CompTIA CASP+ (CAS-003) — Question 213

A software development manager is running a project using agile development methods. The company cybersecurity engineer has noticed a high number of vulnerabilities have been making it into production code on the project.
Which of the following methods could be used in addition to an integrated development environment to reduce the severity of the issue?

Answer options

• A. Conduct a penetration test on each function as it is developed
• B. Develop a set of basic checks for common coding errors
• C. Adopt a waterfall method of software development
• D. Implement unit tests that incorporate static code analyzers

Correct answer: D

Explanation

Implementing unit tests that incorporate static code analyzers helps to catch vulnerabilities early in the development process by analyzing the code for potential issues. While conducting penetration tests and developing basic checks can be helpful, they may not be as effective at catching issues during the coding phase. Switching to a waterfall method may not address the root cause of the vulnerabilities and could hinder the agile approach.