Which of the following activities takes place in a secure operations phase of the software development lifecycle?

The correct choice is dynamic analysis, which is a crucial activity during the secure operations phase of the software development lifecycle. This phase involves evaluating the software while it is running to identify security vulnerabilities, performance issues, or any deviations from expected behavior under real-world conditions. Dynamic analysis allows for the detection of issues that may not be apparent during static analysis, as it examines the application in its operational context.

Dynamic analysis techniques can include automated testing tools that simulate various types of user interaction and attack scenarios, enabling teams to address potential vulnerabilities before deploying the application. This proactive approach helps ensure that security is integrated into the operational lifecycle of the software, facilitating better risk management and stronger overall security posture as the application runs in production.

The other activities listed, while important in their respective phases, do not specifically align with the objectives of the secure operations phase. Static analysis typically occurs earlier in the development process by examining code without executing it, while code review also generally focuses on earlier stages for identifying issues prior to deployment. Acceptance testing is usually the final verification step involving the functionality and performance of the software based on user requirements, rather than a focused security measure during operations.