CompTIA PenTest+ (PT1-002) — Question 31

A penetration tester has completed an analysis of the various software products produced by the company under assessment. The tester found that over the past several years the company has been including vulnerable third-party modules in multiple products, even though the quality of the organic code being developed is very good. Which of the following recommendations should the penetration tester include in the report?

Answer options

• A. Add a dependency checker into the tool chain.
• B. Perform routine static and dynamic analysis of committed code.
• C. Validate API security settings before deployment.
• D. Perform fuzz testing of compiled binaries.

Correct answer: A

Explanation

The correct answer is A because a dependency checker helps identify and manage vulnerable third-party components, which is the main issue discovered. While B, C, and D are important practices for overall software security, they do not specifically address the problem of integrating vulnerable external modules.