A penetration tester reviews a SAST vulnerability scan report. The following lines of code have been reported as vulnerable: Which of the following is the best method to remediate this vulnerability?
A.
Implementing a logging framework
B.
Removing the five code lines reported with issues
C.
Initiating a secure coding-awareness program with all the developers
D.
Documenting the vulnerability as a false positive
Using printStackTrace() is discouraged in production code because it can leak sensitive information and does not provide control over how or where the error is logged.
The recommended practice is to replace printStackTrace() with a secure logging framework (such as java.util.logging, Log4j, or SLF4J), which allows you to control log levels, destinations, and to sanitize output, reducing the risk of information exposure
B. Removing the five code lines reported with issues
Simply removing the code would suppress error reporting entirely, making it harder to debug and maintain the application. It does not address the underlying need for exception handling and logging.
C. Initiating a secure coding-awareness program with all the developers
While valuable for long-term security culture, this is not a direct remediation for the specific code vulnerability flagged in the SAST report.
D. Documenting the vulnerability as a false positive
This is not a false positive. The use of printStackTrace() is a well-known security risk
upvoted 1 times
...
This section is not available anymore. Please use the main Exam Page.PT0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
mosdef137
1 week, 2 days ago