CompTIA CASP+ (CAS-003) — Question 169

After the departure of a developer under unpleasant circumstances, the company is concerned about the security of the software to which the developer has access. Which of the following is the BEST way to ensure security of the code following the incident?

Answer options

• A. Hire an external red team to conduct black box testing
• B. Conduct a peer review and cross reference the SRTM
• C. Perform white-box testing on all impacted finished products
• D. Perform regression testing and search for suspicious code

Correct answer: A

Explanation

Hiring an external red team to conduct black box testing is the best option as it allows for an independent evaluation of the software's security without insider knowledge. Peer reviews and cross-referencing the SRTM, while useful, may not uncover hidden vulnerabilities as effectively as a red team assessment. White-box testing is also limited to specific products and may not cover all potential risks, whereas regression testing focuses on functionality rather than security issues.