CompTIA CASP+ (CAS-004) — Question 518

A company recently acquired a SaaS company and performed a gap analysis. The results of the gap analysis indicate security controls are absent throughout the SDLC and have led to several vulnerable production releases. Which of the following security tools best reduces the risk of vulnerable code being pushed to production in the future?

Answer options

• A. Static application security testing
• B. Regression testing
• C. Code signing
• D. Sandboxing

Correct answer: A

Explanation

Static application security testing (SAST) is designed to identify vulnerabilities in code before it is deployed, making it the most effective tool for preventing insecure code from going into production. Regression testing focuses on ensuring that existing functionalities remain unaffected by new changes, but it does not specifically address security vulnerabilities. Code signing helps verify the integrity of code but does not actively detect vulnerabilities, while sandboxing is used for testing in isolated environments rather than preventing insecure code deployment.