ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-003 All Questions

View all questions & answers for the CAS-003 exam
Go to Exam

Exam CAS-003 topic 1 question 69 discussion

Actual exam question from CompTIA's CAS-003
Question #: 69
Topic #: 1
[All CAS-003 Questions]

A deployment manager is working with a software development group to assess the security of a new version of the organization's internally developed ERP tool.
The organization prefers to not perform assessment activities following deployment, instead focusing on assessing security throughout the life cycle. Which of the following methods would BEST assess the security of the product?

  • A. Static code analysis in the IDE environment
  • B. Penetration testing of the UAT environment
  • C. Vulnerability scanning of the production environment
  • D. Penetration testing of the production environment
  • E. Peer review prior to unit testing
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by tek at March 17, 2020, 4:10 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
D1960
3 years, 9 months ago
Slightly OT: does static code analysis tell you if the code is secure, or does it just tell you if the code will work? In my experience, static code analyzers, that are embedded in the IDE, only tell you if there are coding errors. For example, they will not tell you if you need to use some kind of input verification.
upvoted 1 times
...
destro
3 years, 11 months ago
Here's my analysis of this question. The team doesn't want assessment activities during deployment, this means options involving the production environment are out. So C and D are no-gos. A UAT isn't a good way to test for security. Answer A can only test for static, so that meants it won't be through the entire SDLC environment. My guess is E, since it means that the product is assessed through the entire environment, without being intrusive to their live environment.
upvoted 1 times
...
noto21
3 years, 11 months ago
I would choose A. As crazy as that sounds, SCA tools can help developers identify vulnerabilities and security issues at the time of code commit into the repo. This as early as development phase itself and before peer review and well before UAT. Not all tools support this bit i think thats what the question is after.
upvoted 2 times
D1960
3 years, 9 months ago
The question asks for "assessing security throughout the life cycle" That would mean during development, and production. I don't know if any of the options really address that.
upvoted 1 times
...
...
americaman80
4 years ago
This is a bogus question that I hope doesn't show up on the actual test. I feel like it could be any one of these, ugh.
upvoted 2 times
...
Neo2020
4 years, 4 months ago
Just check this question with development team and answer is B,
upvoted 1 times
D1960
4 years, 2 months ago
Is UAT an acceptable way to test for *security* ? User might think an application works just great. But the same users may have no idea of serious security vulnerabilities that lurk in that application.
upvoted 2 times
...
...
D1960
4 years, 6 months ago
If the company's aim is "assessing security throughout the life cycle" then I am not sure that any of the answers are correct. UAT is a small part of the SDLC. Maybe, if we assume the entire user environment is the is where UAT takes place?
upvoted 1 times
...
boblee
4 years, 7 months ago
B is correct
upvoted 1 times
boblee
4 years, 4 months ago
Revision - Going with E
upvoted 2 times
D1960
4 years, 2 months ago
That makes the most sense to me. The development team wants to "assessing security throughout the life cycle." Of the options offered, only E refers to life-cycle testing. > "Unit Testing of software product is carried out during the development of an application. An individual component may be either an individual function or a procedure." https://www.geeksforgeeks.org/unit-testing-software-testing/
upvoted 2 times
...
...
...
tek
5 years, 3 months ago
B. Penetration testing of the UAT environment
upvoted 2 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel