CompTIA
CAS-003 · Question #130
CAS-003 Question #130: Real Exam Question with Answer & Explanation
The correct answer is C: Sign a NDA with a large security consulting firm and use the firm to perform Grey box testing and. Gray box testing has limited knowledge of the system as an attacker would. The base code would remain confidential. This would further be enhanced by a Non-disclosure agreement (NDA) which is designed to protect confidential information.
Question
A firm's Chief Executive Officer (CEO) is concerned that IT staff lacks the knowledge to identify complex vulnerabilities that may exist in a payment system being internally developed. The payment system being developed will be sold to a number of organizations and is in direct competition with another leading product. The CEO highlighted that code base confidentiality is of critical importance to allow the company to exceed the competition in terms of the product's reliability, stability, and performance. Which of the following would provide the MOST thorough testing and satisfy the CEO's requirements?
Options
- ASign a MOU with a marketing firm to preserve the company reputation and use in-house
- BSign a BPA with a small software consulting firm and use the firm to perform Black box testing
- CSign a NDA with a large security consulting firm and use the firm to perform Grey box testing and
- DUse the most qualified and senior developers on the project to perform a variety of White box
Explanation
Gray box testing has limited knowledge of the system as an attacker would. The base code would remain confidential. This would further be enhanced by a Non-disclosure agreement (NDA) which is designed to protect confidential information.
Community Discussion
No community discussion yet for this question.