Another very dumb question:
A. honestly I don't like this answer because it's too general and testing before installation doesn't really explain it carefully.
B. static code analysis means the "Process of reviewing uncompiled source code either manually or using automated tools". B is saying compiled code so it can't be static code analysis.
In the end, I think I'm gonna go with A but again a very poor question
Static code analysis is typically performed on the source code of an application before it is compiled. The process involves analyzing the source code for potential vulnerabilities or issues without executing it. This allows for the identification of issues early on in the development process, before the application is compiled and deployed.
Performing static code analysis on the compiled code can also be done but typically is less effective as it is harder to analyze the code as it loses some of its original structure and also the scanner won't be able to see the potential vulnerabilities that might have been introduced by the developers during the coding process.
It is important to note that static code analysis is just one step in the software development life cycle (SDLC) and should be integrated with other security testing methodologies like dynamic analysis, penetration testing, and vulnerability scanning to provide comprehensive security testing of an application.
Very bad answers used here:
A. the system for vulnerabilities before installing the application. - not the system scanning, but code of app itself, does they name the system the app itself?
B. the compiled code of the application to detect possible issues. - it should be done before code is compiled.
We need just to guess here. I am going with A. Not sure
This type of analysis is performed before the application is installed and active on a system, and it involves examining the code without actually executing it in order to identify potential vulnerabilities or security risks.
As per CYSA+ 002 Study Guide:
Static analysis is conducted by reviewing the code for an application. Static analysis does not run the program; instead, it focuses on understanding how the program is written and what the code is intended to do.
Technically yes, but the best answer here is B because we are defining static code analysis, not the implications of static code analysis
upvoted 1 times
...
...
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
2Fish
Highly Voted 2 years, 1 month agoBrian93
Most Recent 2 years, 1 month agobrollo
2 years, 1 month agosupernewtechnewbie
1 year, 8 months agoCatoFong
2 years, 2 months agodavid124
2 years, 2 months agoMerc16
2 years, 2 months agotrojan123
2 years, 3 months agotrojan123
2 years, 3 months agoFrog_Man
2 years, 4 months agobob12356
2 years, 4 months agosho123
2 years, 4 months agomarc4354345
2 years, 4 months agomrodmv
2 years, 4 months agoprntscrn23
2 years, 4 months agoiking
2 years, 4 months agobob12356
2 years, 4 months ago