nerdexam
ExamsCAS-003Questions#633
CompTIA

CAS-003 · Question #633

CAS-003 Question #633: Real Exam Question with Answer & Explanation

The correct answer is A: Unauthentic firmware was installed, disable OTA updates and carrier roaming via MDM.. Applications that survive a full factory wipe indicate a baseband-level firmware compromise exploited via the known zero-day, and disabling OTA updates plus carrier roaming through MDM severs the cellular attack vector until the vendor patch rolls out.

Question

An organization's mobile device inventory recently provided notification that a zero-day vulnerability was identified in the code used to control the baseband of the devices. The device manufacturer is expediting a patch, but the rollout will take several months. Additionally several mobile users recently returned from an overseas trip and report their phones now contain unknown applications, slowing device performance. Users have been unable to uninstall these applications, which persist after wiping the devices. Which of the following MOST likely occurred and provides mitigation until the patches are released?

Options

  • AUnauthentic firmware was installed, disable OTA updates and carrier roaming via MDM.
  • BUsers opened a spear-phishing email: disable third-party application stores and validate all
  • CAn attacker downloaded monitoring applications; perform a full factory reset of the affected
  • DUsers received an improperly encoded emergency broadcast message, leading to an integrity

Explanation

Applications that survive a full factory wipe indicate a baseband-level firmware compromise exploited via the known zero-day, and disabling OTA updates plus carrier roaming through MDM severs the cellular attack vector until the vendor patch rolls out.

Common mistakes.

  • B. Applications installed through a spear-phishing email reside in the standard OS user partition and are removed by a factory reset, which directly contradicts the observation that the applications persist after wiping.
  • C. Standard monitoring applications downloaded by an attacker are stored in the OS application layer and would not survive a full factory reset, making this explanation inconsistent with the reported persistence behavior.
  • D. An improperly encoded emergency broadcast message could exploit a parsing vulnerability to execute arbitrary code, but this vector does not produce persistent user-visible applications that survive a device wipe and cannot be uninstalled.

Concept tested. Baseband firmware zero-day exploitation and MDM-based field mitigation

Reference. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-124r2.pdf

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice