CompTIA Security+ (SY0-501) — Question 380

A new mobile application is being developed in-house. Security reviews did not pick up any major flaws, however vulnerability scanning results show fundamental issues at the very end of the project cycle.
Which of the following security activities should also have been performed to discover vulnerabilities earlier in the lifecycle?

Answer options

• A. Architecture review
• B. Risk assessment
• C. Protocol analysis
• D. Code review

Correct answer: D

Explanation

A Code review is essential for identifying vulnerabilities in the source code before the application is finalized. While an Architecture review, Risk assessment, and Protocol analysis are valuable, they do not focus specifically on the code itself, which is where many vulnerabilities can be introduced.