Exam CS0-002 topic 1 question 17 discussion

Answer is B. Vehicles and Drones (CAN Bus) Automobiles and unmanned aerial vehicles (UAV), or drones, contain sophisticated electronics to control engine and power systems, braking and landing, and suspension/stability. Modern vehicles are increasingly likely to have navigation and entertainment systems, plus driver-assist or even driverless features, where the vehicle's automated systems can take control of steering and braking. The locking, alarm, and engine immobilizer mechanisms are also likely to be part of the same system. Each of these subsystems is implemented as an electronic control unit (ECU), connected via one or more controller area network (CAN) serial communications buses. The principal external interface is an Onboard Diagnostics (OBD-II) module. The OBD-II also acts as a gateway for multiple CAN buses. Official Comptia Cysa+ Course Material

CAN Buses is the topology used in vehicle's today. This is the only answer, and it's pretty straight forward.

Per ChatGpt: The issue with the code excerpt is that it uses the strcpy function to copy data from a file to a buffer without checking the size of the data being copied, which can result in a buffer overflow and cause the program to crash. Therefore, a security analyst should recommend replacing the strcpy function with a safer alternative, such as strncpy, which allows specifying the maximum number of bytes to copy to the buffer. Additionally, it would be best to perform input sanitization to ensure that the data being read from the file is in the expected format and size, and to increase the size of the file data buffer if needed. Therefore, the correct answer is B. Replace the strcpy function.

Agree with all of you

B. Agree with most everyone on this.

B is correct. CAN Bus is the Attack Vector

b Correct answer.

The Controller Area Network - CAN bus is a message-based protocol designed to allow the Electronic Control Units (ECUs) found in today’s automobiles, as well as other devices, to communicate with each other in a reliable, priority-driven fashion. Messages or “frames” are received by all devices in the network, which does not require a host computer.

I might be overthinking this, but the questions specifically states these are new vehicles, I take that to mean these are recent models. CAN bus has next to no security features, leaving it up to the manufacturer to implement them. In older models of cars, there is less external communication from CAN bus, leading me to believe B is the correct answer

After researching, I correct my answer to the CAN BUS.

CAN Bus While autonomous vehicles may still be a few years off, when they arrive they will make use of a new standard for vehicle-to-vehicle and vehicle-to-road communication. Controller Area Network (CAN bus) is designed to allow vehicle microcontrollers and devices to communicate with each other’s applications without a host computer. Sounds great, huh? It turns out CAN is a low-level protocol and does not support any security features intrinsically. There is also no encryption in standard CAN implementations, which leaves these networks open to data interception. Failure by vendors to implement their own security measures may result in attacks if attackers manage to insert messages on the bus. While passwords exist for some safety-critical functions, such as modifying firmware, programming keys, or controlling antilock brake actuators, these systems are not implemented universally and have a limited number of seed/key pairs (meaning a brute-force attack is more likely to succeed). Hopefully, an industry security standard for the CAN bus will be developed at some point.

it's B. if it doesn't have any networ capacity, it wont be an IoT device

Also agree with D

Agree with D

"Some of the most critical IoT deployments are those found on vehicles and drones. These systems have a dramatic impact on the safety of human life and should be carefully monitored for security issues." CySA+ Study Guide Mike Chapple, David Seidl IoT include CAN bus and Modbus.

B - can bus

I was thinking "CAN bus" before I saw the answer.