ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-003 All Questions

View all questions & answers for the CAS-003 exam
Go to Exam

Exam CAS-003 topic 1 question 65 discussion

Actual exam question from CompTIA's CAS-003
Question #: 65
Topic #: 1
[All CAS-003 Questions]

A security controls assessor intends to perform a holistic configuration compliance test of networked assets. The assessor has been handed a package of definitions provided in XML format, and many of the files have two common tags within them: `<object object_ref=`¦ />` and `<state state_ref=`¦ /
>`. Which of the following tools BEST supports the use of these definitions?

  • A. HTTP interceptor
  • B. Static code analyzer
  • C. SCAP scanner
  • D. XML fuzzer
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by D1960 at June 6, 2021, 4:18 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
destro
Highly Voted 3 years, 10 months ago
The question contains XML, but it's not an XML fuzzer being used. The output is a SCAP scanner's.
upvoted 5 times
FireFerret
3 years, 5 months ago
I agree. The question even said a configuration compliance test was done, which would make sense that the definitions came from a SCAP scanner. I still agree with the answer given as the question asks what is the best USE for theses definitions. They are XML and it would make sense for an XML fuzzer to take theses definitions and... fuzz them to find vulnerabilities.
upvoted 2 times
...
...
JonW
Most Recent 3 years, 2 months ago
Selected Answer: C
These XML tags are used in SCAP scanners. They are used in the vulnerability assessment definition files in Open Vulnerability Assessment Language (OVAL). https://www.loginsoft.com/blog/2022/01/17/open-vulnerability-assessment-language-oval-in-a-nutshell/
upvoted 1 times
...
ckr8
3 years, 7 months ago
Would you please share link for scap scanner output.I don't recognize scap scanner output.
upvoted 1 times
...
D1960
3 years, 11 months ago
Maybe: C. SCAP scanner ? Sample SCAP text: <object object_ref="oval:gov.nist.1:obj:8" /> <state state_ref="oval:gov.nist.1:ste:21" />
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago