The question states that security scanning and quality assurance (QA) in the CI/CD pipeline have been completed with no issues, indicating that the code in the test branch is ready for production. According to the CompTIA SecurityX CAS-005 study guide (Domain 2: Security Operations, 2.3), in a secure CI/CD pipeline, once code passes automated security scans, QA, and other checks (e.g., unit testing, peer reviews), the next step is to merge the tested branch into the main branch for deployment to production.
Option B:Threat modeling is typically performed earlier, during design or development, not after passing CI/CD checks.
Option C:Unit testing is part of the CI/CD pipeline and should already be completed.
Option D:Peer reviews are conducted before or during the test phase, not after QAand security scans are clear.
Option A:Merging the test branch to the main branch is the logical next step to prepare for production deployment.
[Reference:, CompTIA SecurityX CAS-005 Official Study Guide, Domain 2: Security Operations, Section 2.3: "Manage secure software development lifecycles, including CI/CD pipelines.", CAS-005 Exam Objectives, 2.3: "Analyze secure deployment processes in CI/CD environments.", , , , ]
Submit