🔥 3-day streak
CompTIA SecurityX (CAS-005)27 / 120
Question 27 of 120
A DevSecOps team is integrating automated security testing into a CI/CD pipeline for a customer-facing web application. Leadership wants defects caught as early as possible to reduce remediation cost, but also insists that runtime vulnerabilities involving authentication flows and server misconfiguration be detected before production release. The team must select where to place Static Application Security Testing (SAST), Software Composition Analysis (SCA), and Dynamic Application Security Testing (DAST). Which pipeline design best satisfies both requirements?
Reviewed for accuracy · Report an issueNext question