Certificate of Cloud Security Knowledge (CCSK) — Question 116

Which type of application security testing tests running applications and includes tests such as web vulnerability testing and fuzzing?

Answer options

• A. Code Review
• B. Static Application Security Testing (SAST)
• C. Unit Testing
• D. Functional Testing
• E. Dynamic Application Security Testing (DAST)

Correct answer: E

Explanation

The correct answer is E, Dynamic Application Security Testing (DAST), as it focuses on testing applications in their running state and identifies vulnerabilities that can be exploited in real-time. The other options do not test running applications; for instance, A (Code Review) checks the source code, B (SAST) analyzes code without executing it, C (Unit Testing) verifies individual components, and D (Functional Testing) assesses the functionality rather than security vulnerabilities.