CompTIA PenTest+ (PT1-002) — Question 30

Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?

Answer options

• A. Executive summary of the penetration-testing methods used
• B. Bill of materials including supplies, subcontracts, and costs incurred during assessment
• C. Quantitative impact assessments given a successful software compromise
• D. Code context for instances of unsafe type-casting operations

Correct answer: D

Explanation

The correct answer, D, is relevant because it provides developers with specific insights into the code issues that need addressing. Options A and C focus on broader testing and impact assessments which are less relevant to the immediate needs of developers, while B pertains to logistical details not typically required in a security report aimed at developers.