KT-APP SAST findings

Developers complain SAST has 10,000 findings. Prioritization approach?

Multiple choice — select one answer

Answer choices

  1. a. Delete the codebase, using shared credentials instead of individual accountability.
  2. b. Ignore all findings, using shared credentials instead of individual accountability.
  3. c. Run SAST only yearly, without security or identity team coordination per policy.
  4. d. Focus on critical severity in attack surface paths; tune false positive rules

Architectural breakdown & explanation

Risk-based triage makes SAST sustainable.

Correct answer(s): d. Focus on critical severity in attack surface paths; tune false positive rules

Exam domain: SAST findings (25% weight on the official guide).

Official documentation & study links

Practice this certification

This page is one question from the KeyTrain's Key Training — Application Security bank. Run a full timed practice exam with domain-weighted random questions in your browser.