CompTIA CASP+ (CAS-004) — Question 118

A vulnerability analyst identified a zero-day vulnerability in a company's internally developed software. Since the current vulnerability management system does not have any checks for this vulnerability, an engineer has been asked to create one.
Which of the following would be BEST suited to meet these requirements?

Answer options

• A. ARF
• B. ISACs
• C. Node.js
• D. OVAL

Correct answer: D

Explanation

The correct answer is D, OVAL, which is specifically designed for defining and sharing information about vulnerabilities and their checks. ARF and ISACs do not provide the necessary functionality for creating checks for vulnerabilities, while Node.js is a runtime environment that is not directly relevant to vulnerability management.