nerdexam
ExamsCAS-003Questions#345
CompTIA

CAS-003 · Question #345

CAS-003 Question #345: Real Exam Question with Answer & Explanation

The correct answer is B: Regression testing. Regression testing involves re-executing the full suite of prior security scans and functional tests against updated code to ensure that new changes have not reintroduced previously resolved issues or created new vulnerabilities. The team assumed small changes were low-risk and o

Question

The director of sales asked the development team for some small changes to increase the usability of an application used by the sales team. Prior security reviews of the code showed no significant vulnerabilities, and since the changes were small, they were given a peer review and then pushed to the live environment. Subsequent vulnerability scans now show numerous flaws that were not present in the previous versions of the code. Which of the following is an SDLC best practice that should have been followed?

Options

  • AVersioning
  • BRegression testing
  • CContinuous integration
  • DIntegration testing

Explanation

Regression testing involves re-executing the full suite of prior security scans and functional tests against updated code to ensure that new changes have not reintroduced previously resolved issues or created new vulnerabilities. The team assumed small changes were low-risk and only performed a cursory peer review, skipping formal regression testing. This allowed new vulnerabilities to enter production undetected. Regression testing - even for minor changes - is an SDLC best practice precisely because seemingly small modifications can have unexpected security consequences throughout the codebase.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice