ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT1-002 All Questions

View all questions & answers for the PT1-002 exam
Go to Exam

Exam PT1-002 topic 1 question 52 discussion

Actual exam question from CompTIA's PT1-002
Question #: 52
Topic #: 1
[All PT1-002 Questions]

Which of the following would MOST likely be included in the final report of a static application-security test that was written with a team of application developers as the intended audience?

  • A. Executive summary of the penetration-testing methods used
  • B. Bill of materials including supplies, subcontracts, and costs incurred during assessment
  • C. Quantitative impact assessments given a successful software compromise
  • D. Code context for instances of unsafe type-casting operations
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by BinarySoldier at Nov. 24, 2021, 6:21 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BinarySoldier
Highly Voted 3 years, 5 months ago
Shouldn't this be D?
upvoted 13 times
Davar39
3 years, 4 months ago
I'll go with D for 2 reasons. 1. It's designed for app dev. 2. Answer C suggest that the app is already live so a dynamic code analysis would be better suited.
upvoted 4 times
...
...
bieecop
Most Recent 1 year, 9 months ago
Selected Answer: D
In a final report of a static application-security test aimed at application developers, it is important to provide specific details and code context related to the identified security issues. Unsafe type-casting operations are examples of potential vulnerabilities that should be highlighted, along with explanations of the associated risks and recommendations for remediation. The other options mentioned in the question (a. Quantitative impact assessments, b. Executive summary, c. Bill of materials) are not typically included in a static application-security test report targeted at application developers.
upvoted 2 times
...
MysterClyde
1 year, 11 months ago
The answer is D. Given the audience of application developers AND the need to close off the project, the step in D occurs in the attestation phase, where you have to provide evidence to confirm your findings.
upvoted 1 times
...
kiduuu
3 years ago
Selected Answer: D
brandonl has a good point
upvoted 2 times
...
Charlieb123
3 years ago
Selected Answer: D
D for the same reasons as Davar39 kindly listed.
upvoted 2 times
...
brandonl
3 years, 1 month ago
"Quantitative impact assessments given a successful software compromise" - this would be dynamic testing. Answer is D.
upvoted 3 times
...
tokhs
3 years, 5 months ago
I would go with C
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago