CAS-005 · Question #117
CAS-005 Question #117: Real Exam Question with Answer & Explanation
The correct answer is B: Dynamic analysis. Dynamic analysis is the most appropriate technique for assessing vulnerabilities during runtime. It involves testing the application while it is running, which allows the security analyst to observe the application's behavior, detect vulnerabilities that emerge during execution,
Question
A security analyst is assessing a new application written in Java. The security analyst must determine which vulnerabilities exist during runtime. Which of the following would provide the most exhaustive list of vulnerabilities while meeting the objective?
Options
- AInput validation
- BDynamic analysis
- CSide-channel analysis
- DFuzz testing
- EStatic analysis
Explanation
Dynamic analysis is the most appropriate technique for assessing vulnerabilities during runtime. It involves testing the application while it is running, which allows the security analyst to observe the application's behavior, detect vulnerabilities that emerge during execution, and understand how the application interacts with its environment. This provides a comprehensive view of vulnerabilities that may not be detected through static code analysis, as it accounts for issues like memory corruption, data leaks, and runtime exceptions.
Community Discussion
No community discussion yet for this question.