CompTIA CASP+ (CAS-004) — Question 498

A security analyst is assessing a new application written in Java. The security analyst must determine which vulnerabilities exist during runtime. Which of the following would provide the most exhaustive list of vulnerabilities while meeting the objective?

Answer options

• A. Input validation
• B. Dynamic analysis
• C. Side-channel analysis
• D. Fuzz testing
• E. Static analysis

Correct answer: B

Explanation

Dynamic analysis is the correct answer because it involves testing the application during its runtime, allowing for the identification of vulnerabilities that may not be apparent through other methods. Input validation, static analysis, side-channel analysis, and fuzz testing each have their specific use cases but do not provide the thorough runtime assessment that dynamic analysis does.