ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 262 discussion

Actual exam question from CompTIA's CAS-004
Question #: 262
Topic #: 1
[All CAS-004 Questions]

A software developer was just informed by the security team that the company’s product has several vulnerabilities. Most of these vulnerabilities were traced to code the developer did not write. The developer does not recognize some of the code, as it was in the software before the developer started on the program and is not tracked for licensing purposes. Which of the following would the developer MOST likely do to mitigate the risks and prevent further issues like these from occurring?

  • A. Perform supply chain analysis and require third-party suppliers to implement vulnerability management programs.
  • B. Perform software composition analysis and remediate vulnerabilities found in the software.
  • C. Perform reverse engineering on the code and rewrite the code in a more secure manner.
  • D. Perform fuzz testing and implement DAST in the code repositories to find vulnerabilities prior to deployment.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by Geofab at April 1, 2023, 7:09 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
p1s3c
Highly Voted 2 years, 1 month ago
Selected Answer: A
A. Perform supply chain analysis and require third-party suppliers to implement vulnerability management programs would be the best option to mitigate risks and prevent further issues like these from occurring. The developer did not write some of the code, and it is not tracked for licensing purposes. Hence, it is likely that the code was obtained from third-party suppliers. By performing a supply chain analysis and requiring third-party suppliers to implement vulnerability management programs, the developer can ensure that the code used in the product is secure and does not contain vulnerabilities that could be exploited by attackers. This approach will also help prevent further issues from occurring in the future.
upvoted 6 times
b49eb27
1 year, 2 months ago
I can understand why someone would choose this option, but it does not help in the present or for any other software that is currently in use, and, depending on how long it's been since the software was bought, vulnerabilities may not have been known at that time. This is a good idea, but it will not help now and for a long while after.
upvoted 1 times
...
...
Bright07
Most Recent 6 months, 4 weeks ago
Selected Answer: B
B. Perform software composition analysis and remediate vulnerabilities found in the software. This solution directly addresses the core issue — vulnerabilities in code that the developer did not write — by identifying the third-party or open-source components in the software and checking for known vulnerabilities. SCA tools will help identify these vulnerabilities and suggest actions to mitigate them (such as updating or replacing insecure libraries), which aligns with the developer's need to manage and secure the software effectively.
upvoted 1 times
...
ThatGuyOverThere
1 year, 8 months ago
Selected Answer: B
I agree with B
upvoted 2 times
...
last_resort
2 years, 2 months ago
Selected Answer: B
Another vote for B
upvoted 3 times
...
Amin4799
2 years, 2 months ago
Selected Answer: B
B. Perform software composition analysis and remediate vulnerabilities found in the software.
upvoted 3 times
...
Geofab
2 years, 2 months ago
Selected Answer: B
I think some key phrases in the question are "developer does not recognize some of the code.." and "not tracked for licensing.." to me this sounds like 3rd part software or open source libraries. also, the software developer should be looking at the source code so reverse engineering shouldn't be necessary. software composition analysis is the answer I believe.
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel