Weekly CISSP Exam Questions
When should static code analysis ideally occur?
A. Before compilation
B. During a live attack
C. During runtime
D. After decommissioning the code
Correct Answer: A
Explanation:
Static code analysis is a method of debugging by examining source code before a program is run. It is done to identify vulnerabilities, bugs, or breaches of coding standards and is best performed before the code is compiled. This allows for the identification of vulnerabilities early in the software development lifecycle, making them easier and less costly to address.
Here's a breakdown of each option:
Before compilation: Static code analysis tools review the uncompiled source code for potential vulnerabilities or violations of coding standards. This is the ideal time for such an analysis.
During a live attack: This is not the appropriate time for static code analysis. During a live attack, real-time monitoring and defensive measures are more appropriate.
During runtime: Static code analysis is, by definition, performed before the code is run, not during its execution. Dynamic analysis is more appropriate during runtime.
After decommissioning the code: At this point, the code is no longer in use, making static analysis irrelevant for the decommissioned application.
Podcasts
Check out my weekly podcasts that delve deep into the relevant topics related to each of CISSP domains. In addition, I will go over specific questions and they can be interpreted and answered.
CISSP Cyber Training Academy
Tired of not knowing how to study for the CISSP Exam?
Check out the CISSP Cyber Training Academy to help you on your journey!
CISSP Cyber Training - YouTube
Check out my video collection on YouTube discussing all the details needed to help you pass the CISSP exam.
