A software development team asked a security analyst to review some code for security vulnerabilities. Which of the following would BEST assist the security analyst while performing this task?
Agreed it's A.
What is static analysis in cyber security?
Image result for static analysis cyber security
Static application security testing (SAST), or static analysis, is a testing methodology that analyzes source code to find security vulnerabilities that make your organization's applications susceptible to attack.
Regression testing is a software testing practice that ensures an application still functions as expected after any code changes, updates, or improvements. Which would fall into the Security Analyst remit.
Process of reviewing uncompiled source code either manually or using automated tools
-Automated tools can reveal issues ranging from faulty logic to insecure libraries before the app even runs
▪ Code Review
● The process of peer review of uncompiled source code by other developers
"Unlike many other methods, static analysis does not run the program; instead, it focuses on understanding how the program is written and what the code is intended to do. Static code analysis can be conducted using automated tools or manually by reviewing the code—a process sometimes called “code understanding.” Automated static code analysis can be very effective at finding known issues, and manual static code analysis helps identify programmer-induced errors." Comptia CYSA Dtudy Guide
Static analysis refers to testing or examining software when it is not running. The most common type of static analysis is code review. Code review is the systematic investigation of the code for security and functional problems. It can take many forms, from simple peer review to formal code review. Code review was covered earlier in this chapter. More on static analysis was covered in Chapter 4.
People who are confused why it is not Dynamic (B) or Regression (C) the keyword here is 'code'. You perform dynamic or regression testing while running the program.
It is not regression testing. Because that is not job of Analyst. Regression testing is in general of QA/Test team. Analyst usually performs either perform static (code scanning) or Dynamic (VA/fuzzing)
This is indeed a very tricky one.
Statistic analysis - code analysis (not software analysis)
Regression Testing - Software Test to ensure it functions as it should.
Questions asks about examining code and not software, I think here I'll be going with A.
This section is not available anymore. Please use the main Exam Page.CS0-002 Exam Questions
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Charlieb123
Highly Voted 3 years, 3 months ago2Fish
2 years, 1 month agoawad1997
Highly Voted 3 years, 3 months agoiraidesc
Most Recent 2 years, 5 months agoMrRobotJ
2 years, 5 months agookioki
2 years, 5 months agogwanedm
2 years, 7 months agoR00ted
2 years, 7 months agoFastytop
2 years, 7 months agocyberseckid
2 years, 7 months agoIT_Master_Tech
2 years, 5 months agoEVE12
2 years, 8 months agomiabe
2 years, 9 months agoFrancisBakon
2 years, 9 months agoFrancisBakon
2 years, 9 months agoThreat_Analyst
2 years, 11 months agof3lix
2 years, 12 months agoencxorblood
3 years agoRoPsur
3 years, 1 month agowazowski1321
3 years, 1 month ago