CAS-003 · Question #632
CAS-003 Question #632: Real Exam Question with Answer & Explanation
The correct answer is D: Reverse engineering principles. Because the system is built entirely on custom hardware, modified open-source drivers, and a proprietary GUI (all opaque to standard scanning tools), reverse engineering yields the most actionable vulnerability intelligence that network-facing tests cannot access.
Question
Options
- APassword cracker
- BWireless network analyzer
- CFuzzing tools
- DReverse engineering principles
Explanation
Because the system is built entirely on custom hardware, modified open-source drivers, and a proprietary GUI (all opaque to standard scanning tools), reverse engineering yields the most actionable vulnerability intelligence that network-facing tests cannot access.
Common mistakes.
- A. A password cracker is ineffective because two-factor authentication is enforced for all interactive sessions, making credential guessing alone insufficient to gain access.
- B. A wireless network analyzer provides minimal value because data-in-transit is protected by strong certificate-based encryption, making captured traffic unreadable, and there is no indication the primary attack surface is wireless.
- C. Fuzzing tools probe input validation at known, stable interfaces but cannot reveal design-level flaws in custom hardware or proprietary driver logic, and per-session port randomization further limits effective fuzzing of the network interface.
Concept tested. Reverse engineering assessment of custom embedded hardware and firmware
Reference. https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-115.pdf
Community Discussion
No community discussion yet for this question.