🔥 3-day streak
CompTIA CySA+ (CS0-003)125 / 147
Question 125 of 147

A CySA+ analyst is tasked with assessing a fleet of proprietary IoT gateway devices whose firmware is compiled from a mix of open-source libraries. The security team suspects that outdated third-party components (such as an old OpenSSL build) are embedded in the firmware images, but a standard network vulnerability scanner only reports the device as 'live host, port 443 open' with no CVE detail. Which assessment approach will most effectively identify the vulnerable embedded components?

Reviewed for accuracy · Report an issueNext question