ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-004 All Questions

View all questions & answers for the CAS-004 exam
Go to Exam

Exam CAS-004 topic 1 question 555 discussion

Actual exam question from CompTIA's CAS-004
Question #: 555
Topic #: 1
[All CAS-004 Questions]

A security engineer receives reports through the organization’s bug bounty program about remote code execution in a specific component in a custom application. Management wants to properly secure the component and proactively avoid similar issues. Which of the following is the best approach to uncover additional vulnerable paths in the application?

  • A. Implement fuzz testing focused on the component and inputs uncovered by the bug bounty program.
  • B. Leverage a software composition analysis tool to find all known vulnerabilities in dependencies.
  • C. Use a vulnerability scanner to perform multiple types of network scans to look for vulnerabilities.
  • D. Utilize a network traffic analyzer to find malicious packet combinations that lead to remote code execution.
  • E. Run an exploit framework with all payloads against the application to see if it is able to gain access.
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️
by grelaman at Oct. 14, 2024, 9:33 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
Pesos
1 month, 1 week ago
Fuzz testing will try various inputs to find any additional ways to work around the system
upvoted 1 times
...
grelaman
2 months, 1 week ago
Selected Answer: A
Implementing fuzz testing focused on the specific component and inputs identified by the bug bounty program is the best approach to uncover additional vulnerable paths in the application. - By concentrating on the component where the remote code execution (RCE) vulnerability was found, fuzz testing can efficiently identify similar weaknesses in the code. - Fuzz testing generates a wide range of unexpected or random inputs, helping to discover edge cases that may not be covered by standard testing. - It helps identify complex and subtle bugs that could lead to security issues like buffer overflows, injection flaws, or logic errors leading to RCE. - Fuzzing tools automate the process of input generation and testing, allowing for extensive coverage without excessive manual effort. - Integrating fuzz testing into the development process helps catch vulnerabilities early, reducing the cost and effort required to fix them.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago