CAS-003 Question #437: Real Exam Question with Answer & Explanation

The correct answer is D: Perform regression testing and search for suspicious code. When a developer departs under adversarial circumstances, the primary threat is that they may have intentionally introduced malicious code - backdoors, logic bombs, or subtle vulnerabilities - before leaving. Regression testing validates that existing functionality still works co

Question

After the departure of a developer under unpleasant circumstances, the company is concerned about the security of the software to which the developer has access. Which of the following is the BEST way to ensure security of the code following the incident?

Options

AHire an external red tem to conduct black box testing
BConduct a peer review and cross reference the SRTM
CPerform white-box testing on all impacted finished products
DPerform regression testing and search for suspicious code

Explanation

When a developer departs under adversarial circumstances, the primary threat is that they may have intentionally introduced malicious code - backdoors, logic bombs, or subtle vulnerabilities - before leaving. Regression testing validates that existing functionality still works correctly (catching logic bombs or sabotage that breaks features), while explicitly searching for suspicious code addresses the insider-threat risk of planted backdoors. Together they are the most targeted and effective response to this specific scenario. A red team black box test (A) tests external attack surface, not code integrity. Peer review with SRTM cross-reference (B) is useful but less systematic for detecting malicious modifications. White-box testing (C) on finished products is broad and doesn't specifically target the suspicious changes made by the departing developer.

Community Discussion

No community discussion yet for this question.

Full CAS-003 Practice