Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments?

A home automation company just purchased and installed tools for its SOC to enable incident identification and response on software the company develops.

The company would like to prioritize defenses against the following attack scenarios:

Unauthorized insertions into application development environments

Authorized insiders making unauthorized changes to environment configurations

Which of the following actions will enable the data feeds needed to detect these types of attacks on development environments? (Choose two.)
A . Perform static code analysis of committed code and generate summary reports.
B . Implement an XML gateway and monitor for policy violations.
C . Monitor dependency management tools and report on susceptible third-party libraries.
D . Install an IDS on the development subnet and passively monitor for vulnerable services.
E . Model user behavior and monitor for deviations from normal.
F . Continuously monitor code commits to repositories and generate summary logs.

Answer: C,D

Latest CAS-004 Dumps Valid Version with 128 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments