CompTIA CASP+ (CAS-003) — Question 182

During a sprint, developers are responsible for ensuring the expected outcome of a change is thoroughly evaluated for any security impacts. Any impacts must be reported to the team lead. Before changes are made to the source code, which of the following MUST be performed to provide the required information to the team lead?

Answer options

• A. Risk assessment
• B. Regression testing
• C. User story development
• D. Data abstraction
• E. Business impact assessment

Correct answer: B

Explanation

Regression testing is essential as it verifies that changes do not adversely affect existing functionality, which is crucial for identifying potential security impacts. While risk assessment and business impact assessment are important, they do not directly evaluate the software's behavior after changes. User story development and data abstraction are not directly related to assessing security implications.