Which of the following should the company implement to improve code quality?

A software development company lost customers recently because of a large number of software issues. These issues were related to integrity and availability defects, including buffer overflows, pointer dereferences, and others. Which of the following should the company implement to improve code quality? (Select two).
A. Development environment access controls
B. Continuous integration
C. Code comments and documentation
D. Static analysis tools
E. Application containerization
F. Code obfuscation

How to PASS CAS-004 in First Attempt?

FULL Printable PDF and Software. VALID exam to help you PASS.

comptia-exams

5 thoughts on “Which of the following should the company implement to improve code quality?

  1. B & D
    Adding to the explanation from StudyB, Continuous integration can automate integration testing required since “developers typically each work on a different component or module in the application, and a test is necessary to see if the two modules worktogether as expected.” And… “Other than standard bugs, conflicts between modules that requireintegration can also reveal security issues.” (both quotes from CompTIA directly.)

    Option F is would have the opposite impact. Option C would be critical to include if option F were part of the process.

  2. BD – Agree with Kevin.
    A. Development environment access controls (no, good idea, but it’s the source coding that’s problem.)
    B. Continuous integration (yes, Incremental static analysis scanning for bugs and security vulnerabilities. Check for vulnerability at precommit stage and Commit stage.)
    C. Code comments and documentation (no, commenting is a great practice, but won’t prevent defect.)
    D. Static analysis tools (yes, use analysis tools to id problems.)
    E. Application containerization (no, containing the defect is still a defect. need to fix defect.)
    F. Code obfuscation (no, making it obscure is still a defect. need to id and fix defect.)

  3. The answer SHOULD be B and D. Code obfuscation just makes it hard to reverse engineer the source code but does little to solve the issue of fixing software bugs during the SDLC. From a security perspective, static analysis tools and Continuous Integration (CI) allows security analysis to be integrated into the SDLC, leading to more secure software.

    8
    2

Leave a Reply

Your email address will not be published. Required fields are marked *


The reCAPTCHA verification period has expired. Please reload the page.