exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam

Exam CAS-004 topic 1 question 519 discussion

Actual exam question from CompTIA's CAS-004
Question #: 519
Topic #: 1
[All CAS-004 Questions]

A company's software developers have indicated that the security team takes too long to perform application security tasks. A security analyst plans to improve the situation by implementing security into the SDLC. The developers have the following requirements:

1. The solution must be able to initiate SQL injection and reflected XSS attacks.
2. The solution must ensure the application is not susceptible to memory leaks.

Which of the following should be implemented to meet these requirements? (Choose two.)

  • A. Side-channel analysis
  • B. Protocol scanner
  • C. HTTP interceptor
  • D. DAST
  • E. Fuzz testing
  • F. SAST
  • G. SCAP
Show Suggested Answer Hide Answer
Suggested Answer: DF 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Steel16
1 week, 1 day ago
Selected Answer: DF
 DAST can simulate SQL injection and reflected XSS attacks by dynamically testing the application in its running state  SAST can analyze the source code to ensure the application is not susceptible to memory leaks by identifying potential vulnerabilities in the code before it is executed
upvoted 1 times
...
Bright07
1 month, 3 weeks ago
Selected Answer: DE
D. DAST (Dynamic Application Security Testing) DAST is a security testing technique that scans a running application to identify vulnerabilities, including SQL injection and XSS attacks. It tests the application in its deployed state, which aligns with the requirement to initiate SQL injection and reflected XSS attacks. E. Fuzz testing Fuzz testing involves sending random or malformed data to an application to identify unexpected behaviors, such as memory leaks, crashes, and security vulnerabilities. This would help identify issues like memory leaks in the application.
upvoted 1 times
...
Bright07
5 months, 2 weeks ago
Ans. DE. D. DAST (Dynamic Application Security Testing) E. Fuzz testing. DAST can simulate attacks such as SQL injection and XSS in a running application, while fuzz testing can help identify vulnerabilities including memory leaks by inputting random data into the application to observe behavior.
upvoted 2 times
...
23169fd
8 months ago
Selected Answer: DF
DAST (Dynamic Application Security Testing): DAST is a type of black-box testing that involves testing an application in its running state. It can initiate SQL injection and reflected XSS attacks by simulating these attacks against the live application to identify vulnerabilities. This meets the first requirement of initiating SQL injection and reflected XSS attacks. SAST (Static Application Security Testing): SAST is a type of white-box testing that involves analyzing the source code of an application. It can detect vulnerabilities related to memory management, such as memory leaks, by examining the code for issues that could lead to such problems. This meets the second requirement of ensuring the application is not susceptible to memory leaks.
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago