ISC2 Systems Security Certified Practitioner (SSCP) Practice Question
Your organization is containerizing a payroll application and deploying it to Amazon ECS through a CI/CD workflow that uses CodeCommit for source control, CodeBuild for builds, and CodeDeploy for releases. As the SSCP responsible for secure development practices, which action should you recommend to embed security early in the lifecycle, minimize cost, and prevent vulnerable code from ever reaching any runtime environment?
Hire an external firm to perform authenticated penetration tests against production on a quarterly schedule.
Require the security team to conduct manual code reviews only after the application is deployed to the staging environment.
Add an automated SAST job to the CodeBuild stage that scans every pull request before it is merged.
Enable AWS WAF with managed rule groups on the production Application Load Balancer after the first release.
Integrating an automated static application security testing (SAST) stage in the CodeBuild phase implements the principle of "shift-left" security central to DevSecOps. Because the scan runs on every pull request, defects are identified before code is merged or deployed, when they are cheapest and easiest to fix. Quarterly penetration tests may uncover issues, but only long after vulnerable code is in production and at a higher cost. Manual reviews after deployment detect problems late, rely on human availability, and do not scale. A web application firewall protects running workloads but does nothing to stop insecure code from being introduced during development.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is SAST and why is it important in the CI/CD pipeline?
Open an interactive chat with Bash
What does the 'shift-left' principle mean in DevSecOps?
Open an interactive chat with Bash
How does AWS CodeBuild integrate security scanning tools like SAST?
Open an interactive chat with Bash
ISC2 Systems Security Certified Practitioner (SSCP)
Security Concepts and Practices
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .