CompTIA CySA+ (CS0-002) — Question 22

A software development team asked a security analyst to review some code for security vulnerabilities. Which of the following would BEST assist the security analyst while performing this task?

Answer options

• A. Static analysis
• B. Dynamic analysis
• C. Regression testing
• D. User acceptance testing

Correct answer: A

Explanation

Static analysis is the best option as it involves examining the code without executing it, allowing the security analyst to identify vulnerabilities early in the development process. Dynamic analysis, while useful, requires running the code, which may not catch all vulnerabilities. Regression testing and user acceptance testing are focused on functionality and user requirements rather than security issues.