PT0-001 · Question #178
PT0-001 Question #178: Real Exam Question with Answer & Explanation
The correct answer is A: Launch the applications and use dynamic software analysis tools, including fuzz testing. Dynamic analysis with fuzz testing exercises the application at runtime to reveal actual behavioral vulnerabilities, providing the most comprehensive view of how the application handles real-world conditions.
Question
Options
- ALaunch the applications and use dynamic software analysis tools, including fuzz testing
- BUse a static code analyzer on the JAR filet to look for code Quality deficiencies
- CDecompile the applications to approximate source code and then conduct a manual review
- DReview the details and extensions of the certificate used to digitally sign the code and the
Explanation
Dynamic analysis with fuzz testing exercises the application at runtime to reveal actual behavioral vulnerabilities, providing the most comprehensive view of how the application handles real-world conditions.
Common mistakes.
- B. A static code analyzer on JAR files works on compiled bytecode rather than source code, limiting the depth of analysis and missing runtime behaviors such as dynamic class loading or reflection-based vulnerabilities.
- C. Decompiling JAR files produces only approximate source code with lost variable names and comments, and while useful for code review, it does not execute the application or reveal how it behaves under unexpected or malformed runtime inputs.
- D. Reviewing the digital signing certificate reveals the publisher identity and trust chain but provides no information about the application's internal logic, code structure, or security weaknesses.
Concept tested. Dynamic application security testing and fuzz testing
Reference. https://owasp.org/www-project-web-security-testing-guide/
Topics
Community Discussion
No community discussion yet for this question.