Cyber Monday 2024! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CompTIA Exam CAS-004 Topic 10 Question 42 Discussion

Actual exam question for CompTIA's CAS-004 exam
Question #: 42
Topic #: 10
[All CAS-004 Questions]

A SaaS startup is maturing its DevSecOps program and wants to identify weaknesses earlier in the development process in order to reduce the average time to identify serverless application vulnerabilities and the costs associated with remediation The startup began its early security testing efforts with DAST to cover public-facing application components and recently implemented a bug bounty program Which of the following will BEST accomplish the company's objectives?

Show Suggested Answer Hide Answer
Suggested Answer: B

Static application security testing (SAST) is a method of analyzing the source code of an application for vulnerabilities and weaknesses before it is deployed. SAST can help identify security issues earlier in the development process, reducing the time and cost of remediation. Dynamic application security testing (DAST) is a method of testing the functionality and behavior of an application at runtime for vulnerabilities and weaknesses. DAST can cover public-facing application components, but it cannot detect issues in the source code or in serverless applications. Runtime application self-protection (RASP) is a technology that monitors and protects an application from attacks in real time by embedding security features into the application code or runtime environment. RASP can help prevent exploitation of vulnerabilities, but it cannot identify or fix them. A web application firewall (WAF) is a device or software that filters and blocks malicious web traffic from reaching an application. A WAF can help protect an application from common attacks, but it cannot detect or fix vulnerabilities in the application code or in serverless applications.Reference: [CompTIA Advanced Security Practitioner (CASP+) Certification Exam Objectives], Domain 3: Enterprise Security Operations, Objective 3.4: Conduct security assessments using appropriate tools


Contribute your Thoughts:

Aleta
8 months ago
You know, I was actually leaning towards the WAF (Web Application Firewall) option. It could help protect the public-facing application components, and the startup has already implemented a bug bounty program, which is a good start. But I agree that SAST seems like the best overall solution to meet their objectives.
upvoted 0 times
...
Marguerita
8 months ago
I have to disagree with you there. RASP is more focused on runtime protection, whereas the question specifically mentions identifying vulnerabilities earlier in the development process. I think SAST is still the way to go. Plus, it's often more cost-effective than some other security measures.
upvoted 0 times
...
Jacqueline
8 months ago
I'm not so sure about SAST. While it's great for finding vulnerabilities in the code, it doesn't really address the issue of reducing the time to identify serverless application vulnerabilities. I think RASP (Runtime Application Self-Protection) might be a better fit. It can detect and protect against attacks in real-time, which could help the startup catch issues faster.
upvoted 0 times
Germaine
7 months ago
Yes, RASP can definitely help the startup identify weaknesses earlier in the development process and reduce the time to identify serverless application vulnerabilities.
upvoted 0 times
...
Selene
7 months ago
So, it seems like RASP would be the recommended choice for the startup to achieve their objectives.
upvoted 0 times
...
Erinn
8 months ago
WAF could help with web application attacks, but it may not address the specific needs of identifying serverless vulnerabilities early in the development process.
upvoted 0 times
...
Hortencia
8 months ago
What about WAF, could that be a good option for protecting against web application attacks?
upvoted 0 times
...
Serita
8 months ago
I agree, RASP could provide real-time protection and help catch issues faster.
upvoted 0 times
...
Desire
8 months ago
SAST might not be the best fit for reducing the time to identify serverless application vulnerabilities as it focuses on code vulnerabilities.
upvoted 0 times
...
Jose
8 months ago
I think RASP would be a good option here, it can help detect and protect in real-time.
upvoted 0 times
...
...
Lucille
8 months ago
Hmm, this question is a tricky one. The startup is looking to improve its DevSecOps program and identify vulnerabilities earlier in the development process. I think SAST (Static Application Security Testing) would be the best option here. It can analyze the source code and catch issues before the application is even deployed.
upvoted 0 times
...

Save Cancel