CompTIA CASP+ (CAS-003) — Question 196

An engineer is reviewing the security architecture for an enterprise network. During the review, the engineer notices an undocumented node on the network.
Which of the following approaches can be utilized to determine how this node operates? (Choose two.)

Answer options

• A. Use reverse engineering and techniques
• B. Assess the node within a continuous integration environment
• C. Employ a static code analyzer
• D. Review network and traffic logs
• E. Use a penetration testing framework to analyze the node
• F. Analyze the output of a ping sweep

Correct answer: D, E

Explanation

Options D and E are correct because reviewing network and traffic logs can reveal the node's behavior and communication patterns, while a penetration testing framework can be used to simulate attacks and understand vulnerabilities. Options A, B, and C are less effective in this context, as reverse engineering is not suitable for undocumented nodes, continuous integration environments do not typically apply, and static code analyzers require access to source code that may not be available for an unknown node. Option F simply provides network reachability information without deeper insights into the node's operation.