CompTIA PenTest+ (PT0-003) — Question 14

A penetration tester is performing a security review of a web application. Which of the following should the tester leverage to identify the presence of vulnerable open-source libraries?

Answer options

• A. VM
• B. IAST
• C. DAST
• D. SCA

Correct answer: D

Explanation

The correct answer is D, SCA (Software Composition Analysis), which specifically analyzes open-source libraries for known vulnerabilities. Options A (VM), B (IAST), and C (DAST) are not designed for this purpose; VM refers to virtual machines, IAST combines techniques for dynamic analysis but does not focus solely on libraries, and DAST is primarily for testing running applications for vulnerabilities.