CompTIA PenTest+ (PT0-001) — Question 21

A company contracted a firm specializing in penetration testing to assess the security of a core business application. The company provided the firm with a copy of the Java bytecode. Which of the following steps must the firm take before it can run a static code analyzer?

Answer options

• A. Run the application through a dynamic code analyzer.
• B. Employ a fuzzing utility.
• C. Decompile the application.
• D. Check memory allocations.

Correct answer: D

Explanation

The correct step is to check memory allocations, as this helps identify potential vulnerabilities related to memory management. Running the application through a dynamic analyzer, employing a fuzzing utility, and decompiling the application are not necessary prerequisites for running a static code analyzer and do not directly address the need to assess memory usage.