SC-100 · Question #121
SC-100 Question #121: Real Exam Question with Answer & Explanation
The correct answer is B: penetration testing. {"question_number": 7, "correct_answer": "B", "explanation": "Dynamic Application Security Testing (DAST) analyzes a running application by simulating external attacks against it at runtime. Penetration testing is the correct DAST activity because it actively probes a deployed ap
Question
You use Azure Pipelines with Azure Repos to implement continuous integration and continuous deployment (CI/CD) workflows for the deployment of applications to Azure. You need to recommend what to include in dynamic application security testing (DAST) based on the principles of the Microsoft Cloud Adoption Framework for Azure. What should you recommend?
Options
- Aunit testing
- Bpenetration testing
- Cdependency checks
- Dthreat modeling
Explanation
{"question_number": 7, "correct_answer": "B", "explanation": "Dynamic Application Security Testing (DAST) analyzes a running application by simulating external attacks against it at runtime. Penetration testing is the correct DAST activity because it actively probes a deployed application for exploitable vulnerabilities just as an attacker would. Unit testing (A) is a functional code-correctness check, not a security test. Dependency checks (C) are Software Composition Analysis (SCA), a static technique that identifies vulnerable libraries. Threat modeling (D) is a design-phase activity performed before code is written. Per the Microsoft Cloud Adoption Framework, DAST corresponds to active runtime testing such as penetration testing.", "generated_by": "claude-sonnet", "llm_judge_score": 4}
Topics
Community Discussion
No community discussion yet for this question.