Which assessment technique reviews code without executing it?
A CISSP practice question covering Domain 6: Security Assessment and Testing. Try answering before reading the explanation below.
Show options & answer
Why "SAST" is the right answer
Static Application Security Testing analyzes source or compiled code without running it. DAST tests running apps via the surface. IAST instruments runtime + code. RASP defends apps at runtime, not testing.
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.