nerdexam
ExamsCAS-003Questions#843
CompTIA

CAS-003 · Question #843

CAS-003 Question #843: Real Exam Question with Answer & Explanation

The correct answer is B: Disable the smartphone's cellular radio and require the use of WiFi.. Disabling the cellular radio removes the delivery channel that carriers use for FOTA updates, eliminating the specific firmware compromise vector while remaining operationally feasible during travel.

Question

Several corporate users returned from an international trip with compromised operating systems on their cellular devices. Additionally, intelligence reports confirm some international carriers are able to modify firmware unexpectedly even when the MDM policy is set to disable FOTA updates. Which of the following mitigations is operationally feasible and MOST likely to reduce the risk of firmware compromise by a carrier while traveling internationally?

Options

  • ADisable the ability to connect to third-party application stores.
  • BDisable the smartphone's cellular radio and require the use of WiFi.
  • CEnforce the use of an always-on SSL VPN with FIPS-validated encryption.
  • DIssue device PKI certificates to ensure mutual authentication.

Explanation

Disabling the cellular radio removes the delivery channel that carriers use for FOTA updates, eliminating the specific firmware compromise vector while remaining operationally feasible during travel.

Common mistakes.

  • A. Disabling third-party app stores addresses application-layer threats and has no effect on firmware modifications delivered through the carrier's baseband channel.
  • C. An always-on VPN protects data in transit at the application and network layers but operates above the baseband radio level where carrier-initiated FOTA updates occur, so it cannot prevent firmware compromise.
  • D. PKI device certificates provide mutual authentication for network access but do not grant the device control over what firmware the carrier pushes through its own radio network infrastructure.

Concept tested. Mobile device FOTA threat mitigation via carrier network isolation

Reference. https://csrc.nist.gov/publications/detail/sp/800-124/rev-2/final

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice