CompTIA
CAS-002 · Question #80
CAS-002 Question #80: Real Exam Question with Answer & Explanation
The correct answer is A: Line by line code review and simu-lation; uncovers hidden vulnerabilities and allows for. Line-by-line code review combined with simulation is the most rigorous method for identifying hidden vulnerabilities in third-party applications before deployment.
Question
Which of the following is the MOST secure way to ensure third party applications and introduce only acceptable risk?
Options
- ALine by line code review and simu-lation; uncovers hidden vulnerabilities and allows for
- BTechnical exchange meetings with the application's vendor; vendors have more in depth
- CPilot trial; minimizes the impact to the enterprise while still providing services to enterprise
- DFull deployment with crippled features; allows for large scale testing and observation of the
Explanation
Line-by-line code review combined with simulation is the most rigorous method for identifying hidden vulnerabilities in third-party applications before deployment.
Common mistakes.
- B. Technical exchange meetings rely on vendor self-disclosure, which may be incomplete, biased, or commercially motivated, and provides no independent verification of security.
- C. A pilot trial limits production blast radius but does not analyze code internals - vulnerabilities remain hidden until they are triggered.
- D. Full deployment with crippled features still exposes the enterprise to unaudited code paths and does not constitute a secure pre-acceptance review.
Concept tested. Third-party application security assessment and code review
Reference. https://csrc.nist.gov/publications/detail/sp/800-161/rev-1/final
Community Discussion
No community discussion yet for this question.