ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 508 discussion

Actual exam question from CompTIA's CAS-004
Question #: 508
Topic #: 1
[All CAS-004 Questions]

A recent batch of bug bounty findings indicates a systematic issue related to directory traversal. A security engineer needs to prevent flawed code from being deployed into production. Which of the following is the best mitigation strategy for the engineer?

  • A. Setting up secure development training with a focus on filesystem access issues
  • B. Implementing static code analysis testing into the CI/CD pipeline and blocking based on findings
  • C. Using a software composition analysis tool to look for directory traversal issues in the application
  • D. Developing a secure library for filesystem access and blocking builds that do not use the library
  • E. Leveraging a dynamic application security testing tool to uncover issues related to directory traversal
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by ServerBrain at Aug. 1, 2024, 10:04 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Bright07
6 months, 2 weeks ago
Selected Answer: B
Static code analysis involves analyzing the source code for vulnerabilities before the code is even executed. By integrating static code analysis tools into the Continuous Integration / Continuous Deployment (CI/CD) pipeline, the security engineer can automatically detect issues like directory traversal during the development and testing phases, before the code is deployed to production. This approach ensures that vulnerabilities are caught early, making it an effective and scalable solution for preventing flawed code from being deployed.
upvoted 3 times
...
gbemimatti
7 months, 1 week ago
Selected Answer: B
Static code analysis involves scanning the source code for potential vulnerabilities without executing it. It can identify issues like directory traversal during the development process, before code reaches production. Integrating static analysis into the CI/CD pipeline (Continuous Integration/Continuous Deployment) ensures that every code commit or build is automatically analyzed for security vulnerabilities, including directory traversal flaws, and can be blocked from progressing if issues are detected.
upvoted 4 times
...
a18733c
7 months, 2 weeks ago
Selected Answer: D
If the question emphasizes short-term mitigation to stop flawed code from reaching production immediately, B (static code analysis in CI/CD) is a good answer. If the question emphasizes long-term prevention and systematic resolution of the issue, D (secure library) is the stronger answer.
upvoted 1 times
...
ServerBrain
11 months ago
Selected Answer: B
B correct
upvoted 4 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel