CompTIA PenTest+ (PT0-002) — Question 10

Which of the following types of information would MOST likely be included in an application security assessment report addressed to developers? (Choose two.)

Answer options

• A. Use of non-optimized sort functions
• B. Poor input sanitization
• C. Null pointer dereferences
• D. Non-compliance with code style guide
• E. Use of deprecated Javadoc tags
• F. A cydomatic complexity score of 3

Correct answer: B, C

Explanation

The correct answers, B and C, highlight critical security vulnerabilities that can lead to exploitation if not addressed. Poor input sanitization (B) allows attackers to inject harmful data, while null pointer dereferences (C) can lead to application crashes or unpredictable behavior. The other options, while important, do not directly correlate to security risks in the same way.