Developing Applications Using Cisco Core Platforms and APIs (DEVCOR) — Question 35

Which two situations are flagged by software tools designed for dependency checking in continuous integration environments, such as OWASP? (Choose two.)

Answer options

• A. publicly disclosed vulnerabilities related to the included dependencies
• B. mismatches in coding styles and conventions in the included dependencies
• C. incompatible licenses in the included dependencies
• D. test case failures introduced by bugs in the included dependencies
• E. buffer overflows to occur as the result of a combination of the included dependencies

Correct answer: A, E

Explanation

The correct answer includes A and E because these scenarios pertain to security vulnerabilities that tools like OWASP focus on identifying. Option B relates to coding styles, which are not the primary concern of dependency checking tools, while C addresses license compatibility, and D concerns bug-induced failures, neither of which are the main objectives of such tools.