A security analyst is reviewing the source code of an application in order to identify misconfigurations and vulnerabilities. Which of the following kinds of analysis best describes this review?
Static analysis refers to reviewing the source code of an application without executing it, in order to identify misconfigurations, vulnerabilities, and potential security flaws. This is the type of analysis the security analyst is performing by examining the code directly.
Dynamic analysis (A) involves analyzing the application while it is running, to detect vulnerabilities that only appear during execution.
Gap analysis (C) identifies discrepancies between current security measures and desired standards, but is not focused on source code review.
Impact analysis (D) assesses the potential consequences of identified vulnerabilities but is not the process of reviewing source code directly.
Static code analysis entails the review of source code and it is static because it is not running on a computer. This is the opposite of dynamic code analysis which is done while the code is actually executing on the computer system.
upvoted 3 times
...
This section is not available anymore. Please use the main Exam Page.SY0-701 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
cri88
7 months, 1 week agoSigepneo01
8 months ago