A penetration tester presents the following findings to stakeholders:Control | Number of findings

CompTIA PT0-003 Question Answer

A penetration tester presents the following findings to stakeholders:

Control | Number of findings | Risk | Notes

Encryption | 1 | Low | Weak algorithm noted

Patching | 8 | Medium | Unsupported systems

System hardening | 2 | Low | Baseline drift observed

Secure SDLC | 10 | High | Libraries have vulnerabilities

Password policy | 0 | Low | No exceptions noted

Based on the findings, which of the following recommendations should the tester make? (Select two).

Develop a secure encryption algorithm.

Deploy an asset management system.

Write an SDLC policy.

Implement an SCA tool.

Obtain the latest library version.

Patch the libraries.

Explanation:

Based on the findings, the focus should be on addressing vulnerabilities in libraries and ensuring their security. Here’s why options D and E are correct:

Implement an SCA Tool:

SCA (Software Composition Analysis) tools are designed to analyze and manage open-source components in an application. Implementing an SCA tool would help in identifying and managing vulnerabilities in libraries, aligning with the finding of vulnerable libraries in the secure SDLC process.

This recommendation addresses the high-risk finding related to the Secure SDLC by providing a systematic approach to manage and mitigate vulnerabilities in software dependencies.

Obtain the Latest Library Version:

Keeping libraries up to date is a fundamental practice in maintaining the security of an application. Ensuring that the latest, most secure versions of libraries are used directly addresses the high-risk finding related to vulnerable libraries.

This recommendation is a direct and immediate action to mitigate the identified vulnerabilities.

Other Options Analysis:

Develop a Secure Encryption Algorithm: This is not practical or necessary given that the issue is with the use of a weak algorithm, not the need to develop a new one.

Deploy an Asset Management System: While useful, this is not directly related to the identified high-risk issue of vulnerable libraries.

Write an SDLC Policy: While helpful, the more immediate and effective actions involve implementing tools and processes to manage and update libraries.

References from Pentest:

Horizontall HTB: Demonstrates the importance of managing software dependencies and using tools to identify and mitigate vulnerabilities in libraries.

Writeup HTB: Highlights the need for keeping libraries updated to ensure application security and mitigate risks.

Conclusion:

Options D and E, implementing an SCA tool and obtaining the latest library version, are the most appropriate recommendations to address the high-risk finding related to vulnerable libraries in the Secure SDLC process.

=================

CompTIA PT0-003 View All Questions

CompTIA PT0-003 Summary

Vendor: CompTIA
Product: PT0-003
Update on: Jul 8, 2025
Questions: 233

Price: $52.5 ~~$149.99~~

Buy Now PT0-003 PDF + Testing Engine Pack

A penetration tester obtains the following output during an Nmap scan:PORT STATE SERVICE 135/tcp open...

A penetration tester finishes an initial discovery scan for hosts on a /24 customer subnet.

Summer Special Sale Limited Time 65% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: vce65

A penetration tester presents the following findings to stakeholders:Control | Number of findings | Risk...

The Answer Is:

Explanation:

CompTIA PT0-003 Summary

Payments We Accept

Contact Us