PT0-003 Question #169: Real Exam Question with Answer & Explanation

The correct answer is D: SCA. Software Composition Analysis (SCA): SCA tools analyze the dependencies and libraries used by an application to identify vulnerabilities in open-source components. Examples include identifying outdated or insecure versions of libraries (e.g., Log4j).

Submitted by dimitri_ru· Mar 6, 2026Vulnerability Discovery and Analysis

Question

A penetration tester is performing a security review of a web application. Which of the following should the tester leverage to identify the presence of vulnerable open-source libraries?

Options

AVM
BIAST
CDAST
DSCA

Explanation

Software Composition Analysis (SCA): SCA tools analyze the dependencies and libraries used by an application to identify vulnerabilities in open-source components. Examples include identifying outdated or insecure versions of libraries (e.g., Log4j).

Topics

#SCA#software composition analysis#open-source vulnerabilities#web application security

Community Discussion

No community discussion yet for this question.

Full PT0-003 Practice Browse All PT0-003 Questions