Exam CAS-004 All QuestionsBrowse all questions from this exam
Go to Exam
Question 492

A company's software developers have indicated that the security team takes too long to perform application security tasks. A security analyst plans to improve the situation by implementing security into the SDLC. The developers have the following requirements:

1. The solution must be able to initiate SQL injection and reflected XSS attacks.

2. The solution must ensure the application is not susceptible to memory leaks.

Which of the following should be implemented to meet these requirements? (Choose two.)

    Correct Answer: D, F

    To meet the requirements of initiating SQL injection and reflected XSS attacks, and ensuring the application is not susceptible to memory leaks, the two appropriate solutions are DAST and SAST. DAST (Dynamic Application Security Testing) allows for the simulation of SQL injection and reflected XSS attacks on a running application, effectively identifying these types of vulnerabilities. SAST (Static Application Security Testing) involves analyzing the application's source code to detect potential issues such as memory leaks, ensuring the application maintains proper memory management practices.

Discussion
23169fdOptions: DF

DAST (Dynamic Application Security Testing): DAST is a type of black-box testing that involves testing an application in its running state. It can initiate SQL injection and reflected XSS attacks by simulating these attacks against the live application to identify vulnerabilities. This meets the first requirement of initiating SQL injection and reflected XSS attacks. SAST (Static Application Security Testing): SAST is a type of white-box testing that involves analyzing the source code of an application. It can detect vulnerabilities related to memory management, such as memory leaks, by examining the code for issues that could lead to such problems. This meets the second requirement of ensuring the application is not susceptible to memory leaks.