SDL Security Testing & Code Analysis

Question 1

What is the purpose of security testing in software development?

Accepted Answer

To detect security flaws and vulnerabilities

Answer

To improve user interface.

Answer

To increase software features.

Answer

To speed up deployment.

Question 2

Which testing method involves analyzing source code without execution?

Accepted Answer

Static Application Security Testing (SAST)

Answer

Dynamic testing.

Answer

Penetration testing.

Answer

Load testing.

Question 3

What does Dynamic Application Security Testing (DAST) do?

Accepted Answer

Simulates attacks on running software

Answer

Tests source code statically.

Answer

Measures system performance.

Answer

Checks database schemas.

Question 4

Why is code review important in security testing?

Accepted Answer

It improves code quality and security

Answer

It slows development.

Answer

It increases bugs.

Answer

It removes documentation.

Question 5

What is fuzz testing?

Accepted Answer

Feeding random data to find bugs

Answer

Testing user experience.

Answer

Load testing.

Answer

Network performance testing.

Question 6

Which tool type helps automatically detect known vulnerabilities?

Accepted Answer

Software Composition Analysis (SCA)

Answer

SAST tools.

Answer

Performance testing tools.

Answer

Version control.

Question 7

Why is automated security testing useful?

Accepted Answer

It improves coverage and speed

Answer

It reduces coverage.

Answer

It slows development.

Answer

It is less reliable.

Question 8

What is a false positive in security testing?

Accepted Answer

An incorrectly flagged issue

Answer

A confirmed vulnerability.

Answer

An ignored vulnerability.

Answer

A security patch.

Question 9

How can code analysis improve software security?

Accepted Answer

By finding and mitigating vulnerabilities early

Answer

By increasing feature set.

Answer

By delaying release.

Answer

By reducing testing.