CompTIA CySA+ (CS0-003) — Question 317

An organization performs software assurance activities and reviews some web framework code that uses exploitable jquery modules. Which of the following tools or techniques should the organization use to help identify these issues?

Answer options

• A. Security Content Automation Protocol
• B. Application fuzzing
• C. Common weakness enumeration
• D. Static analysis

Correct answer: D

Explanation

Static analysis is the correct choice as it examines the source code for vulnerabilities without executing it, effectively identifying exploitable jquery modules. The other options, such as Application fuzzing and Common weakness enumeration, do not specifically target code review for these types of vulnerabilities, and Security Content Automation Protocol is focused on automating security compliance rather than code analysis.