CompTIA Updated CAS-004 Exam Questions and Answers by bear

Step by Step Explanation:

Development of zero-day exploits is a critical risk, as adversarial entities with access to the source code could analyze it for vulnerabilities to exploit.

Legal action or sale of the source code are concerns, but they are not unique to the adversarial context of this scenario.

Publication of the source code on the internet is less likely than targeted exploitation in this specific scenario.

A lack of Mobile Device Management (MDM) controls can lead to successful attacks because MDM solutions provide the ability to enforce security policies, remotely wipe sensitive data, and managesoftware updates, which can prevent unauthorized access and protect corporate data. Without MDM, personal devices are more vulnerable to security risks.

Having developers use the company's VPN can provide them with secure access to the network while still allowing the company to block normal internet traffic from the other country. A jump box serves as a secure entry point for administrators or in this case, developers, to connect before launching any administrative tasks or accessing further areas of the network. This setup maintains security while still providing necessary access.

Query parameterization prevents SQL injection attacks by separating SQL commands from data inputs. This ensures that user-supplied input cannot be executed as part of a SQL query. In the given code, lack of parameterization could allow attackers to manipulate the ItemID parameter maliciously. This aligns with CASP+ objective 1.5, focusing on secure coding practices to mitigate application vulnerabilities.