CAS-003 · Question #889
CAS-003 Question #889: Real Exam Question with Answer & Explanation
The correct answer is C: Update Python and the supporting libraries to the latest versions.. When known vulnerabilities (CVEs) exist in supporting libraries, the most direct and effective remediation is to update Python and all dependencies to the latest stable versions, which contain the vendor-published security fixes. Option A (setting >= version constraints in requir
Question
Options
- AAdjust the requirements.txt file to set dependencies at >= the listed version number.
- BHave the developer backport security fixes into the supporting libraries.
- CUpdate Python and the supporting libraries to the latest versions.
- DRemove the version numbers from the requirements.txt file so each new build has the latest
Explanation
When known vulnerabilities (CVEs) exist in supporting libraries, the most direct and effective remediation is to update Python and all dependencies to the latest stable versions, which contain the vendor-published security fixes. Option A (setting >= version constraints in requirements.txt) is risky because it permits any future version to be installed, potentially introducing breaking changes or new vulnerabilities during builds. Option B (backporting fixes) is complex, resource-intensive, typically a vendor responsibility, and unnecessary when official patched versions exist. Option D (removing version numbers entirely) creates non-reproducible builds and is dangerous in a production environment - each build could pull different versions with unpredictable behavior. Updating to the latest versions is the standard, low-risk remediation path for known dependency vulnerabilities.
Community Discussion
No community discussion yet for this question.