Which of the following activities takes place in a secure operations phase of the software development lifecycle?

Dynamic analysis is conducted during the secure operations phase of the software development lifecycle, and it focuses on assessing the behavior of the application while it is running. This involves testing the software in a runtime environment to identify potential vulnerabilities and ensure that it performs securely under various conditions and inputs. Dynamic analysis can uncover issues that may not be evident in static code analysis since it evaluates the application during execution and can simulate real-world attacks or stress tests.

This phase is critical because it allows security teams to monitor the live application for security events, vulnerabilities, and compliance with security requirements, providing insights that help maintain the integrity and safety of the application over its operational life.

In contrast, static analysis, code review, and acceptance testing are primarily associated with earlier phases of the software development lifecycle. Static analysis examines code without executing it, identifying potential vulnerabilities based on syntax and coding standards. Code review involves manual examination of code by peer developers to catch errors or security issues before deployment. Acceptance testing focuses on determining whether the software meets business requirements and is typically performed before the software goes live. Consequently, these activities do not fit within the operations phase where dynamic analysis is fundamental for ongoing security management.