Exam PT0-002 All QuestionsBrowse all questions from this exam
Question 162

A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?

    Correct Answer: A

    The primary issue identified is the inclusion of vulnerable third-party modules despite good quality organic code. To address this, adding a dependency checker into the tool chain would help identify and mitigate vulnerabilities in third-party components before they are included in the products. This ensures that only secure third-party modules are used.

Discussion
ryanzouOption: A

A is correct

Mr_BuCk3th34DOption: A

Using known vulnerable components: Applications should ensure that any third-party components that are referenced are secure. Dependency vulnerabilities exist when an application uses a vulnerable third-party component.

nickwen007Option: A

Adding a dependency checker will help ensure that vulnerable third-party modules are not included in the products

2FishOption: A

Going with A. Look here for more context. https://www.examtopics.com/discussions/comptia/view/66654-exam-pt1-002-topic-1-question-59-discussion/

masso435Option: A

Dependency checker is used to find vulnerabilities.

solutionzOption: A

The issue described in the scenario is the inclusion of vulnerable third-party modules in multiple products. This is a problem related to dependencies and not the organic code developed by the company. Given this context, the most appropriate recommendation to address the problem would be: A. Add a dependency checker into the tool chain. Explanation: Option A: A dependency checker scans project dependencies and checks if there are any known, publicly disclosed vulnerabilities associated with them. This would directly address the problem of including vulnerable third-party modules in the products.

kloug

aaaaaaaaaa

Etc_Shadow28000Option: A

A. Add a dependency checker into the tool chain. Explanation: • Dependency Checker: A dependency checker is a tool that scans the third-party libraries and modules used in a software project to identify known vulnerabilities. By integrating a dependency checker into the build or CI/CD pipeline, the company can ensure that vulnerable third-party modules are identified and addressed before they are included in the final product. This directly addresses the issue of including vulnerable third-party modules, which is the main concern identified by the tester.