CompTIA CySA+ (CS0-002) — Question 219

A security analyst is supporting an embedded software team. Which of the following is the best recommendation to ensure proper error handling at runtime?

Answer options

• A. Perform static code analysis.
• B. Require application fuzzing.
• C. Enforce input validation.
• D. Perform a code review.

Correct answer: B

Explanation

Application fuzzing is the best choice because it actively tests how the application handles unexpected or invalid data during execution, which is crucial for identifying runtime errors. While static code analysis, input validation, and code reviews are important practices, they do not specifically target the dynamic behavior of the application under erroneous conditions like fuzzing does.