AZ-400 · Question #311
Drag and Drop Question You need to increase the security of your team's development process. Which type of security tool should you recommend for each stage of the development process? To answer, drag
The correct answer is Static code analysis; Static code analysis; Penetration testing. Static code analysis is the appropriate tool for early development stages (such as coding and code review) because it automatically scans source code for vulnerabilities without executing the program, catching issues like SQL injection or buffer overflows early and cheaply in the
Question
Exhibits
Answer Area
Drag items
Correct arrangement
- Static code analysis
- Static code analysis
- Penetration testing
Explanation
Static code analysis is the appropriate tool for early development stages (such as coding and code review) because it automatically scans source code for vulnerabilities without executing the program, catching issues like SQL injection or buffer overflows early and cheaply in the SDLC. Penetration testing is best suited for later stages (such as pre-production or release) because it simulates real-world attacks against a running application or system to identify exploitable vulnerabilities that only manifest at runtime. Threat modeling, while valuable, is typically applied at the design/planning phase and is not mapped to the stages presented in this question, making it the unused option here.
Topics
Community Discussion
No community discussion yet for this question.

