Your employer has a large team of software developers with constantly changing codebases for dozens of internal applications. As a part of change control any code changes go through an automated vulnerability scanning process which checks for known vulnerabilities in frameworks, programming languages, dependencies and the code itself. Due to business pressure these scans have been largely ignored and there are currently over a thousand issues found by the automated scanning. You are tasked with working with the developers and remedying 100% of the issues. What should you do next?

  • Implement an approval step for all code changes that requires no security issues prior to updates
  • Identify any false positives to reduce the number of items to remediate
  • Organize the vulnerabilities by criticality and begin planning for solutions for the most critical vulnerabilities first
  • Stop all deployments, code changes and updates until the vulnerabilities are fixed
Your Score:
Attacks, Threats, and Vulnerabilities
Architecture and Design
Implementation
Operations and Incident Response
Governance, Risk, and Compliance
Wipe Score
CompTIA Security+ SY0-601
  • Attacks, Threats, and Vulnerabilities
  • Architecture and Design
  • Implementation
  • Operations and Incident Response
  • Governance, Risk, and Compliance
    • This question is filed here

Discount CompTIA Exam Vouchers

Recommended CompTIA Security+ SY0-601 Training Materials
Recommended CompTIA Security+ SY0-601 Training Materials
Posted Friday, 22 April 2022
View Post