ExamTopics Logo
Mail Us[email protected]
Menu
Comptia Discussions
exam questions

Exam CAS-005 All Questions

View all questions & answers for the CAS-005 exam
Go to Exam

Exam CAS-005 topic 1 question 17 discussion

Actual exam question from CompTIA's CAS-005
Question #: 17
Topic #: 1
[All CAS-005 Questions]

A security engineer receives reports through the organization's bug bounty program about remote code execution in a specific component in a custom application. Management wants to properly secure the component and proactively avoid similar issues. Which of the following is the best approach to uncover additional vulnerable paths in the application?

  • A. Leverage an exploitation framework to uncover vulnerabilities.
  • B. Use fuzz testing to uncover potential vulnerabilities in the application.
  • C. Utilize a software composition analysis tool to report known vulnerabilities.
  • D. Reverse engineer the application to look for vulnerable code paths.
  • E. Analyze the use of an HTTP intercepting proxy to dynamically uncover issues.
Show Suggested Answer Hide Answer
Suggested Answer: B 🗳️
by vicbersong at April 23, 2025, 5:36 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
vicbersong
6 days, 9 hours ago
Selected Answer: B
Fuzz testing (fuzzing) is a proactive dynamic application security testing technique where the system is bombarded with random, malformed, or unexpected inputs to discover: Buffer overflows Input validation issues Memory corruption Remote code execution flaws Since the report is about remote code execution, fuzzing is ideal to uncover other vulnerable paths in the same component or similar logic areas.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago