nerdexam
ExamsCAS-003Questions#828
CompTIA

CAS-003 · Question #828

CAS-003 Question #828: Real Exam Question with Answer & Explanation

The correct answer is C: Roll out an automated testing and retesting framework.. An automated testing and retesting framework embeds security validation directly into the development pipeline, training developers through immediate feedback without requiring them to stop development work.

Question

A software company tripled its workforce by hiring numerous early career developers out of college. The senior development team has a long-running history of secure coding, mostly through experience and extensive peer review, and recognizes it would be infeasible to train the new staff without halting development operations. Therefore, the company needs a strategy that will integrate training on secure code writing while reducing the impact to operations. Which of the following will BEST achieve this goal?

Options

  • AGive employees a book on the company coding standards.
  • BEnroll new employees in a certification course on software assurance.
  • CRoll out an automated testing and retesting framework.
  • DDeploy static analysis and quality plug-ins into IDEs.

Explanation

An automated testing and retesting framework embeds security validation directly into the development pipeline, training developers through immediate feedback without requiring them to stop development work.

Common mistakes.

  • A. Providing a coding standards book is a passive, reference-only approach that relies entirely on self-study and does not integrate with development workflows or provide active feedback during coding.
  • B. Enrolling staff in a certification course requires taking developers off active work for extended periods, which directly conflicts with the requirement to avoid halting development operations.
  • D. Static analysis IDE plug-ins identify issues in existing code but do not constitute a testing and retesting workflow - they lack the iterative regression and feedback loop needed to train secure coding habits at scale.

Concept tested. DevSecOps - integrating security training via automated testing pipelines

Reference. https://owasp.org/www-project-devsecops-guideline/

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-003 Practice