Exam SY0-601 topic 1 question 200 discussion

Going with C

Using a vulnerability scan to assess dependencies in third-party libraries earlier in the software development life cycle (SDLC) is the most effective way to detect security flaws. Vulnerability scanning tools can automatically analyze software and its dependencies to identify known vulnerabilities and security issues. By performing these scans early in the SDLC, developers can identify and address security flaws in third-party libraries before the software is released into production.

Guys I can’t see the rest of the questions after question number 200? Am I the only one?

From Messer Practice Test: A company has just purchased a new application server, and the security director wants to determine if the system is secure. The system is currently installed in a test environment and will not be available to users until the rollout to production next week. Which of the following would be the BEST way to determine if any part of the system can be exploited? ❍ A. Tabletop exercise ❍ B. Vulnerability scanner ❍ C. Password cracker ❍ D. Penetration test The Answer: D. Penetration test A penetration test can be used to actively exploit potential vulnerabilities in a system or application. This could cause a denial of service or loss of data, so the best practice is to perform the penetration test during non￾production hours or in a test environment.

C. Implement a vulnerability scan to assess dependencies earlier on SDLC It is a best practice to assess security flaws in software dependencies as early as possible in the software development life cycle (SDLC) to minimize the risk of vulnerabilities being exploited in production. One effective way to do this is by implementing a vulnerability scan to assess dependencies, which are third-party libraries embedded in the software. A vulnerability scan can detect security flaws and vulnerabilities in the libraries used by the software and provide recommendations for remediation. By implementing a vulnerability scan early in the SDLC, the company can proactively address security issues before they become a problem in production.

The most effective way to detect security flaws present on third-party libraries embedded on software before it is released into production is to implement a vulnerability scan to assess dependencies earlier on the SDLC, or software development life cycle. A vulnerability scan is a type of security assessment that involves identifying and analyzing potential vulnerabilities in a system or application. By conducting a vulnerability scan earlier on in the SDLC, the development team can identify any security flaws in the third-party libraries before the software is released into production. This can help prevent security issues from being introduced into the production environment and ensure that the software is secure and compliant. Employing different techniques for server- and client-side validations, using a different version control system for third-party libraries, and increasing the number of penetration tests are not directly related to detecting security flaws in third-party libraries.

Answer: Implement a vulnerability scan to assess dependencies earlier on SDLC Implementing vulnerability scans allows for earlier detection and assessment of any potential vulnerabilities, which can then be addressed accordingly.

Going with D. Penetration tests which actively test security controls exploit vulnerabilities - prove that a vulnerability is high risk by exploiting it to gain access to data or install backdoors

Gonna go with C

It's C