CAS-003 · Question #286
CAS-003 Question #286: Real Exam Question with Answer & Explanation
The correct answer is D: Recommend switching to an agile development methodology and perform security testing. D (Agile with security testing during each iteration) is correct because Agile's iterative, sprint-based model naturally integrates security testing throughout the entire development lifecycle rather than deferring it to the end. Finding vulnerabilities in each short sprint - whe
Question
Options
- ARecommend switching to an SDLC methodology and perform security testing during each
- BRecommend switching to a spiral software development model and perform security testing
- CRecommend switching to a waterfall development methodology and perform security testing
- DRecommend switching to an agile development methodology and perform security testing
Explanation
D (Agile with security testing during each iteration) is correct because Agile's iterative, sprint-based model naturally integrates security testing throughout the entire development lifecycle rather than deferring it to the end. Finding vulnerabilities in each short sprint - when the code change is small and fresh - means they are cheap and fast to remediate. Finding them at the end of a long development cycle (as described in the scenario) means expensive rework of already-integrated code. This is the "shift-left" security principle. Option C (Waterfall) is the methodology most likely to cause this problem - security is typically done in a single phase near the end. Options A and B describe SDLC and Spiral models, which can include security but do not emphasize the continuous, iterative security integration that Agile provides.
Community Discussion
No community discussion yet for this question.