Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA PT0-003 Exam - Topic 4 Question 29 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 29
Topic #: 4
[All PT0-003 Questions]

[Tools and Code Analysis]

A penetration tester is performing a security review of a web application. Which of the following should the tester leverage to identify the presence of vulnerable open-source libraries?

Show Suggested Answer Hide Answer
Suggested Answer: D

Software Composition Analysis (SCA) is used to analyze dependencies in applications and identify vulnerable open-source libraries.

Option A (VM - Virtual Machine) : A VM is a computing environment, not a vulnerability detection tool.

Option B (IAST - Interactive Application Security Testing) : IAST analyzes runtime behavior, but it does not specialize in detecting vulnerable libraries.

Option C (DAST - Dynamic Application Security Testing) : DAST scans running applications for vulnerabilities, but it does not analyze open-source libraries.

Option D (SCA - Software Composition Analysis) : Correct.

Identifies security flaws in dependencies.

Used for managing supply chain risks.

Reference: CompTIA PenTest+ PT0-003 Official Guide -- Software Composition Analysis (SCA)


by Alica at Nov 24, 2025, 03:51 AM

Limited Time Offer

25%

Off

Get Premium PT0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jose
1 day ago
I’m leaning towards SCA as well. It’s specifically designed for this.
upvoted 0 times
...
Gayla
7 days ago
DAST is more about runtime issues, not library checks.
upvoted 0 times
...
Georgene
12 days ago
I feel like IAST could help too, but not as much as SCA.
upvoted 0 times
...
An
17 days ago
VM? That's not even relevant here, lol.
upvoted 0 times
...
Geraldo
22 days ago
Wait, are we sure SCA is the best option? Seems too simple.
upvoted 0 times
...
Dana
27 days ago
Agreed, SCA is the way to go for open-source vulnerabilities!
upvoted 0 times
...
Leslee
2 months ago
I think DAST is more about runtime issues, not libraries.
upvoted 0 times
...
Bettye
2 months ago
Definitely SCA, it scans for vulnerable libraries.
upvoted 0 times
...
Nicolette
2 months ago
SCA? More like "Secure Code Analysis", amirite? *wink wink*
upvoted 0 times
...
Tawny
2 months ago
SCA is the obvious choice here. Why even consider the other options?
upvoted 0 times
...
Bette
2 months ago
D) SCA for sure. Anything else and you're just playing around, am I right?
upvoted 0 times
...
Laticia
2 months ago
I agree, SCA is the way to go. Gotta keep those libraries secure, you know?
upvoted 0 times
...
Shoshana
3 months ago
D) SCA is the correct answer. It's the best tool for identifying vulnerable open-source libraries.
upvoted 0 times
...
Delsie
3 months ago
I think VM might be related to virtual machines, but it doesn’t seem relevant for identifying library vulnerabilities.
upvoted 0 times
...
Stephanie
3 months ago
I feel like I saw a practice question that mentioned IAST being useful for identifying vulnerabilities in code, but I'm not confident it applies here.
upvoted 0 times
...
Nancey
3 months ago
I think SCA is the right choice since it specifically focuses on identifying vulnerabilities in open-source libraries.
upvoted 0 times
...
Paola
3 months ago
This is a classic SCA question. I've got some experience with those tools, so I feel pretty confident I can nail this one.
upvoted 0 times
...
Malcolm
3 months ago
I'm a bit confused on the difference between IAST and DAST. Maybe I'll try a combination of both to cover my bases.
upvoted 0 times
...
Arthur
4 months ago
Agreed! SCA scans for vulnerabilities in dependencies.
upvoted 0 times
...
Matilda
4 months ago
I think D) SCA is the best choice. It focuses on open-source libraries.
upvoted 0 times
...
Wai
4 months ago
I'm not entirely sure, but I remember something about DAST being more about dynamic testing of applications rather than libraries.
upvoted 0 times
...
Mindy
4 months ago
Oof, I'm not super familiar with these types of security testing approaches. I'll need to review my notes and see if I can figure out the best approach.
upvoted 0 times
...
Shantell
5 months ago
SCA seems like the way to go here. I'll need to do a thorough scan of the app's dependencies to find any known vulnerabilities.
upvoted 0 times
...
Cora
5 months ago
Hmm, this one's tricky. I think I'll need to leverage some DAST tools to really dig into the web app and identify any vulnerable libraries.
upvoted 0 times
Ramonita
4 months ago
I agree, DAST tools are great for that.
upvoted 0 times
...
...

Save Cancel