ExamTopics Logo
Mail Us[email protected]
Menu
Microsoft Discussions
exam questions

Exam AZ-400 All Questions

View all questions & answers for the AZ-400 exam
Go to Exam

Exam AZ-400 topic 7 question 57 discussion

Actual exam question from Microsoft's AZ-400
Question #: 57
Topic #: 7
[All AZ-400 Questions]

Your company develops a client banking application that processes a large volume of data.
Code quality is an ongoing issue for the company. Recently, the code quality has deteriorated because of an increase in time pressure on the development team.
You need to implement static code analysis.
During which phase should you use static code analysis?

  • A. integration testing
  • B. staging
  • C. production release
  • D. build
Show Suggested Answer Hide Answer
Suggested Answer: D 🗳️
by Vkv at March 10, 2020, 2:30 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
DBoss
Highly Voted 4 years, 8 months ago
correct answer should be build only as static code analysis is done at compile time not runtime.
upvoted 104 times
Miles19
3 years, 7 months ago
Yes, that's correct.
upvoted 6 times
...
plalwa
3 years, 11 months ago
PR or build, thats it. so build is correct option.
upvoted 6 times
...
...
JohnD2020
Highly Voted 4 years, 8 months ago
Here a picture of Microsoft's answer: https://docs.microsoft.com/en-us/azure/devops/migrate/media/security-validation-cicd-pipeline/feedback.png So pull request and CI (guess this is build).
upvoted 35 times
Root_Access
4 years, 5 months ago
Looking for this picture. Nice. D is correct.
upvoted 4 times
...
...
vsvaid
Most Recent 11 months, 2 weeks ago
Selected Answer: D
Build Stage
upvoted 1 times
...
SATHTECH
2 years ago
Selected Answer: D
Answer is D . Testing can’t cover every possible code execution path. But a static code analyzer can. It checks the code as you work on your build. You’ll get an in-depth analysis of where there might be potential problems in your code, based on the rules you’ve applied. link : https://www.perforce.com/blog/sca/what-static-analysis#:~:text=Static%20code%20analysis%20is%20performed,during%20the%20%E2%80%9CCreate%E2%80%9D%20phase.
upvoted 4 times
xRiot007
1 year, 4 months ago
Static analysis and testing are 2 different aspects. Testing can cover all possible execution paths and it's really easy to do if you have a tool like Sonar Cloud that will tell you all the partially tested blocks.
upvoted 1 times
...
...
dmeld
2 years ago
It should be D. We usually use Dynamic code analysis in stage A and static code analysis in the early stages of Software development life cycle as build stage .
upvoted 1 times
...
syu31svc
2 years, 3 months ago
Selected Answer: A
The Secure Development Lifecycle (SDL) Guidelines recommend that teams perform static analysis during the integration and implementation and phase of their development cycle. Got a similar practice question from Linux Academy (now Cloud Guru)
upvoted 1 times
xRiot007
1 year, 4 months ago
Then it's most probably outdated. You want to shift security and quality as much to the left as possible. This means doing static analysis and vulnerability scans at build time.
upvoted 1 times
...
warchoon
2 years ago
https://www.microsoft.com/en-us/securityengineering/sdl/practices SAST is typically integrated into the commit pipeline to identify vulnerabilities each time the software is built or packaged.
upvoted 1 times
...
...
Keem
2 years, 5 months ago
Several other answers to similar questions in this series equally chose 'Build' I go for D
upvoted 1 times
...
UnknowMan
2 years, 6 months ago
Selected Answer: D
On Build
upvoted 1 times
...
AlexLiourtas
2 years, 8 months ago
Selected Answer: D
can confirm is D
upvoted 1 times
...
rdemontis
2 years, 8 months ago
Selected Answer: D
Correct answer is Build! https://docs.microsoft.com/en-us/azure/security/develop/security-code-analysis-onboard#adding-specific-build-tasks-to-your-azure-devops-pipeline
upvoted 2 times
...
Manish442
2 years, 10 months ago
correct answer should be build only as static code analysis is done at compile time not runtime. Correct answer is B
upvoted 1 times
jonasis
2 years, 9 months ago
I think you mean D
upvoted 1 times
...
...
darsh19
2 years, 11 months ago
Selected Answer: D
D. build
upvoted 2 times
...
rliberoff
2 years, 11 months ago
Selected Answer: D
@ExamTopics... you are doing it wrong! The correct answer is D! You do static analysis during build, not during testing, specially not integration testing.
upvoted 2 times
...
Pankaj78
2 years, 11 months ago
Selected Answer: D
It can be build only, but developers don't intend to fix these issues due to sheer pressure, so it can be at the build time if you have good developers and can be at CI time when you want to enforce it, I think enforcing would be a better as developers will be obliged to fix them
upvoted 1 times
...
arpi79
2 years, 11 months ago
Selected Answer: D
Its D - during BUILD
upvoted 1 times
...
SACHMAM
3 years, 5 months ago
Its D - during BUILD
upvoted 2 times
...
DevOpsGeek
3 years, 5 months ago
Read the question, its a phase and not stage so the answer is A
upvoted 3 times
...
Load full discussion...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel