ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 436 discussion

Actual exam question from CompTIA's CAS-004
Question #: 436
Topic #: 1
[All CAS-004 Questions]

A Chief Information Security Officer is concerned about the condition of the code security being used for web applications. It is important to get the review right the first time, and the company is willing to use a tool that will allow developers to validate code as it is written. Which of the following methods should the company use?

  • A. SAST
  • B. DAST
  • C. Fuzz testing
  • D. Intercepting proxy
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by ChopSNap at July 16, 2024, 11:14 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Pesos
8 months ago
Think of Static as more passive and can happen throughout the process
upvoted 1 times
...
ChopSNap
11 months, 2 weeks ago
Selected Answer: A
The best method for the company to use is A. SAST (Static Application Security Testing). SAST analyzes the source code for vulnerabilities without executing the program. It allows developers to validate their code as it is written, which aligns with the goal of getting the review right the first time.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel