CompTIA CySA+ (CS0-002) — Question 227

Which of the following is a reason to take a DevSecOps approach to a software assurance program?

Answer options

• A. To find and fix security vulnerabilities earlier in the development process
• B. To speed up user acceptance testing in order to deliver the code to production faster
• C. To separate continuous integration from continuous development in the SDLC
• D. To increase the number of security-related bug fixes worked on by developers

Correct answer: A

Explanation

The correct answer, A, emphasizes the importance of detecting and resolving security vulnerabilities early in the development process, which is a core principle of DevSecOps. Options B and C do not directly relate to security practices, and D, while it addresses security bug fixes, does not focus on the early identification and resolution aspect that is crucial in a DevSecOps approach.