CAS-005 · Question #122
CAS-005 Question #122: Real Exam Question with Answer & Explanation
The correct answer is A: Development of zero-day exploits based on the source code. Development of zero-day exploits is a critical risk, as adversarial entities with access to the source code could analyze it for vulnerabilities to exploit. Legal action or sale of the source code are concerns, but they are not unique to the adversarial context of this scenario.
Question
A company has integrated source code from a subcontractor into its security product. The subcontractor is located in an adversarial country and has informed the company of a requirement to escrow the source code with the subcontractor's government. Which of the following is a potential security risk arising from this situation?
Options
- ADevelopment of zero-day exploits based on the source code
- BLegal action to force disclosure of the source code
- CSale of source code to competitors during a buyout
- DPublication of the source code on the internet
Explanation
Development of zero-day exploits is a critical risk, as adversarial entities with access to the source code could analyze it for vulnerabilities to exploit. Legal action or sale of the source code are concerns, but they are not unique to the adversarial context of this scenario. Publication of the source code on the internet is less likely than targeted exploitation in this specific scenario.
Community Discussion
No community discussion yet for this question.