CompTIA CASP+ (CAS-004) — Question 180

An organization is establishing a new software assurance program to vet applications before they are introduced into the production environment. Unfortunately, many of the applications are provided only as compiled binaries. Which of the following should the organization use to analyze these applications? (Choose two.)

Answer options

• A. Regression testing
• B. SAST
• C. Third-party dependency management
• D. IDE SAST
• E. Fuzz testing
• F. IAST

Correct answer: E, F

Explanation

Fuzz testing and IAST (Interactive Application Security Testing) are both effective for analyzing compiled binaries since they can identify vulnerabilities without requiring access to the source code. Regression testing does not focus on security vulnerabilities, while SAST (Static Application Security Testing), IDE SAST, and third-party dependency management are primarily suited for source code analysis and dependency tracking, respectively.