Certificate of Cloud Security Knowledge (CCSK) — Question 40

Which type of application security testing should incorporate checks on API calls to the cloud service?

Answer options

• A. Dynamic Application Security Testing (DAST)
• B. Unit Testing
• C. Functional Testing
• D. Static Application Security Testing (SAST)
• E. All of the above

Correct answer: D

Explanation

Static Application Security Testing (SAST) is the correct answer because it analyzes source code for vulnerabilities, including those that may arise from API calls to cloud services. The other options like DAST and Functional Testing focus on runtime testing or functional behavior, while Unit Testing checks individual components without a focus on security vulnerabilities in API interactions.