ExamTopics Logo
Mail Us[email protected]
Menu
Cisco Discussions
exam questions

Exam 350-901 All Questions

View all questions & answers for the 350-901 exam
Go to Exam

Exam 350-901 topic 1 question 8 discussion

Actual exam question from Cisco's 350-901
Question #: 8
Topic #: 1
[All 350-901 Questions]

Which two situations are flagged by software tools designed for dependency checking in continuous integration environments, such as OWASP? (Choose two.)

  • A. publicly disclosed vulnerabilities related to the included dependencies
  • B. mismatches in coding styles and conventions in the included dependencies
  • C. incompatible licenses in the included dependencies
  • D. test case failures introduced by bugs in the included dependencies
  • E. buffer overflows to occur as the result of a combination of the included dependencies
Show Suggested Answer Hide Answer
Suggested Answer: AE 🗳️
by FR99 at Aug. 14, 2020, 4:40 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
blezzzo
Highly Voted 4 years, 9 months ago
I agree with A and E: OWASP Dependency Check is a well known open-source tool which can track dependencies in your project and identify components with dependencies and checks if there are any known, publicly disclosed, vulnerabilities. Source code analysis tools, also referred to as Static Application Security Testing (SAST) Tools, are designed to analyze source code and/or compiled versions of code to help find security flaws. Useful for things that such tools can automatically find with high confidence, such as buffer overflows, SQL Injection Flaws, and so forth
upvoted 11 times
samael666
7 months, 1 week ago
I would say A and C, because OWASP dependency-check is not a SAST i mean is not intended to catch runtime issues like buffer overflows
upvoted 1 times
...
...
FR99
Highly Voted 4 years, 10 months ago
A & E are OK
upvoted 5 times
...
DASBOL
Most Recent 4 months, 4 weeks ago
Selected Answer: AC
A. Publicly disclosed vulnerabilities related to dependencies This is correct because: Security vulnerability scanning is a core function of dependency checkers They check against databases of known CVEs and security advisories This helps prevent using components with known security issues C. Incompatible licenses in dependencies This is also correct because: License compliance is a critical aspect of dependency management Tools check for conflicts between different open source licenses This prevents legal issues from incompatible license combinations
upvoted 2 times
...
blurain
1 year, 11 months ago
my thoughts are that A and D is correct tools like owasp dependency check does not scope in buffer overflow vulnerability
upvoted 1 times
...
designated
2 years, 9 months ago
Selected Answer: AE
Flagship Projects: - OWASP Amass - OWASP Application Security Verification Standard - OWASP Cheat Sheet Series - OWASP CSRFGuard - OWASP CycloneDX - OWASP Defectdojo - OWASP Dependency-Check - OWASP Dependency-Track - OWASP Juice Shop - OWASP Mobile Application Security - OWASP ModSecurity Core Rule Set - OWASP OWTF - OWASP SAMM - OWASP Security Knowledge Framework - OWASP Security Shepherd - OWASP Top Ten - OWASP Web Security Testing Guide - OWASP ZAP
upvoted 3 times
...
skysoft
2 years, 10 months ago
Selected Answer: AE
i agree with blezzzo.
upvoted 1 times
...
MiSoledad
4 years, 7 months ago
I stay with A and E
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel