CompTIA CASP+ (CAS-004) — Question 56

A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops. The company would like to prioritize defenses against the following attack scenarios:
✑ Unauthorized insertions into application development environments
✑ Authorized insiders making unauthorized changes to environment configurations
Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)

Answer options

• A. Perform static code analysis of committed code and generate summary reports.
• B. Implement an XML gateway and monitor for policy violations.
• C. Monitor dependency management tools and report on susceptible third-party libraries.
• D. Install an IDS on the development subnet and passively monitor for vulnerable services.
• E. Model user behavior and monitor for deviations from normal.
• F. Continuously monitor code commits to repositories and generate summary logs.

Correct answer: E, F

Explanation

The correct answers, E and F, involve monitoring user behavior for anomalies and continuously tracking code commits, which are essential for detecting unauthorized changes. Options A, B, C, and D do not provide direct monitoring of user actions or code changes in a way that addresses the specified attack scenarios.