CompTIA SecurityX (CAS-005) — Question 99

A company is preparing to move a new version of a web application to production. No issues were reported during security scanning or quality assurance in the CI/CD pipeline. Which of the following actions should the company take next?

Answer options

• A. Merge the test branch to the main branch.
• B. Perform threat modeling on the production application.
• C. Conduct unit testing on the submitted code.
• D. Perform a peer review on the test branch.

Correct answer: D

Explanation

The correct answer is D because performing a peer review ensures that the code in the test branch is evaluated by other developers for quality and potential issues before merging it into the main branch. Options A and C are premature since they should only occur after peer review, while option B is unnecessary at this stage since no issues were found during previous checks.