Crucial Exams

ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

While preparing security test cases for an internal message-processing service that uses a proprietary but stable binary file format, a security engineer has access to thousands of legitimate production samples but almost no formal protocol documentation. Which fuzzing approach will most efficiently uncover parser vulnerabilities with the least upfront modeling effort?

  • Send protocol-agnostic streams of completely random bytes that match only the average message length.

  • Feed the service with mutated versions of the captured legitimate messages to exercise unexpected parsing paths.

  • Reverse-engineer the protocol grammar and employ model-based generated fuzzing to build inputs from scratch.

  • Run symbolic execution on the source code to generate path-covering test vectors for each conditional branch.

ISC2 Certified Secure Software Lifecycle Professional (CSSLP)
Secure Software Testing
Your Score:
Settings & Objectives
Random Mixed
Questions are selected randomly from all chosen topics, with a preference for those you haven’t seen before. You may see several questions from the same objective or domain in a row.
Rotate by Objective
Questions cycle through each objective or domain in turn, helping you avoid long streaks of questions from the same area. You may see some repeat questions, but the distribution will be more balanced across topics.

Check or uncheck an objective to set which questions you will receive.

Wipe Score
Bash, the Crucial Exams Chat Bot
AI Bot