CompTIA CASP+ (CAS-004) — Question 386

A company's software developers have indicated that the security team takes too long to perform application security tasks. A security analyst plans to improve the situation by implementing security into the SDLC. The developers have the following requirements:

1. The solution must be able to initiate SQL injection and reflected XSS attacks.
2. The solution must ensure the application is not susceptible to memory leaks.

Which of the following should be implemented to meet these requirements? (Choose two.)

Answer options

• A. Side-channel analysis
• B. Protocol scanner
• C. HTTP interceptor
• D. DAST
• E. Fuzz testing
• F. SAST
• G. SCAP

Correct answer: D, F

Explanation

DAST (Dynamic Application Security Testing) is appropriate as it simulates attacks like SQL injection and XSS, while SAST (Static Application Security Testing) helps ensure the code is free from vulnerabilities, including memory leaks. The other options do not directly address the requirements of executing attacks or preventing memory leaks effectively.