CompTIA SecurityX (CAS-005) — Question 274

A security engineer performed a code scan that resulted in many false positives. The security engineer must find a solution that improves the quality of scanning results before application deployment. Which of the following is the best solution?

Answer options

• A. Limiting the tool to a specific coding language and tuning the rule set
• B. Configuring branch protection rules and dependency checks
• C. Using an application vulnerability scanner to identify coding flaws in production
• D. Performing updates on code libraries before code development

Correct answer: A

Explanation

The correct answer, A, focuses on limiting the scanning tool to a specific coding language and fine-tuning the rules, which helps reduce false positives and improve scan quality. Options B, C, and D do not directly address the issue of false positives in the scanning process and are more related to overall code quality and security management rather than refining the scan results.