CompTIA CASP+ (CAS-003) — Question 35

A software development team has spent the last 18 months developing a new web-based front-end that will allow clients to check the status of their orders as they proceed through manufacturing. The marketing team schedules a launch party to present the new application to the client base in two weeks. Before the launch, the security team discovers numerous flaws that may introduce dangerous vulnerabilities, allowing direct access to a database used by manufacturing. The development team did not plan to remediate these vulnerabilities during development. Which of the following SDLC best practices should the development team have followed?

Answer options

• A. Implementing regression testing
• B. Completing user acceptance testing
• C. Verifying system design documentation
• D. Using a SRTM

Correct answer: D

Explanation

The correct answer is D, as employing a Security Requirements Traceability Matrix (SRTM) helps ensure that security requirements are identified and addressed throughout the development lifecycle. The other options, while important, do not specifically focus on integrating security into the development process, which is crucial to prevent such vulnerabilities before launch.