CompTIA CASP+ (CAS-004) — Question 416

During the development process, the team identifies major components that need to be rewritten. As a result, the company hires a security consultant to help address major process issues. Which of the following should the consultant recommend to best prevent these issues from reoccurring in the future?

Answer options

• A. Implementing a static analysis tool within the CI/CD system
• B. Configuring a dynamic application security testing tool
• C. Performing software composition analysis on all third-party components
• D. Utilizing a risk-based threat modeling approach on new projects
• E. Setting up an interactive application security testing tool

Correct answer: A

Explanation

The correct answer is A because integrating a static analysis tool into the CI/CD pipeline allows for early detection of code vulnerabilities before they reach production. Options B, C, D, and E, while valuable, do not provide the same level of proactive prevention during the development process as static analysis does.