Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam

Exam CISSP topic 1 question 450 discussion

Actual exam question from ISC's CISSP
Question #: 450
Topic #: 1
[All CISSP Questions]

What security technique in the Software Development Life Cycle (SDLC) should be leveraged to BEST ensure secure development throughout a project?

  • A. Dynamic application security testing (DAST)
  • B. Waterfall
  • C. Simple Object Access Protocol
  • D. Static application security testing (SAST)
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
[Removed]
Highly Voted 1 year, 8 months ago
Selected Answer: D
The answer D is correct. Page 747 OSG 9th edition. SAST is used during development throughout a project. DAST is typically used if there is no source code or when its off the shelf software.
upvoted 8 times
jackdryan
1 year, 6 months ago
D is correct
upvoted 1 times
...
...
Soleandheel
Most Recent 11 months, 1 week ago
D. Static application security testing (SAST). Static Application Security Testing (SAST) is a security testing method that analyzes source code, bytecode, or binary code for vulnerabilities without executing the program. It is performed early in the SDLC, typically during the coding and development phase. SAST tools examine the codebase for known security issues, coding errors, and vulnerabilities. SAST helps developers identify and remediate security issues before the application is deployed, making it an effective approach for ensuring secure development throughout the project. It allows developers to address security concerns at the code level, reducing the likelihood of security vulnerabilities making their way into the final product.
upvoted 2 times
...
HughJassole
1 year, 5 months ago
D: "SAST takes place very early in the software development life cycle (SDLC) as it does not require a working application and can take place without code being executed. It helps developers identify vulnerabilities in the initial stages of development and quickly resolve issues without breaking builds or passing on vulnerabilities to the final release of the application." https://www.synopsys.com/glossary/what-is-sast.html
upvoted 2 times
...
iwannapass
1 year, 9 months ago
Selected Answer: B
I'm selecting B. Waterfall for this question. Waterfall is a methodology or model to develop a project. I do see that it is asking for security technique and I have no idea how DAST and SAST ensure secure development throughout a project. I just know DAST is runtime and SAST is when it is not running. SOAP, I think deals more with Internet stuff. Please someone inform me if my logic makes sense or not.
upvoted 2 times
Arsh_2022
1 year, 8 months ago
your logic does make sense.
upvoted 1 times
...
invincible96
1 year, 8 months ago
Go with option D. SAST is a type of security testing that analyzes source code to find security vulnerabilities that make applications susceptible to attack. By analyzing code early in the SDLC, SAST tools can identify vulnerabilities early in the development process, which can reduce the cost of fixing security issues later in the SDLC. This technique can help ensure that security is built into the application from the beginning, rather than being bolted on at the end.
upvoted 2 times
...
...
yottabyte
1 year, 9 months ago
Selected Answer: A
Even if I am wrong, I will still go with A in the Exam.
upvoted 1 times
crishnamohan
1 year, 9 months ago
SAST is during development phase, DAST is after the deployment or while app is running
upvoted 7 times
...
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...