CompTIA CASP+ (CAS-004) — Question 267

A security engineer has recently become aware of a Java application that processes critical information in real time on the company's network. The Java application was scanned with SAST prior to deployment, and all vulnerabilities have been mitigated. However, some known issues within the Java runtime environment cannot be resolved. Which of the following should the security engineer recommend to the developer in order to mitigate the issue with the LEAST amount of downtime?

Answer options

• A. Perform software composition analysis on libraries from third parties.
• B. Run the application in a sandbox and perform penetration tests.
• C. Rewrite and compile the application in C++ and then reinstall it.
• D. Embed the current application into a virtual machine that runs on dedicated hardware.

Correct answer: D

Explanation

The correct answer is D because embedding the application into a virtual machine allows for isolation and can help in mitigating runtime issues without significant changes to the application itself, minimizing downtime. Options A and B do not directly address the unresolved issues in the Java runtime, and option C involves a complete rewrite which would lead to considerable downtime.