CompTIA PenTest+ (PT0-002) — Question 444

Which of the following is MOST important to include in the final report of a static application-security test that was written with a team of application developers as the intended audience?

Answer options

• A. Executive summary of the penetration-testing methods used
• B. Bill of materials including supplies, subcontracts, and costs incurred during assessment
• C. Quantitative impact assessments given a successful software compromise
• D. Code context for instances of unsafe typecasting operations

Correct answer: D

Explanation

The correct answer is D because application developers need to understand the specific context of unsafe typecasting operations to address vulnerabilities effectively. Option A is less relevant as it pertains to penetration testing rather than static analysis. Option B is focused on logistical details that do not aid in improving code security, and Option C, while important, is not as directly actionable for developers compared to understanding code context.