Your company places a high value on being responsive and meeting customer needs quickly. Their primary business objectives are release speed and agility. You want to reduce the chance of security errors being accidentally introduced. Which two actions can you take? (Choose two.)
Choose an answer
Tap an option to check your answer.
Correct answer: Use source code security analyzers as part of the CI/CD pipeline, Run a vulnerability security scanner as part of your continuous-integration /continuous-delivery (CI/CD) pipeline.
Why this is the answer
The correct options, "Use source code security analyzers as part of the CI/CD pipeline" and "Run a vulnerability security scanner as part of your continuous-integration /continuous-delivery (CI/CD) pipeline," directly address the need for release speed, agility, and reducing security errors. Integrating these tools into the CI/CD pipeline automates security checks, allowing for rapid identification and remediation of issues without slowing down development. Source code analyzers (SAST) find vulnerabilities in the code itself, while vulnerability scanners (DAST/SCA) detect issues in deployed applications or dependencies. "Ensure every code check-in is peer reviewed by a security SME" is effective but can create a bottleneck, hindering release speed and agility. "Ensure you have stubs to unit test all interfaces between components" focuses on functional correctness, not directly on security vulnerabilities. "Enable code signing and a trusted binary repository integrated with your CI/CD pipeline" is a good practice for integrity but doesn't proactively find security flaws in the code or deployed application.
Pass your exam — without the endless answer hunt
Get every verified question and explanation for this exam in one place, and save hours of prep. 1,000+ certifications · 20+ languages · free to start.
Pass your exam faster → No card needed