CompTIA PenTest+ (PT1-002) — Question 6

A company that developers embedded software for the automobile industry has hired a penetration-testing team to evaluate the security of its products prior to delivery. The penetration-testing team has stated its intent to subcontract to a reverse-engineering team capable of analyzing binaries to develop proof-of-concept exploits. The software company has requested additional background investigations on the reverse-engineering team prior to approval of the subcontract. Which of the following concerns would BEST support the software company's request?

Answer options

• A. The reverse-engineering team may have a history of selling exploits to third parties.
• B. The reverse-engineering team may use closed-source or other non-public information feeds for its analysis.
• C. The reverse-engineering team may not instill safety protocols sufficient for the automobile industry.
• D. The reverse-engineering team will be given access to source code for analysis.

Correct answer: A

Explanation

The correct answer, A, highlights a significant risk where the reverse-engineering team could potentially sell exploits, which directly threatens the security of the software company's products. Options B and C, while valid concerns, do not directly relate to the trustworthiness or potential malicious intent of the reverse-engineering team. Option D is less relevant because access to source code may not inherently pose a risk if proper safeguards are in place.