Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CompTIA Exam CAS-004 Topic 10 Question 42 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 42
Topic #: 10
[All CAS-004 Questions]

A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier in the development process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated with remediation The startup began its early security testing efforts with DAST to cover public-facing application components and recently implemented a bug bounty program Which of the following will BEST accomplish the company's objectives?

Show Suggested Answer Hide Answer
Suggested Answer: B

Static application security testing (SAST) is a method of analyzing the source code of an application for vulnerabilities and weaknesses before it is deployed. SAST can help identify security issues earlier in the development process, reducing the time and cost of remediation. Dynamic application security testing (DAST) is a method of testing the functionality and behavior of an application at runtime for vulnerabilities and weaknesses. DAST can cover public-facing application components, but it cannot detect issues in the source code or in serverless applications. Runtime application self-protection (RASP) is a technology that monitors and protects an application from attacks in real time by embedding security features into the application code or runtime environment. RASP can help prevent exploitation of vulnerabilities, but it cannot identify or fix them. A web application firewall (WAF) is a device or software that filters and blocks malicious web traffic from reaching an application. A WAF can help protect an application from common attacks, but it cannot detect or fix vulnerabilities in the application code or in serverless applications.Reference: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives], Domain 3: Enterprise Security Operations, Objective 3.4: Conduct security assessments using appropriate tools


by Carmen at Dec 22, 2023, 01:06 PM

Limited Time Offer

25%

Off

Get Premium CAS-004 Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel
Aleta
13 days ago
You know, I was actually leaning towards the WAF (Web Application Firewall) option. It could help protect the public-facing application components, and the startup has already implemented a bug bounty program, which is a good start. But I agree that SAST seems like the best overall solution to meet their objectives.
upvoted 0 times
...
Marguerita
14 days ago
I have to disagree with you there. RASP is more focused on runtime protection, whereas the question specifically mentions identifying vulnerabilities earlier in the development process. I think SAST is still the way to go. Plus, it's often more cost-effective than some other security measures.
upvoted 0 times
...
Jacqueline
15 days ago
I'm not so sure about SAST. While it's great for finding vulnerabilities in the code, it doesn't really address the issue of reducing the time to identify serverless application vulnerabilities. I think RASP (Runtime Application Self-Protection) might be a better fit. It can detect and protect against attacks in real-time, which could help the startup catch issues faster.
upvoted 0 times
Jose
12 hours ago
I think RASP would be a good option here, it can help detect and protect in real-time.
upvoted 0 times
...
...
Lucille
16 days ago
Hmm, this question is a tricky one. The startup is looking to improve its DevSecOps program and identify vulnerabilities earlier in the development process. I think SAST (Static Application Security Testing) would be the best option here. It can analyze the source code and catch issues before the application is even deployed.
upvoted 0 times
...

Save Cancel