CompTIA CASP+ (CAS-003) — Question 46

Ann, a member of the finance department at a large corporation, has submitted a suspicious email she received to the information security team. The team was not expecting an email from Ann, and it contains a PDF file inside a ZIP compressed archive. The information security team is not sure which files were opened. A security team member uses an air-gapped PC to open the ZIP and PDF, and it appears to be a social engineering attempt to deliver an exploit.
Which of the following would provide greater insight on the potential impact of this attempted attack?

Answer options

• A. Run an antivirus scan on the finance PC.
• B. Use a protocol analyzer on the air-gapped PC.
• C. Perform reverse engineering on the document.
• D. Analyze network logs for unusual traffic.
• E. Run a baseline analyzer against the user's computer.

Correct answer: C

Explanation

Performing reverse engineering on the document will provide detailed insights into its structure and potential malicious code, which is critical for understanding the attack's impact. The other options, while useful for general security practices, do not directly reveal the exploit's nature or specific functionalities embedded within the PDF.