CompTIA CySA+ (CS0-003) — Question 91
A Chief Information Security Officer wants to implement security by design, starting with the implementation of a security scanning method to identify vulnerabilities, including SQL injection, RFI, XSS, etc. Which of the following would most likely meet the requirement?
Answer options
- A. Reverse engineering
- B. Known environment testing
- C. Dynamic application security testing
- D. Code debugging
Correct answer: C
Explanation
The correct answer is C, Dynamic application security testing, as it is specifically designed to identify vulnerabilities in running applications. Options A and D, Reverse engineering and Code debugging, focus on analyzing code rather than actively identifying security flaws in real-time applications. Option B, Known environment testing, may not cover all the dynamic vulnerabilities that can arise during application operation.