Implementing DevOps Solutions and Practices Using Cisco Platforms (DEVOPS) — Question 112
Which type of security testing should be performed as a part of a CI/CD pipeline by analyzing the source code itself without compiling the code into a running executable?
Answer options
- A. Dynamic Application Security Testing
- B. Runtime Application Health-Protection
- C. Continuous Application Security Testing
- D. Static Analysis Security Testing
Correct answer: D
Explanation
The correct answer is D, Static Analysis Security Testing, as it involves reviewing the source code without executing it to find vulnerabilities. Options A and C involve dynamic testing which requires a running application, while B focuses on runtime health protection, which is not applicable to source code analysis.