Fortify Static Code Analyzer Interview Question-Answer

Q.1 The number of analyzers in Fortify SCA is ___.

       A. 4

       B. 5

       C. 6

       D. 7

Ans : 6

---

Q.2 Which of the following languages does Fortify integrate with?

       A. Python

       B. C/C++

       C. Java

       D. .Net

       E. All the above options

Ans : All the above options

---

Q.3 Fortify specializes in which of the following areas?

       A. Bug finding

       B. Type checking

       C. Security review

       D. Style checking

       E. All the above options

Ans : All the above options

---

Q.4 Formatting String can be done by __________ .

       A. Buffer

       B. Configuration Analyzer

       C. Structural Analyzer

       D. Semantic Analyzer

Ans : Semantic Analyzer

---

Q.5 Static code analysis is done after executing a code.

       A. True

       B. False

Ans : False

---

Q.6 Which analyzer identifies loggers that are not declared a static final?

       A. Structural

       B. Configuration

       C. Buffer Analyzer

       D. Content

Ans : Structural

---

Q.7 Source code is translated to intermediate format in which phase?

       A. Build

       B. Verification

       C. Translation

       D. Analysis

Ans : Translation

---

Q.8 SCA processes JAVA code by emulating Compiler in __________.

       A. Build Integration tool

       B. Command Line Interface

       C. All the options

       D. None of the Mentioned

Ans : Build Integration tool

---

Q.9 Which analyzer uses the global and inter-procedural taint propagation analysis procedure?

       A. Data flow

       B. Buffer overflow

       C. Control flow

       D. Semantic

Ans : Data flow

---

Q.10 Audit Workbench generates reports.

       A. Secure

       B. Collaborative work

       C. Resolving Dependencies

       D. All the options

Ans : All the options

---

Q.11 Dynamic content in PHP and JSP can be checked by?

       A. Configuration Analyzer

       B. Semantic Analyzer

       C. Content Analyzer

       D. Structural Analyzer

Ans : Content Analyzer

---

Q.12 How is incremental scanning done?

       A. Only the initial full scan is done

       B. Only the modified part of the code is scanned after the initial full scan

       C. Scans the entire code always

Ans : Only the modified part of the code is scanned after the initial full scan

---

Q.13 In what file format are reports stored?

       A. .docx

       B. .fpr

       C. .pdf

Ans : .fpr

---

Q.14 Fortify was acquired by?

       A. Cisco

       B. HP

       C. Oracle

       D. None of the options

Ans : HP

---

Q.15 Which analyzer inspects fair timeouts of a user in a specific session?

       A. Buffer Analyzer

       B. Structural

       C. Content

       D. Configuration

Ans : Configuration

---

Q.16 The translation phase of C/C++ code in Fortify requires object files and library files.

       A. True

       B. False

Ans : False

---

Q.17 A BuildID need not be unique.

       A. True

       B. False

Ans : False

---

Q.18 Fortify cannot be integrated with Jenkins.

       A. True

       B. False

Ans : False

---

Q.19 Semantic analyzer works in which of the following?

       A. Intra-procedural Level

       B. Inter-procedural Level

Ans : Intra-procedural Level

---