Certified Cloud Security Professional (CCSP) — Question 402

Different security testing methodologies offer different strategies and approaches to testing systems, requiring security personnel to determine the best type to use for their specific circumstances.
What does dynamic application security testing (DAST) NOT entail that SAST does?

Answer options

• A. Discovery
• B. Knowledge of the system
• C. Scanning
• D. Probing

Correct answer: B

Explanation

The correct answer is B because DAST focuses on testing applications during runtime without requiring in-depth knowledge of the underlying code or system architecture, which is a critical part of SAST. In contrast, SAST analyzes the source code or binaries, necessitating a comprehensive understanding of the system. Options A, C, and D are part of both methodologies, as they involve analyzing the application in various ways.