A recent audit of the vulnerability management program outlined the finding for increased awareness of secure coding practices. Which of the following would be best to address the finding?
A.
Establish quarterly SDLC training on the top vulnerabilities for developers
B.
Conduct a yearly inspection of the code repositories and provide the report to management.
C.
Hire an external penetration test of the network
D.
Deploy more vulnerability scanners for increased coverage
Correct
The finding in the audit suggests a need to improve awareness of secure coding practices. The most appropriate action to address this finding is to provide training to the development team on secure coding practices.
Quarterly SDLC (Software Development Life Cycle) training focused on the top vulnerabilities helps developers understand secure coding practices and how to avoid common security issues such as those outlined in the OWASP Top Ten. Regular training ensures that developers stay up to date with the latest threats and best practices, directly addressing the audit's concern about awareness.
A) quarterly SDLC training
SDLC = software development lifecycle. The devs don't have the best coding practices to avoid vulnerabilities because they are not trained enough, nor aware of it. Regular training can mitigate this risk.
upvoted 4 times
...
This section is not available anymore. Please use the main Exam Page.CS0-003 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
kmordalv
Highly Voted 1 year, 8 months agocy_analyst
Most Recent 6 months, 3 weeks agoFT000
1 year, 2 months ago[Removed]
1 year, 5 months ago