17 Jan Practice Test Question – Static Code Analysis Techniques
Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. What static code analysis technique seeks to identify the variables in a program that may contain user input? A. Lexical analysis B. Taint analysis C. Control flow analysis D. Signature detection Correct Answer: B Taint analysis traces variables that may contain user input and ensures that they are sanitized before being used by a potentially vulnerable function. Lexical analysis converts source code into a tokenized form. Control flow analysis traces the execution path of code. Signature detection looks for known patterns of malicious activity. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...