The correct choice is Static Application Security Testing (SAST).

SAST inspects source code, bytecode, or binaries without executing the program and it identifies coding errors and vulnerabilities such as injection issues, insecure API usage, and improper error handling.

SAST is commonly used early in the development lifecycle so developers can find and fix defects before deployment and it complements testing techniques that require a running application.

Dynamic Application Security Testing (DAST) is incorrect because it analyzes a running application from the outside and does not perform offline source code inspection.

Software Composition Analysis (SCA) is incorrect because it focuses on discovering known vulnerabilities in third party libraries and dependencies rather than analyzing an application s own source code for coding flaws.

Interactive Application Security Testing (IAST) is incorrect because it instruments the application and analyzes behavior during runtime and it therefore is not a pure static, non executing code inspection technique.

Full AWS Practitioner Certification Question