CompTIA CySA+ (CS0-001) — Question 23

A software assurance lab is performing a dynamic assessment on an application by automatically generating and inputting different, random data sets to attempt to cause an error/failure condition. Which of the following software assessment capabilities is the lab performing AND during which phase of the SDLC should this occur? (Choose two.)

Answer options

• A. Fuzzing
• B. Behavior modeling
• C. Static code analysis
• D. Prototyping phase
• E. Requirements phase
• F. Planning phase

Correct answer: A, D

Explanation

The correct answer is A, Fuzzing, as it involves inputting random data to identify vulnerabilities in the application, and it typically occurs in the Prototyping phase of the SDLC, making D also correct. The other options, such as Behavior modeling, Static code analysis, and the Requirements and Planning phases, do not relate to this specific dynamic testing method or the phase in which it is best implemented.