AZ-400 · Question #311
AZ-400 Question #311: Real Exam Question with Answer & Explanation
Static code analysis is the appropriate tool for early development stages (such as coding and code review) because it automatically scans source code for vulnerabilities without executing the program, catching issues like SQL injection or buffer overflows early and cheaply in the
Question
Drag and Drop Question You need to increase the security of your team's development process. Which type of security tool should you recommend for each stage of the development process? To answer, drag the appropriate security tools to the correct stages. Each security tool may be used once, more than once, or not at all. You may need to drag the split bar between panes or scroll to view content. NOTE: Each correct selection is worth one point. Answer:
Explanation
Static code analysis is the appropriate tool for early development stages (such as coding and code review) because it automatically scans source code for vulnerabilities without executing the program, catching issues like SQL injection or buffer overflows early and cheaply in the SDLC. Penetration testing is best suited for later stages (such as pre-production or release) because it simulates real-world attacks against a running application or system to identify exploitable vulnerabilities that only manifest at runtime. Threat modeling, while valuable, is typically applied at the design/planning phase and is not mapped to the stages presented in this question, making it the unused option here.
Topics
Community Discussion
No community discussion yet for this question.