SY0-701 Question #416: Real Exam Question with Answer & Explanation

The correct answer is A: Fuzzing. Fuzzing (A) directly addresses the CISO's concern: it is an automated testing technique that deliberately sends malformed, unexpected, or random inputs to an application to expose crashes, memory leaks, and input-handling vulnerabilities - exactly what an attacker exploiting inva

Submitted by khalil_dz· Mar 6, 2026Threats, vulnerabilities, and mitigations

Question

A development team is launching a new public-facing web product. The Chief Information Security Officer has asked that the product be protected from attackers who use malformed or invalid inputs to destabilize the system. Which of the following practices should the development team implement?

Options

AFuzzing
BContinuous deployment
CStatic code analysis
DManual peer review

Explanation

Fuzzing (A) directly addresses the CISO's concern: it is an automated testing technique that deliberately sends malformed, unexpected, or random inputs to an application to expose crashes, memory leaks, and input-handling vulnerabilities - exactly what an attacker exploiting invalid inputs would do. Continuous deployment (B) is a release pipeline practice with no inherent security testing component. Static code analysis (C) scans source code for defects without executing the program, so it cannot observe how the running system responds to bad inputs at runtime. Manual peer review (D) depends on human attention and is unlikely to systematically catch every edge-case input vulnerability at scale.

Memory tip: Think "fuzz = garbage in, bugs out." If the threat is malformed input, the defense is a tool that throws malformed input at the system first - that's fuzzing.

Topics

#Fuzzing#Vulnerability testing#Application security#Input validation

Community Discussion

No community discussion yet for this question.

Full SY0-701 Practice Browse All SY0-701 Questions