CompTIA Security Plus Mock Test Q726

Which of the following security concepts identifies input variables which are then used to perform boundary testing?

A. Application baseline
B. Application hardening
C. Secure coding
D. Fuzzing


Correct Answer: D
Section: Application, Data and Host Security

Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions
such as crashes, or failed validation, or memory leaks.

Incorrect Answers:
A: An application baseline defines the level of security that will be implemented and maintained for the application. A low baseline implements almost no security while a high baseline
does not allow users to make changes to the application.
B: Application Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary
functions and features, removing unnecessary usernames or logins and disabling unnecessary services.
C: Proper and secure coding can prevent many attacks, including cross-site scripting, SQL injection and buffer overflows.

References:
http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 218-219, 226
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 229