ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-005 All Questions

View all questions & answers for the CAS-005 exam
Go to Exam

Exam CAS-005 topic 1 question 67 discussion

Actual exam question from CompTIA's CAS-005
Question #: 67
Topic #: 1
[All CAS-005 Questions]

A security analyst is assessing a new application written in Java. The security analyst must determine which vulnerabilities exist during runtime. Which of the following would provide the most exhaustive list of vulnerabilities while meeting the objective?

  • A. Input validation
  • B. Dynamic analysis
  • C. Side-channel analysis
  • D. Fuzz testing
  • E. Static analysis
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by vicbersong at May 1, 2025, 6:52 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
vicbersong
1 month, 3 weeks ago
Selected Answer: B
❌ Why not the others? A. Input validation: This is a secure coding practice, not a vulnerability assessment technique. C. Side-channel analysis: Typically used in hardware security or low-level cryptographic attacks — not relevant for general Java app vulnerability discovery. D. Fuzz testing: Good for finding unexpected crashes or behavior, but not as exhaustive or informative as dynamic analysis in most enterprise use cases. E. Static analysis: Looks at code without executing it, so it doesn't reveal runtime issues like environment-specific bugs or dynamic dependencies.
upvoted 1 times
...
vicbersong
1 month, 3 weeks ago
Selected Answer: B
✅ B. Dynamic analysis Explanation: The question states the application is written in Java and the analyst must identify vulnerabilities during runtime. The keyword here is "during runtime." Dynamic Analysis: Involves analyzing the application while it is running. Detects runtime vulnerabilities like memory leaks, injection attacks, authentication issues, insecure session handling, and more. It provides a comprehensive and realistic view of how the application behaves in the real world. Often done through tools like DAST (Dynamic Application Security Testing).
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel