CompTIA Security+ (SY0-701) — Question 128

Which of the following practices would be best to prevent an insider from introducing malicious code into a company's development process?

Answer options

• A. Code scanning for vulnerabilities
• B. Open-source component usage
• C. Quality assurance testing
• D. Peer review and approval

Correct answer: D

Explanation

Peer review and approval is crucial as it involves multiple eyes on the code, which can help identify and eliminate any malicious alterations before they are integrated. While code scanning, quality assurance testing, and open-source component usage are important practices, they may not catch insider threats as effectively as a thorough peer review process.