military communications
Reference. https://csrc.nist.gov/publications/detail/sp/800-77/rev-1/final
Community Discussion
No community discussion yet for this question.