Code Review

5 minutes 5 Questions

Code review is the process of manually examining an application's source code to identify potential vulnerabilities or bugs that could be exploited by an attacker. This is a crucial component of any application's security assessment and can help organizations identify and remediate issues at the co…

Test mode:

Exam (Timed)

Practice (With explanations)

Start practice test

Question 1

During a code review, a chunk of code responsible for the application's login function appeared not to have been tested. The developer informs you that they didn’t have enough time for thorough testing. What should be your reaction?

The code should not be merged into the main code base until it has been thoroughly tested. Ask the developer to quickly skim through the testing. Leave the testing for the next code review. Merge the code and do the testing in production.

Correct Answer: The code should not be merged into the main code base until it has been thoroughly tested.

The code responsible for a critical function like login should be thoroughly tested before it is merged into the main code base. This is to ensure that it works as expected and does not introduce new issues or vulnerabilities that could impact the security or functionality of the application. Merging the code and testing it in production, skipping the tests for the next code review or just skimming through the testing can potentially lead to significant problems, including bugs, data breaches or even downtime of the application. Therefore, the other answers recommend approaches that should not be taken in a professional software development setup, as they do not adhere to best practices in software testing and quality assurance.

Question 2

During a code review, you come across a function with a significant number of comments stating the code is complex and hard to understand. What is the recommended solution?

Refactor the code to improve readability and maintainability Remove the comments to make the code look cleaner Ask the team to deal with the complexity and learn the function Add more comments to clarify the code

Correct Answer: Refactor the code to improve readability and maintainability

Refactoring the code to enhance its readability and maintainability is the best course of action. Other options either avoid the primary issue or neglect the consequences of poor code quality.

Question 3

While reviewing code, you notice a function that accesses private user data. What is the best practice in this scenario?

Ignore the issue, as it is not related to code quality Ensure the function properly implements access controls and data protection measures Encrypt the entire database and ignore access controls Approve the code if it works, regardless of security concerns

Correct Answer: Ensure the function properly implements access controls and data protection measures

It is crucial to pay attention to access controls and data protection measures when dealing with private user data. Ignoring these measures or implementing improper actions puts users at risk and undermines security.

🎓 Unlock Premium Access

CISSP + ALL Certifications

Code Review

Guide: Code Review for CISSP Security Assessment and Testing

CISSP - Code Review Example Questions

Question 1

Question 2

Question 3

🎓 Unlock Premium Access