CompTIA PenTest+ (PT0-002) — Question 440

A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?

Answer options

• A. Add a dependency checker into the tool chain.
• B. Perform routine static and dynamic analysis of committed code.
• C. Validate API security settings before deployment.
• D. Perform fuzz testing of compiled binaries.

Correct answer: A

Explanation

The correct answer is A because integrating a dependency checker can help identify and mitigate risks associated with vulnerable third-party modules. Options B, C, and D, while beneficial practices, do not specifically address the issue of insecure dependencies in third-party software.