CompTIA
CAS-003 · Question #105
CAS-003 Question #105: Real Exam Question with Answer & Explanation
The correct answer is A: Static code analysis. A Code review refers to the examination of an application (the new network based software product in this case) that is designed to identify and assess threats to the organization. Application code review ?whether manual or static will reveal the type of security weakness as show
Question
The following has been discovered in an internally developed application: Error - Memory allocated but not freed: char *myBuffer = malloc(BUFFER_SIZE); if (myBuffer != NULL) { *myBuffer = STRING_WELCOME_MESSAGE; printf("Welcome to: %s\n", myBuffer); } exit(0); Which of the following security assessment methods are likely to reveal this security weakness? (Select TWO).
Options
- AStatic code analysis
- BMemory dumping
- CManual code review
- DApplication sandboxing
- EPenetration testing
- FBlack box testing
Explanation
A Code review refers to the examination of an application (the new network based software product in this case) that is designed to identify and assess threats to the organization. Application code review ?whether manual or static will reveal the type of security weakness as shown in the exhibit.
Community Discussion
No community discussion yet for this question.