A deployment manager is working with a software development group to assess the security of a new version of the organization's internally developed ERP tool. The organization prefers to not perform assessment activities following deployment, instead focusing on assessing security throughout the life cycle. Which of the following methods would BEST assess the security of the product?

Questions › Category: CAS-003 › A deployment manager is working with a software development group to assess the security of a new version of the organization's internally developed ERP tool. The organization prefers to not perform assessment activities following deployment, instead focusing on assessing security throughout the life cycle. Which of the following methods would BEST assess the security of the product?

0 Vote Up Vote Down

Admin Staff asked 6 months ago

A deployment manager is working with a software development group to assess the security of a new version of the organization's internally developed ERP tool.
The organization prefers to not perform assessment activities following deployment, instead focusing on assessing security throughout the life cycle. Which of the following methods would BEST assess the security of the product?

A. Static code analysis in the IDE environment

B. Penetration testing of the UAT environment

C. Vulnerability scanning of the production environment

D. Penetration testing of the production environment

E. Peer review prior to unit testing






 

Suggested Answer: C





This question is in CAS-003 CompTIA Advanced Security Practitioner (CASP+) Exam
For getting CompTIA Advanced Security Practitioner (CASP+) Certificate


Disclaimers:
The website is not related to, affiliated with, endorsed or authorized by CompTIA. 
Trademarks, certification & product names are used for reference only and belong to CompTIA.
The website does not contain actual questions and answers from CompTIA's Certification Exams.

A security consultant is attempting to discover if the company is utilizing databases on client machines to store the customer data. The consultant reviews the following information: Which of the following commands would have provided this output?

AZ-104 Practice Test Free

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password

A security consultant is attempting to discover if the company is utilizing databases on client machines to store the customer data. The consultant reviews the following information: Which of the following commands would have provided this output?

AZ-104 Practice Test Free

Related Questions

Recommended

AZ-104 Practice Test Free

Cisco IOS Popular Commands

Linux Professional Institute LPIC-2 Certificate

Linux Professional Institute LPIC-1 Certificate

Cisco Certified DevNet Associate Certificate

AWS Certified Cloud Practitioner Certificate

Welcome Back!

Create New Account!

Retrieve your password