ExpertMedium1 markMultiple Choice
CPA · Question 57 · Area II: Security
Which of the following best describes 'Static Application Security Testing' (SAST)?
Which of the following best describes 'Static Application Security Testing' (SAST)?
Answer options:
A.
Analyzing source code for vulnerabilities without executing the program.
B.
Testing the running application from the outside (Black box).
C.
Monitoring the application in production.
D.
Social engineering the developers.
How to approach this question
Static = Still (Code). Dynamic = Moving (Running App).
Full Answer
A.Analyzing source code for vulnerabilities without executing the program.✓ Correct
SAST (White Box Testing) involves scanning the source code, bytecode, or binaries for vulnerabilities (like SQL injection flaws) while the code is at rest (static), before it is compiled or run.
Common mistakes
Confusing SAST and DAST.
Practice the full CPA ISC Practice Exam
82 questions · hints · full answers · grading
More questions from this exam
Q01A CPA is performing a risk assessment for a client that uses a public cloud provider for its core...HardQ02During a walkthrough of a client's change management process, the auditor notes that developers h...HardQ03A service organization provides a real-time transaction processing platform. The service level ag...HardQ04An auditor is reviewing a SQL query used by the finance team to generate a report of all sales tr...HardQ05A healthcare clearinghouse is preparing for a SOC 2® engagement. They utilize a private cloud dep...Hard