CompTIA CASP+ (CAS-003) — Question 94

A company wants to perform analysis of a tool that is suspected to contain a malicious payload. A forensic analyst is given the following snippet:
^32^[34fda19(fd^43gfd/home/user/lib/module.so.343jk^rfw(342fds43g
Which of the following did the analyst use to determine the location of the malicious payload?

Answer options

• A. Code deduplicators
• B. Binary reverse-engineering
• C. Fuzz testing
• D. Security containers

Correct answer: B

Explanation

The correct answer is B, Binary reverse-engineering, as it allows analysts to examine the inner workings of a binary file to uncover malicious code or its location. The other options, while related to security and analysis, do not specifically focus on unpacking and analyzing the structure of a binary to find embedded threats.