ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam SY0-601 All Questions

View all questions & answers for the SY0-601 exam
Go to Exam

Exam SY0-601 topic 1 question 172 discussion

Actual exam question from CompTIA's SY0-601
Question #: 172
Topic #: 1
[All SY0-601 Questions]

A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment. Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following BEST describes the type of assessment taking place?

  • A. Input validation
  • B. Dynamic code analysis
  • C. Fuzzing
  • D. Manual code review
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by stoneface at Sept. 1, 2022, 3:27 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
stoneface
Highly Voted 2 years, 11 months ago
Selected Answer: B
Dynamic analysis means that the application is tested under "real world" conditions using a staging environment.
upvoted 32 times
...
ApplebeesWaiter1122
Highly Voted 2 years ago
Selected Answer: B
Dynamic code analysis, also known as runtime application security testing (RAST) or dynamic application security testing (DAST), is the process of analyzing a running program or application in a live environment. In this type of assessment, the security analyst tests the application by interacting with it as an end-user would, sending inputs and examining the outputs to identify potential security vulnerabilities or weaknesses. During dynamic code analysis, the security analyst can identify critical issues, such as security flaws or vulnerabilities, that exist in the program while it is executing. These issues are then reported back to the developer for verification and remediation.
upvoted 9 times
...
andrizo
Most Recent 2 years, 9 months ago
whats the difference between code analysis and manual code review?
upvoted 1 times
NavySteel
2 years, 8 months ago
Manual code review is when the developer checks every line of code.
upvoted 5 times
...
...
ostralo
2 years, 9 months ago
static code analysis is a form of white-box testing that can help identify security issues in source code. On the other hand, dynamic code analysis is a form of black-box vulnerability scanning that allows software teams to scan running applications and identify vulnerabilities. When properly implemented, dynamic code analysis can reduce mean time to identification (MTTI) for production incidents, improve visibility to application issues, and increase a project’s overall security posture. https://www.checkpoint.com/cyber-hub/cloud-security/what-is-dynamic-code-analysis/
upvoted 3 times
...
RonWonkers
2 years, 10 months ago
Selected Answer: B
Agree with B
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel