CompTIA CySA+ (CS0-003) — Question 431

A recent audit of the vulnerability management program outlined the finding for increased awareness of secure coding practices. Which of the following would be best to address the finding?

Answer options

• A. Establish quarterly SDLC training on the top vulnerabilities for developers
• B. Conduct a yearly inspection of the code repositories and provide the report to management.
• C. Hire an external penetration test of the network
• D. Deploy more vulnerability scanners for increased coverage

Correct answer: A

Explanation

The correct answer is A, as establishing quarterly SDLC training directly addresses the need for developers to be aware of secure coding practices and the top vulnerabilities. Option B, while helpful, does not actively improve knowledge or skills. Option C focuses on testing the network rather than training developers, and option D increases scanning but does not educate on secure coding.