nerdexam
ExamsCAS-001Questions#364
CompTIA

CAS-001 · Question #364

CAS-001 Question #364: Real Exam Question with Answer & Explanation

The correct answer is A: Establish Design Requirements. Note: The question states 'Choose two' but the listed answer shows A, B, C-this appears to be an error in the question. In Microsoft's Security Development Lifecycle (SDL), the Implementation phase focuses on secure coding practices and includes: (B) Perform Static Analysis-autom

Question

Which of the following security practices are included in the Implementation phase of the Security Development Lifecycle (SDL)? Each correct answer represents a complete solution. Choose two.

Options

  • AEstablish Design Requirements
  • BPerform Static Analysis
  • CUse Approved Tools
  • DExecute Incident Response Plan

Explanation

Note: The question states 'Choose two' but the listed answer shows A, B, C-this appears to be an error in the question. In Microsoft's Security Development Lifecycle (SDL), the Implementation phase focuses on secure coding practices and includes: (B) Perform Static Analysis-automated scanning of source code for security defects during development, and (C) Use Approved Tools-requiring developers to use vetted compilers, linkers, and security analysis tools with safe settings. Option A (Establish Design Requirements) belongs to the Requirements and Design phase, which precedes Implementation. Option D (Execute Incident Response Plan) belongs to the Response phase. The correct answers for the Implementation phase are B and C.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-001 Practice