CompTIA CASP+ (CAS-003) — Question 228

Which of the following are the MOST likely vectors for the unauthorized or unintentional inclusion of vulnerable code in a software company's final software releases? (Choose two.)

Answer options

• A. Unsecure protocols
• B. Use of penetration-testing utilities
• C. Weak passwords
• D. Included third-party libraries
• E. Vendors/supply chain
• F. Outdated anti-malware software

Correct answer: A, C

Explanation

Unsecure protocols can expose software to interception and exploitation, leading to the inclusion of vulnerable code. Weak passwords can also provide unauthorized access to systems, making it easier for attackers to introduce vulnerabilities into the software.