CompTIA CASP+ (CAS-003) — Question 153

Joe, a penetration tester, is assessing the security of an application binary provided to him by his client. Which of the following methods would be the MOST effective in reaching this objective?

Answer options

• A. Employ a fuzzing utility
• B. Use a static code analyzer
• C. Run the binary in an application sandbox
• D. Manually review the binary in a text editor

Correct answer: B

Explanation

Using a static code analyzer is the most effective way to identify vulnerabilities in the application binary, as it examines the code without executing it. The other options, such as fuzzing or running the binary in a sandbox, may uncover issues but are less thorough than a static code analysis. Manually reviewing the binary in a text editor is not practical for comprehensive security assessment.