CompTIA Security+ (SY0-501) — Question 969

Which of the following allows an auditor to test proprietary-software compiled code for security flaws?

Answer options

• A. Fuzzing
• B. Static review
• C. Code signing
• D. Regression testing

Correct answer: A

Explanation

Fuzzing is a testing technique that involves inputting random data into a program to discover security vulnerabilities, making it suitable for examining proprietary-software compiled code. Static review, while useful, typically analyzes source code rather than compiled code. Code signing is a method for ensuring code integrity and authenticity, not for testing vulnerabilities. Regression testing is aimed at ensuring that new changes have not adversely affected existing functionalities, rather than identifying security flaws.