CompTIA CySA+ (CS0-002) — Question 50

To validate local system-hardening requirements, which of the following types of vulnerability scans would work BEST to verify the scanned device meets security policies?

Answer options

• A. SCAP
• B. SAST
• C. DAST
• D. DACS

Correct answer: A

Explanation

SCAP (Security Content Automation Protocol) is specifically designed for compliance and security policy verification, making it the best choice for validating system-hardening requirements. SAST (Static Application Security Testing) and DAST (Dynamic Application Security Testing) focus on application vulnerabilities, while DACS (Dynamic Access Control System) is not relevant to vulnerability scanning.