CompTIA CySA+ Practice Test

Disable ads (and more) with a membership for a one time $2.99 payment

Prepare for the CompTIA CySA+ exam with interactive quizzes, flashcards, and multiple-choice questions. Each question offers hints and detailed explanations to enhance your learning. Get exam-ready with confidence!

Start Multiple Choice Practice Test
Start Flash Cards

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.

Which method is inappropriate to utilize for ensuring software development security?

  1. Regularly updating libraries and frameworks

  2. Conducting a code review process

  3. Embedding keys within the source code

  4. Utilizing static code analysis tools

The correct answer is: Embedding keys within the source code

Embedding keys within the source code is inappropriate for ensuring software development security because it exposes sensitive information directly within the codebase. This practice increases the risk of unauthorized access, as if the source code is compromised or anyone gains access to the repository, the embedded keys become easily exploitable. Proper security practices encourage the use of environment variables or secure vaults for managing sensitive information, which helps to keep it separate from the application code. In contrast, regularly updating libraries and frameworks, conducting a code review process, and utilizing static code analysis tools are all best practices for enhancing software security. Keeping libraries and frameworks updated helps protect against known vulnerabilities, code reviews enable peer inspections to catch potential security flaws, and static code analysis tools automatically identify security weaknesses in the codebase before deployment. These methods collectively contribute to a secure software development lifecycle.

More Questions Like This