CompTIA CySA+ (CS0-003) — Question 172

An organization is conducting a pilot deployment of an e-commerce application. The application’s source code is not available. Which of the following strategies should an analyst recommend to evaluate the security of the software?

Answer options

• A. Static testing
• B. Vulnerability testing
• C. Dynamic testing
• D. Penetration testing

Correct answer: C

Explanation

Dynamic testing is the correct choice because it evaluates the application's behavior during execution, identifying runtime vulnerabilities without needing access to the source code. Static testing, vulnerability testing, and penetration testing are less suitable in this context as they either require source code or do not specifically address the dynamic aspects of the application's security.