Exam CS0-002 topic 1 question 177 discussion

Keyword: Security analyst. Not a software developer. Code reviewing is out of the question. I'd go with D.

The activity being described is "Security regression testing." This involves reviewing design changes at specific intervals for security deficiencies, recommending changes, and checking for changes at subsequent checkpoints to ensure that new updates or modifications do not introduce security vulnerabilities or regressions in the security posture of the product. Therefore, the correct answer is: D. Security regression testing

A code review is a process that involves examining and evaluating the source code of a software application or system for security deficiencies, errors, bugs, or vulnerabilities. A code review can help improve the quality and security of the software product by identifying and fixing issues before they become operational problems. A code review is part of the evaluation and validation of a new product’s security capabilities. User acceptance testing, stress testing, or security regression testing are other types of testing that can be used to evaluate and validate a new product’s security capabilities, but they do not involve reviewing design changes at specific intervals for security deficiencies. Reference: https://www.synopsys.com/blogs/software-security/code-review/

Code review? So if a new switch vendor, monitoring tool or whatever that is not related with software...?

Security regression testing involves reviewing design changes at specific intervals to ensure that new changes do not introduce security vulnerabilities or deficiencies and verifying that security measures are still effective after each change.

ChatGPT: The activity being described, where a product security analyst reviews design changes at specific intervals, recommends changes, and checks for changes at subsequent checkpoints, is often referred to as "Security Design Review" or "Security Architecture Review." I would go for "Code review". Security Regression Testing is a testing process that focuses on identifying and mitigating security vulnerabilities introduced into a software application or system during the development and maintenance phases. It is a specialized form of regression testing that specifically targets security-related issues.

The question refers to a "new" product so I believe that is key. Regression testing focuses on testing to ensure that changes that have been made do not create new issues, and ensure that no new vulnerabilities, misconfigurations, or other issues have been introduced. A code review is part of the evaluation and validation of a new product’s security capabilities. User acceptance testing, stress testing, or security regression testing are other types of testing that can be used to evaluate and validate a new product’s security capabilities, but they do not involve reviewing design changes at specific intervals for security deficiencies

ks amk compTIA

D. Security regression testing. Security regression testing is a type of testing that focuses on identifying security vulnerabilities or weaknesses that may have been introduced or re-introduced into a system as a result of design changes, updates, or modifications. It aims to ensure that the security posture of the system has not regressed or deteriorated after changes have been made.

"reviewing design changes at specific intervals" that is done via debugger, which is considered an automated code review.

Definitely C after re-reading it a couple of times. Recommending changes is what sticks out to me. If it were regression testing, it would be testing to see if changes to the code caused features or functionality to degrade, specifically for this, security features. Code review seems to be the closest thing to what they're describing.

D. Man this was kinda tough. I say D because Security Regression testing can be done during development and after production. Code review could be used here to, but would an analyst actually do a code review? This is typically done by developers.

Security Regression Testing This is the process of checking that updates to code do not compromise existing security functionality or capability. Ultimately, regression testing is comparing working security fixes against the applications as a baseline. This ensures that if any new code updates are pushed that break this or reopen a previously closed vulnerability, it can be addressed in real time.

why would you do a regression test while this is a new product? regression test is only performed for an enhancement made to an existing program/application. Do a code review to check if the product has the necessary security features

So torn with this question. Mainly because: Once the SDLC reached the development phase, code starts to be generated. That means that the ability to control the version of the software or component that your team is working on, combined with check-in/check-out functionality and revision histories, is a necessary and powerful tool when developing software. The question refers to a "new" product so I believe that is key. However, it also makes it seem that it is about the development of a product that could be in production. Regression testing focuses on testing to ensure that changes that have been made do not create new issues, and ensure that no new vulnerabilities, misconfigurations, or other issues have been introduced. Hmmm, I say C simply because of the "new product" in the question.

What is Regression Testing? Regression Testing is a type of testing that is done to verify that a code change in the software does not impact the existing functionality of the product. This is to ensure that the product works fine with new functionality, bug fixes or any changes to the existing feature. Previously executed test cases are re-executed in order to verify the impact of the change.

Security Regression Testing Regression testing focuses on testing to ensure that changes that have been made do not create new issues. From a security perspective, this often comes into play when patches are installed or when new updates are applied to a system or application. Security regression testing is performed to ensure that no new vulnerabilities, misconfigurations, or other issues have been introduced.