exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam

Exam CAS-004 topic 1 question 455 discussion

Actual exam question from CompTIA's CAS-004
Question #: 455
Topic #: 1
[All CAS-004 Questions]

A junior security researcher has identified a buffer overflow vulnerability leading to remote code execution in a former employer's software. The security researcher asks for the manager's advice on the vulnerability submission process. Which of the following is the best advice the current manager can provide the security researcher?

  • A. Collect proof that the exploit works in order to expedite the process.
  • B. Publish proof-of-concept exploit code on a personal blog.
  • C. Recommend legal consultation about the process.
  • D. Visit a bug bounty website for the latest information.
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Steel16
1 week ago
Selected Answer: A
o Providing proof-of-concept (POC) exploit code can be considered a more aggressive approach and might escalate the situation unnecessarily. Publishing it publicly could further damage the company's reputation and potentially lead to legal repercussions. Therefore, collecting sufficient evidence to demonstrate the vulnerability's existence and impact, while maintaining a responsible and professional approach, is the most recommended course of action. o C. Recommend legal consultation about the process: While legal consultation might be beneficial in complex situations, it's not the first step. The researcher should initially attempt to engage with the company directly, following established vulnerability disclosure procedures. Legal advice can be sought later if the vendor doesn't respond appropriately or if there are disagreements regarding disclosure.
upvoted 1 times
...
isaphiltrick
8 months, 1 week ago
Selected Answer: C
Legal consultation is crucial before proceeding with any vulnerability disclosure process, especially when dealing with vulnerabilities found in former employers' software. It ensures that the researcher adheres to legal and ethical standards, protects their rights, and avoids potential legal risks associated with disclosure. Therefore, advising the security researcher to seek legal consultation is the most prudent course of action in this situation.
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago