CompTIA CASP+ (CAS-003) — Question 335

A security analyst is trying to identify the source of a recent data loss incident. The analyst has reviewed all the logs for the time surrounding the incident and identified all the assets on the network at the time of the data loss. The analyst suspects the key to finding the source was obfuscated in an application. Which of the following tools should the analyst use NEXT?

Answer options

• A. Software decompiler
• B. Network enumerator
• C. Log reduction and analysis tool
• D. Static code analysis

Correct answer: A

Explanation

The correct tool is a Software decompiler, as it allows the analyst to reverse-engineer the application's code to reveal any obfuscated components that might be related to the data loss. The other options, while useful in different contexts, do not directly address the need to analyze and interpret the application's code for hidden information.