Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA PT0-003 Exam - Topic 4 Question 29 Discussion

Actual exam question for CompTIA's PT0-003 exam
Question #: 29
Topic #: 4
[All PT0-003 Questions]

[Tools and Code Analysis]

A penetration tester is performing a security review of a web application. Which of the following should the tester leverage to identify the presence of vulnerable open-source libraries?

Show Suggested Answer Hide Answer
Suggested Answer: D

Software Composition Analysis (SCA) is used to analyze dependencies in applications and identify vulnerable open-source libraries.

Option A (VM - Virtual Machine) : A VM is a computing environment, not a vulnerability detection tool.

Option B (IAST - Interactive Application Security Testing) : IAST analyzes runtime behavior, but it does not specialize in detecting vulnerable libraries.

Option C (DAST - Dynamic Application Security Testing) : DAST scans running applications for vulnerabilities, but it does not analyze open-source libraries.

Option D (SCA - Software Composition Analysis) : Correct.

Identifies security flaws in dependencies.

Used for managing supply chain risks.

Reference: CompTIA PenTest+ PT0-003 Official Guide -- Software Composition Analysis (SCA)


by Alica at Nov 24, 2025, 03:51 AM

Limited Time Offer

25%

Off

Get Premium PT0-003 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Glen
1 month ago
Definitely SCA. It gives a comprehensive view of library vulnerabilities.
upvoted 0 times
...
Jose
2 months ago
I’m leaning towards SCA as well. It’s specifically designed for this.
upvoted 0 times
...
Gayla
2 months ago
DAST is more about runtime issues, not library checks.
upvoted 0 times
...
Georgene
2 months ago
I feel like IAST could help too, but not as much as SCA.
upvoted 0 times
...
An
2 months ago
VM? That's not even relevant here, lol.
upvoted 0 times
...
Geraldo
2 months ago
Wait, are we sure SCA is the best option? Seems too simple.
upvoted 0 times
...
Dana
2 months ago
Agreed, SCA is the way to go for open-source vulnerabilities!
upvoted 0 times
...
Leslee
3 months ago
I think DAST is more about runtime issues, not libraries.
upvoted 0 times
...
Bettye
3 months ago
Definitely SCA, it scans for vulnerable libraries.
upvoted 0 times
...
Nicolette
3 months ago
SCA? More like "Secure Code Analysis", amirite? *wink wink*
upvoted 0 times
...
Tawny
4 months ago
SCA is the obvious choice here. Why even consider the other options?
upvoted 0 times
...
Bette
4 months ago
D) SCA for sure. Anything else and you're just playing around, am I right?
upvoted 0 times
...
Laticia
4 months ago
I agree, SCA is the way to go. Gotta keep those libraries secure, you know?
upvoted 0 times
...
Shoshana
4 months ago
D) SCA is the correct answer. It's the best tool for identifying vulnerable open-source libraries.
upvoted 0 times
...
Delsie
4 months ago
I think VM might be related to virtual machines, but it doesn’t seem relevant for identifying library vulnerabilities.
upvoted 0 times
...
Stephanie
4 months ago
I feel like I saw a practice question that mentioned IAST being useful for identifying vulnerabilities in code, but I'm not confident it applies here.
upvoted 0 times
...
Nancey
5 months ago
I think SCA is the right choice since it specifically focuses on identifying vulnerabilities in open-source libraries.
upvoted 0 times
...
Paola
5 months ago
This is a classic SCA question. I've got some experience with those tools, so I feel pretty confident I can nail this one.
upvoted 0 times
...
Malcolm
5 months ago
I'm a bit confused on the difference between IAST and DAST. Maybe I'll try a combination of both to cover my bases.
upvoted 0 times
...
Arthur
5 months ago
Agreed! SCA scans for vulnerabilities in dependencies.
upvoted 0 times
...
Matilda
5 months ago
I think D) SCA is the best choice. It focuses on open-source libraries.
upvoted 0 times
...
Wai
6 months ago
I'm not entirely sure, but I remember something about DAST being more about dynamic testing of applications rather than libraries.
upvoted 0 times
...
Mindy
6 months ago
Oof, I'm not super familiar with these types of security testing approaches. I'll need to review my notes and see if I can figure out the best approach.
upvoted 0 times
...
Shantell
6 months ago
SCA seems like the way to go here. I'll need to do a thorough scan of the app's dependencies to find any known vulnerabilities.
upvoted 0 times
...
Cora
6 months ago
Hmm, this one's tricky. I think I'll need to leverage some DAST tools to really dig into the web app and identify any vulnerable libraries.
upvoted 0 times
Linn
21 days ago
Each tool has its strengths, but SCA seems most relevant here.
upvoted 0 times
...
Kanisha
26 days ago
IAST could also help, especially during runtime analysis.
upvoted 0 times
...
Nickolas
1 month ago
True, SCA can be very effective for open-source vulnerabilities.
upvoted 0 times
...
Reid
1 month ago
But have you considered SCA tools? They specifically target libraries.
upvoted 0 times
...
Ramonita
5 months ago
I agree, DAST tools are great for that.
upvoted 0 times
...
...

Save Cancel