CompTIA Security+ (SY0-601) — Question 515

A software company adopted the following processes before releasing software to production:

• Peer review
• Static code scanning
• Signing

A considerable number of vulnerabilities are still being detected when code is executed on production. Which of the following security tools can improve vulnerability detection on this environment?

Answer options

• A. File integrity monitoring for the source code
• B. Dynamic code analysis tool
• C. Encrypted code repository
• D. Endpoint detection and response solution

Correct answer: B

Explanation

The correct answer is B, as a Dynamic code analysis tool tests the software while it's running, identifying vulnerabilities that static methods may miss. Options A and C focus on pre-deployment measures, which do not address runtime issues, while D pertains more to monitoring and response after vulnerabilities have been exploited.