CompTIA CASP+ (CAS-003) — Question 133

An analyst is investigating anomalous
behavior on a corporate-owned, corporate-managed mobile device with application whitelisting enabled, based on a name string. The employee to whom the device is assigned reports the approved email client is displaying warning messages that can launch browser windows and is adding unrecognized email addresses to the `compose` window.
Which of the following would provide the analyst the BEST chance of understanding and characterizing the malicious behavior?

Answer options

• A. Reverse engineer the application binary.
• B. Perform static code analysis on the source code.
• C. Analyze the device firmware via the JTAG interface.
• D. Change to a whitelist that uses cryptographic hashing.
• E. Penetration test the mobile application.

Correct answer: A

Explanation

Reverse engineering the application binary allows the analyst to delve into the actual working of the application, providing insights into the anomalous behavior and how it manipulates the device. Other options, such as static code analysis or penetration testing, may not reveal the specific runtime behaviors or vulnerabilities exhibited by the already compiled binary. Analyzing firmware or changing the whitelist settings would not directly address the immediate investigation into the application's behavior.