CAS-002 Question #21: Real Exam Question with Answer & Explanation

The correct answer is C: Conduct fuzzing attacks.. Fuzzing (fuzz testing) is a dynamic testing technique that sends random, malformed, or unexpected inputs to an application to discover unknown vulnerabilities such as crashes, memory leaks, and unhandled exceptions. It is specifically designed to uncover zero-day or previously un

Question

A company is developing a new web application for its Internet users and is following a secure coding methodology. Which of the following methods would BEST assist the developers in determining if any unknown vulnerabilities are present?

Options

AConduct web server load tests.
BConduct static code analysis.
CConduct fuzzing attacks.
DConduct SQL injection and XSS attacks.

Explanation

Fuzzing (fuzz testing) is a dynamic testing technique that sends random, malformed, or unexpected inputs to an application to discover unknown vulnerabilities such as crashes, memory leaks, and unhandled exceptions. It is specifically designed to uncover zero-day or previously unknown flaws that developers and testers haven't anticipated. Load testing (A) measures performance under stress, not security vulnerabilities. Static code analysis (B) reviews source code for known patterns and is good for finding known vulnerability types, but it won't discover unknown or novel flaws effectively. SQL injection and XSS attacks (D) test for specific, known vulnerability classes rather than unknown ones.

Community Discussion

No community discussion yet for this question.

Full CAS-002 Practice