Valid CAS-005 Dumps shared by ExamDiscuss.com for Helping Passing CAS-005 Exam! ExamDiscuss.com now offer the newest CAS-005 exam dumps, the ExamDiscuss.com CAS-005 exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com CAS-005 dumps with Test Engine here:
As part of a security audit in the software development life cycle, a product manager must demonstrate and provide evidence of a complete representation of the code and modules used within the production-deployed application prior to the build. Which of the following best provides the required evidence?
Correct Answer: A
Software Composition Analysis (SCA) is the best method for identifying all components, dependencies, and open-source libraries used in an application. It ensures that organizations track and manage vulnerabilities in third-party code before deployment. SCA tools generate a Software Bill of Materials (SBOM), which provides a full representation of the code and modules used in the application. Other options: Static Application Security Testing (SAST) (C) checks for vulnerabilities but does not map dependencies. Interactive Application Security Testing (IAST) (D) works at runtime, not before deployment. Runtime Application Self-Protection (RASP) (B) works while the application is running.