Enhance your cybersecurity skills with the CompTIA CySA+ Exam preparation. Dive into multiple choice questions with hints and explanations, and get ready for success!

Each practice test/flash card set has 50 randomly selected questions from a bank of over 500. You'll get a new set of questions each time!

Practice this question and more.


Which method is inappropriate to utilize for ensuring software development security?

  1. Regularly updating libraries and frameworks

  2. Conducting a code review process

  3. Embedding keys within the source code

  4. Utilizing static code analysis tools

The correct answer is: Embedding keys within the source code

Embedding keys within the source code is inappropriate for ensuring software development security because it exposes sensitive information directly within the codebase. This practice increases the risk of unauthorized access, as if the source code is compromised or anyone gains access to the repository, the embedded keys become easily exploitable. Proper security practices encourage the use of environment variables or secure vaults for managing sensitive information, which helps to keep it separate from the application code. In contrast, regularly updating libraries and frameworks, conducting a code review process, and utilizing static code analysis tools are all best practices for enhancing software security. Keeping libraries and frameworks updated helps protect against known vulnerabilities, code reviews enable peer inspections to catch potential security flaws, and static code analysis tools automatically identify security weaknesses in the codebase before deployment. These methods collectively contribute to a secure software development lifecycle.