ISC2 Certified Cloud Security Professional (CCSP) Practice Question
During security validation of a new SaaS application, the DevSecOps team adds a scanner that instruments the application's runtime and observes live HTTP requests in the test environment. The scanner maps each request back to the exact line of code that executed, immediately flagging SQL injection findings with very low false-positive rates. Which type of application security testing is the team performing?
Interactive Application Security Testing (IAST) places lightweight agents or instrumentation inside the executing application while it is being exercised by functional or dynamic tests. Because the agent observes both runtime behavior (like DAST) and the underlying code context (like SAST), it can precisely trace vulnerabilities such as SQL injection to specific source lines, producing fewer false positives.
Static application security testing (SAST) analyzes source or bytecode without running the program, so it cannot observe live requests. Dynamic application security testing (DAST) probes the running application from the outside but lacks code-level insight, leading to more false positives. Software composition analysis (SCA) inventories third-party libraries and checks them for known vulnerabilities rather than monitoring runtime behavior. Therefore, the described approach is IAST.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is Interactive Application Security Testing (IAST)?
Open an interactive chat with Bash
How is IAST different from DAST and SAST?
Open an interactive chat with Bash
What vulnerabilities can IAST detect effectively?
Open an interactive chat with Bash
ISC2 Certified Cloud Security Professional (CCSP)
Cloud Application Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .