nerdexam
ExamsCCSPQuestions#133
(ISC)2(ISC)2

CCSP · Question #133

CCSP Question #133: Real Exam Question with Answer & Explanation

The correct answer is A: Static. Static application security testing (SAST) often provides the most comprehensive results for discovering vulnerabilities by analyzing code without executing it.

Submitted by thandi_sa· Apr 18, 2026Cloud Application Security

Question

Which type of testing tends to produce the best and most comprehensive results for discovering system vulnerabilities?

Options

  • AStatic
  • BDynamic
  • CPen
  • DVulnerability

Explanation

Static application security testing (SAST) often provides the most comprehensive results for discovering vulnerabilities by analyzing code without executing it.

Common mistakes.

  • B. Dynamic Application Security Testing (DAST) analyzes applications in their running state, which may not find vulnerabilities in unexercised code paths.
  • C. Penetration testing (Pen testing) simulates an attack to find exploitable vulnerabilities but is time-boxed and may not discover all existing flaws.
  • D. Vulnerability scanning automatically identifies known weaknesses but typically lacks the depth and custom code analysis of static testing.

Concept tested. Application security testing types (SAST)

Reference. https://learn.microsoft.com/en-us/azure/security/develop/security-dev-lifecycle-vulnerabilities#static-analysis-security-testing-sast

Topics

#Security Testing Methodologies#Static Application Security Testing (SAST)#Vulnerability Discovery#Application Security

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CCSP PracticeBrowse All CCSP Questions