ISC2 Certified Cloud Security Professional (CCSP) Practice Question
A fintech start-up is building a cloud-native payment platform using an Agile Secure SDLC. During the third sprint review, penetration testers uncover several SQL injection flaws introduced by recent changes to the authentication microservice. To detect such issues earlier while maintaining rapid iterations, the security architect wants to reinforce activities that belong to the Verify (test) phase of the Secure SDLC. Which action best satisfies this requirement?
Integrate automated static application security testing into the CI pipeline so every code commit is scanned for flaws.
Deploy a web application firewall in front of the staging environment to block injection attacks during sprint demos.
Require developers to complete a secure-coding checklist before pushing their changes to the shared repository.
Conduct threat-modeling workshops during backlog refinement to identify potential attack paths.
The Verify phase of a Secure SDLC focuses on systematically testing the code for security defects before it is released to later stages or production. Integrating automated static application security testing (SAST) into the continuous-integration pipeline scans every commit, providing rapid feedback and catching injection vulnerabilities as soon as they are introduced-an activity explicitly placed in the Verification phase of frameworks such as Microsoft SDL and the NIST SSDF.
Threat-modeling workshops belong in earlier design/backlog activities, secure-coding checklists are part of the implementation/build phase, and deploying a web application firewall is a runtime protection control that applies after code has been deployed, not during Verify.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Static Application Security Testing (SAST)?
Open an interactive chat with Bash
How does a Continuous Integration (CI) pipeline help in the Secure SDLC?
Open an interactive chat with Bash
What is the role of the Verify phase in the Secure SDLC?
Open an interactive chat with Bash
What is static application security testing (SAST) in CI pipelines?
Open an interactive chat with Bash
How does the Verify phase differ from other Secure SDLC phases?
Open an interactive chat with Bash
How do SQL injection vulnerabilities impact applications?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .