Weekly CISSP Exam Questions
Which type of testing will most likely find zero-day vulnerabilities?
A. Fuzz Testing
B. White-Box Testing
C. Black-Box Testing
D. Stress Testing
Correct Answer: A
Explanation:
Fuzz Testing: As mentioned, fuzzing is designed to find unknown vulnerabilities by subjecting the software to a wide array of random and unexpected inputs. This makes it most likely to discover zero-day vulnerabilities.
White-Box Testing: While this approach can be thorough because it has full access to the source code, it often relies on the tester's knowledge of known vulnerabilities and best practices, making it less likely to find zero-day vulnerabilities compared to fuzz testing.
Black-Box Testing: This type of testing doesn't have access to the source code and tests the software from an external perspective. While it might find unknown vulnerabilities, it is generally less effective at finding zero-day vulnerabilities compared to fuzz testing.
Stress Testing: This is meant to evaluate how a system performs under extreme conditions, such as heavy load or low resources, rather than find vulnerabilities.
Podcasts
Check out my weekly podcasts that delve deep into the relevant topics related to each of CISSP domains. In addition, I will go over specific questions and they can be interpreted and answered.
CISSP Cyber Training Academy
Tired of not knowing how to study for the CISSP Exam?
Check out the CISSP Cyber Training Academy to help you on your journey!
CISSP Cyber Training - YouTube
Check out my video collection on YouTube discussing all the details needed to help you pass the CISSP exam.
