CompTIA
CAS-001 · Question #229
CAS-001 Question #229: Real Exam Question with Answer & Explanation
The correct answer is C: Conduct fuzzing attacks.. Fuzzing sends random, malformed, or unexpected inputs to an application to discover unknown vulnerabilities that structured testing methods and developer assumptions would miss.
Question
A company is developing a new web application for its Internet users and is following a secure coding methodology. Which of the following methods would BEST assist the developers in determining if any unknown vulnerabilities are present?
Options
- AConduct web server load tests.
- BConduct static code analysis.
- CConduct fuzzing attacks.
- DConduct SQL injection and XSS attacks.
Explanation
Fuzzing sends random, malformed, or unexpected inputs to an application to discover unknown vulnerabilities that structured testing methods and developer assumptions would miss.
Common mistakes.
- A. Web server load tests measure performance and availability under high traffic but do not probe for security vulnerabilities.
- B. Static code analysis examines source code for known insecure patterns without executing it, so it cannot find runtime vulnerabilities triggered by unexpected input.
- D. SQL injection and XSS attacks test for specific, already-known vulnerability classes and would not discover novel or unknown vulnerability types.
Concept tested. Fuzz testing for discovering unknown application vulnerabilities
Reference. https://learn.microsoft.com/en-us/security/engineering/fuzzing
Community Discussion
No community discussion yet for this question.