CompTIA CySA+ (CS0-002) — Question 211

An application must pass a vulnerability assessment to move to the next gate. Consequently, any security issues that are found must be remediated prior to the next gate. Which of the following best describes the method for end-to-end vulnerability assessment?

Answer options

• A. Security regression testing
• B. Static analysis
• C. Dynamic analysis
• D. Stress testing

Correct answer: C

Explanation

Dynamic analysis is the correct choice because it involves testing an application in a running state to identify vulnerabilities that may not be visible through other methods. Security regression testing focuses on verifying that previously fixed vulnerabilities do not reappear, while static analysis examines code without executing it, and stress testing evaluates performance under heavy load, none of which are comprehensive vulnerability assessments.