nerdexam
ExamsCAS-003Questions#292
CompTIA

CAS-003 · Question #292

CAS-003 Question #292: Real Exam Question with Answer & Explanation

The correct answer is D: Implement unit tests that incorporate static code analyzers. Implementing unit tests that incorporate static code analyzers is the best complementary control for an agile development environment. Static code analyzers automatically scan source code for known vulnerability patterns (e.g., SQL injection, buffer overflows, insecure API usage)

Question

A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project. Which of the following methods could be used in addition to an integrated development environment to reduce the severity of the issue?

Options

  • AConduct a penetration test on each function as it is developed
  • BDevelop a set of basic checks for common coding errors
  • CAdopt a waterfall method of software development
  • DImplement unit tests that incorporate static code analyzers

Explanation

Implementing unit tests that incorporate static code analyzers is the best complementary control for an agile development environment. Static code analyzers automatically scan source code for known vulnerability patterns (e.g., SQL injection, buffer overflows, insecure API usage) as code is written, giving developers immediate feedback. This integrates naturally into agile CI/CD pipelines. Option A (penetration testing per function) is impractical in agile sprints due to time and cost. Option B (basic checks) is less thorough and not automated. Option C (switching to waterfall) abandons the agile methodology and does not inherently fix the vulnerability problem - it changes process cadence, not code quality controls.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice