Fortify Static Code Analyzer Questions and Answers 2022 [updated]

Fortify Static Code Analyzer is developed by Micro Focus which finds security vulnerabilities in the user’s source code duing early SDLC and provides best practices so developers can code more securely. Fortify Static code analyzer and its plugins are really outstanding compared to other solution. Fortify easily integrates into Visual Studio, code, eclipse, intelliJ and Android Studio.

Fortify Static Code

How to Install Fortify Static Code Analyzer Component Application
To Install the Fortify Static Code Analyzer, you need to visit the Download page from the Microfocus. This website will ask you to sign up or log in to download any package.

Steps to Install if you have GUI access to your OS
STEP 1: Run the downloaded Installer based on your operating system.

Windows – Fortify_SCA_and_Apps_windows_x64.exe MacOS – Fortify_SCA_and_Appsosx_x64.app.zip Linux – Fortify_SCA_and_Apps_linux_x64.run
STEP 2: Follow the On-screen Instruction

STEP 3: Optionally, you can select the additional components mentioned in above topic.

STEP 4: Specify the USER for the installation.

STEP 5: Specify the path of the fortify.license file. (This you need to purchase)

STEP 6: Mention the URL Address of the Update Server. for example . https://update.fortify.com. This will update the Rules on regular basis.

STEP 7: Click Finish at the end

Fortify Static Code Analyzer Interview Questions and Answers

Q.1 The number of analyzers in Fortify SCA is _.

1)4

2)5

3)6

4)7

Correct Answer of above question is:6

Q.2 Which of the following languages does Fortify integrate with?

1)Python

2)C/C++

3)Java

4).Net

5)All the above options

Correct Answer of above question is:All the above options

Q.3 Fortify specializes in which of the following areas?

1)Bug finding

2)Type checking

3)Security review

4)Style checking

5)All the above options

Correct Answer of above question is:All the above options

Q.4 Formatting String can be done by __ .

1)Buffer

2)Configuration Analyzer

3)Structural Analyzer

4)Semantic Analyzer

Correct Answer of above question is:Semantic Analyzer

Q.5 Static code analysis is done after executing a code.

1)True

2)False

Correct Answer of above question is:False

Q.6 Which analyzer identifies loggers that are not declared a static final?

1)Structural

2)Configuration

3)Buffer Analyzer

4)Content

Correct Answer of above question is:Structural

Q.7 Source code is translated to intermediate format in which phase?

1)Build

2)Verification

3)Translation

4)Analysis

Correct Answer of above question is:Translation

Q.8 SCA processes JAVA code by emulating Compiler in __.

1)Build Integration tool

2)Command Line Interface

3)All the options

4)None of the Mentioned

Correct Answer of above question is:Build Integration tool

Q.9 Which analyzer uses the global and inter-procedural taint propagation analysis procedure?

1)Data flow

2)Buffer overflow

3)Control flow

4)Semantic

Correct Answer of above question is:Data flow

Q.10 Audit Workbench generates reports.

1)Secure

2)Collaborative work

3)Resolving Dependencies

4)All the options

Correct Answer of above question is:All the options

Q.11 Dynamic content in PHP and JSP can be checked by?

1)Configuration Analyzer

2)Semantic Analyzer

3)Content Analyzer

4)Structural Analyzer

Correct Answer of above question is:Content Analyzer

Q.12 How is incremental scanning done?

1)Only the initial full scan is done

2)Only the modified part of the code is scanned after the initial full scan

3)Scans the entire code always

Correct Answer of above question is:Only the modified part of the code is scanned after the initial full scan

Q.13 In what file format are reports stored?

1).docx

2).fpr

3).pdf

Correct Answer of above question is:.fpr

Q.14 Fortify was acquired by?

1)Cisco

2)HP

3)Oracle

4)None of the options

Correct Answer of above question is:HP

Q.15 Which analyzer inspects fair timeouts of a user in a specific session?

1)Buffer Analyzer

2)Structural

3)Content

4)Configuration

Correct Answer of above question is:Configuration

Q.16 The translation phase of C/C++ code in Fortify requires object files and library files.

1)True

2)False

Correct Answer of above question is:False

Q.17 A BuildID need not be unique.

1)True

2)False

Correct Answer of above question is:False

Q.18 Fortify cannot be integrated with Jenkins.

1)True

2)False

Correct Answer of above question is:False

Q.19 Semantic analyzer works in which of the following?

1)Intra-procedural Level

2)Inter-procedural Level

Correct Answer of above question is:Intra-procedural Level

About Author


After years of Technical Work, I feel like an expert when it comes to Develop wordpress website. Check out How to Create a Wordpress Website in 5 Mins, and Earn Money Online Follow me on Facebook for all the latest updates.