CompTIA Security+ (SY0-701) — Question 299

A security analyst is reviewing the source code of an application in order to identify misconfigurations and vulnerabilities. Which of the following kinds of analysis best describes this review?

Answer options

• A. Dynamic
• B. Static
• C. Gap
• D. Impact

Correct answer: B

Explanation

The correct answer is B, Static analysis, as it involves reviewing the source code without executing the program to identify vulnerabilities and misconfigurations. Dynamic analysis, on the other hand, requires running the application, while Gap and Impact analyses focus on different aspects of security assessments rather than directly analyzing source code.