CompTIA SecurityX (CAS-005) — Question 62

A security analyst is assessing a new application written in Java. The security analyst must determine which vulnerabilities exist during runtime. Which of the following would provide the most exhaustive list of vulnerabilities while meeting the objective?

Answer options

• A. Input validation
• B. Dynamic analysis
• C. Side-channel analysis
• D. Fuzz testing
• E. Static analysis

Correct answer: B

Explanation

Dynamic analysis is the correct answer as it assesses the application while it runs, allowing for the identification of vulnerabilities that occur in real-time. Input validation and static analysis focus on code and data before execution, while side-channel analysis and fuzz testing do not provide a complete overview of runtime vulnerabilities.