CompTIA CASP+ (CAS-003) — Question 214

A security engineer is embedded with a development team to ensure security is built into products being developed. The security engineer wants to ensure developers are not blocked by a large number of security requirements applied at specific schedule points.
Which of the following solutions BEST meets the engineer's goal?

Answer options

• A. Schedule weekly reviews of al unit test results with the entire development team and follow up between meetings with surprise code inspections.
• B. Develop and implement a set of automated security tests to be installed on each development team leader's workstation.
• C. Enforce code quality and reuse standards into the requirements definition phase of the waterfall development process.
• D. Deploy an integrated software tool that builds and tests each portion of code committed by developers and provides feedback.

Correct answer: C

Explanation

The correct answer, C, emphasizes integrating code quality and reuse standards early in the development process, which helps prevent security issues from arising later. Options A and B focus on retrospective measures that may still disrupt the development flow, while D, although useful for feedback, does not directly address the proactive embedding of security into the development cycle.