ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam PT0-001 All Questions

View all questions & answers for the PT0-001 exam
Go to Exam

Exam PT0-001 topic 1 question 80 discussion

Actual exam question from CompTIA's PT0-001
Question #: 80
Topic #: 1
[All PT0-001 Questions]

A company contracted a firm specializing in penetration testing to assess the security of a core business application. The company provided the firm with a copy of the Java bytecode. Which of the following steps must the firm take before it can run a static code analyzer?

  • A. Run the application through a dynamic code analyzer.
  • B. Employ a fuzzing utility.
  • C. Decompile the application.
  • D. Check memory allocations.
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by D1960 at March 10, 2020, 8:49 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
mr_robot
Highly Voted 5 years ago
Definitely C. PenTest+ Practice Tests Book - SYBEX "One option you could try in this scenario is to decompile the application’s executable. This process will reveal the application’s assembly-level code that you can analyze for weaknesses."
upvoted 13 times
...
mr_robot
Highly Voted 5 years, 1 month ago
C. Agree with D1960 - https://blog.jetbrains.com/idea/2020/03/java-bytecode-decompiler/
upvoted 7 times
...
kloug
Most Recent 2 years, 2 months ago
cccccccccc
upvoted 1 times
...
miabe
2 years, 9 months ago
Selected Answer: C
looks good to me
upvoted 1 times
...
Cybersec1989
3 years, 7 months ago
Answer D1960 maybe c lol or A
upvoted 2 times
...
MrRiver
3 years, 7 months ago
C or D? ... I Would keep it simple and stupid and go with C. Take the Comptia Exam Objectivs in Mind: The Examt Taker should have a Great Understanding of Scripting Languages(Powershell,Bash,Pyhton and Ruby). Nothing Mentions Java. But you have to have an Understanding of Tools. I Think Jason Dion Listed a java decompiler. The Question in my Option wants to check the understanding of Static Analysis and decompilation. Like you need to understand that you cant do static analysis on bytecode ... you need a "human readable" source code. So you need to do decompilation to get that.
upvoted 1 times
...
RedbyNight
4 years, 2 months ago
I've never written a line of java in my life but if you google 'decompile java bytecode' everything says that it's simple. Too simple for some. So answer C seems spot on into order to do static code analysis
upvoted 1 times
...
sh3rl0ck
4 years, 4 months ago
They are only given the copy of bytecode so they dont have the application with them that means they cannot decompile it , so they have to check memory allocation in order to find buffer overflow
upvoted 3 times
kamaluchi
3 years, 9 months ago
App source code is COMPILED into Java bytecode. So in order to perform static analysis on the source code, the bytecode needs to be decompiled.
upvoted 2 times
...
...
TestBanger
4 years, 5 months ago
D : study the link
upvoted 1 times
someguy1393
4 years, 4 months ago
There is not a single mention of memory on page that the link resolves to..
upvoted 2 times
...
...
TestBanger
4 years, 5 months ago
D: https://cory.li/bytecode-hacking/
upvoted 1 times
...
D1960
5 years, 1 month ago
Maybe: C. Decompile the application Jave bytecode is going to be difficult for a human to read.
upvoted 5 times
who__cares123456789___
4 years, 2 months ago
SO I found this "n the case of static analysis, you have to: Build a code model (internal representation) Enrich the model with information generated by static analysis algorithms such as control flow analysis, dataflow analysis (e.g., taint analysis) Apply vulnerability search rules to locate vulnerabilities in the code model in terms of the model and the information it is enriched with...He seems to say in article that they shy away from using decompilers etc due to errors and maybe this given answer is correct but I honestly dont know enough about code to understand him completely...see link https://blog.smartdec.net/analysis-of-java-bytecode-vulnerabilities-what-to-do-with-the-findings-6929ab38c307
upvoted 2 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago