CompTIA CASP+ (CAS-004) — Question 362

Following a Log4j outbreak, several network appliances were not managed and remained undetected despite an application inventory system being in place. Which of the following solutions should the security director recommend to best understand the composition of applications on unmanaged devices?

Answer options

• A. Protocol analyzer
• B. Package monitoring
• C. Software bill of materials
• D. Fuzz testing

Correct answer: C

Explanation

The correct answer is C, as a Software Bill of Materials (SBOM) provides a detailed list of software components in applications, which is essential for identifying unmanaged devices. The other options, while useful for different purposes, do not specifically address the need for understanding application composition on devices that are not actively managed.