CompTIA CASP+ (CAS-004) — Question 324

A security analyst has been tasked with assessing a new API. The analyst needs to be able to test for a variety of different inputs, both malicious and benign, in order to close any vulnerabilities. Which of the following should the analyst use to achieve this goal?

Answer options

• A. Static analysis
• B. Input validation
• C. Fuzz testing
• D. Post-exploitation

Correct answer: C

Explanation

Fuzz testing is designed to input random or unexpected data into an application to discover potential vulnerabilities. Static analysis and input validation focus on code review and ensuring data meets certain criteria, respectively, but do not actively test for a wide range of inputs. Post-exploitation refers to actions taken after a breach has occurred, which does not apply to the initial testing phase.