CompTIA Security+ (SY0-601) — Question 718

A security analyst has been tasked with ensuring all programs that are deployed into the enterprise have been assessed in a runtime environment. Any critical issues found in the program must be sent back to the developer for verification and remediation. Which of the following BEST describes the type of assessment taking place?

Answer options

• A. Input validation
• B. Dynamic code analysis
• C. Fuzzing
• D. Manual code review

Correct answer: B

Explanation

The correct answer is B, Dynamic code analysis, as it involves evaluating a program while it is running to identify potential vulnerabilities. Input validation (A) refers to checking data before processing, fuzzing (C) is about automated testing with random data, and manual code review (D) involves examining code without executing it, which does not fit the runtime assessment requirement.