CompTIA PenTest+ (PT0-003) — Question 29

A tester performs a vulnerability scan and identifies several outdated libraries used within the customer SaaS product offering. Which of the following types of scans did the tester use to identify the libraries?

Answer options

• A. IAST
• B. SBOM
• C. DAST
• D. SAST

Correct answer: B

Explanation

The correct answer is B, SBOM, which stands for Software Bill of Materials and specifically identifies components and their versions in software. The other options, such as IAST, DAST, and SAST, focus on different aspects of security testing and do not specifically map to the identification of outdated libraries.