ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question
During a security assessment of an internally developed RESTful microservice, you suspect there are API endpoints not included in the official design documentation. What test activity would be most effective for uncovering this undocumented functionality before production release?
Execute unit tests derived from user story acceptance criteria
Conduct black-box fuzzing that mutates URL paths and HTTP verbs to enumerate undisclosed endpoints
Perform static analysis of source code to identify insecure cryptographic implementations
Run stress testing with production-like load to measure service scalability
Undocumented functionality is best revealed by treating the system as an unknown environment and actively probing for behavior that is not described in specifications. Black-box fuzzing that mutates resource paths, query strings, headers, and HTTP verbs forces the service to respond to unexpected requests and helps enumerate hidden or forgotten endpoints. Other options fall short: static code analysis can expose coding errors but may miss runtime-only routes; stress testing focuses on performance, not functionality discovery; unit tests based on documented user stories are constrained to what is already known, so they cannot expose undocumented interfaces.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is black-box fuzzing?
Open an interactive chat with Bash
How can mutated URL paths and HTTP verbs help uncover hidden API endpoints?
Open an interactive chat with Bash
Why is black-box fuzzing preferred over static analysis for discovering undocumented endpoints?
Open an interactive chat with Bash
What is black-box fuzzing?
Open an interactive chat with Bash
Why is it important to find undocumented API endpoints?
Open an interactive chat with Bash
How does black-box fuzzing differ from static code analysis?
Open an interactive chat with Bash
ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Testing
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .