CompTIA CASP+ Practice Test

In a situation where a legacy application has vulnerabilities, what type of development platform is suggested for future projects?

• A. Unmanaged code platforms
• B. High-level interpreted languages
• C. Managed code platforms
• D. Low-level assembly languages

The correct answer is: Managed code platforms

Using managed code platforms for future projects when dealing with a legacy application that has vulnerabilities is recommended due to several important factors. Managed code provides a level of abstraction from the hardware that offers built-in security features like memory management and exception handling. This means that many common vulnerabilities linked to memory corruption, buffer overflows, and other low-level programming errors are mitigated. Additionally, managed code environments often incorporate runtime checks and garbage collection, which help prevent certain types of security issues and reduce the risks associated with memory leaks and improper resource management. The presence of a virtual machine or runtime environment in managed platforms also facilitates the implementation of security policies and sandboxes, adding an additional layer of protection. On the other hand, unmanaged code platforms risk exposing the application to memory management issues as they do not offer these built-in protections. High-level interpreted languages could provide some benefits, but they might not be as performance-optimized as managed code solutions, particularly for complex applications. Lastly, low-level assembly languages are generally difficult to maintain and are prone to introducing vulnerabilities due to their proximity to hardware operations, making them a less suitable choice for securing a legacy system. Thus, choosing a managed code platform enhances security, maintainability, and performance for future projects.