CompTIA Security Plus Mock Test Q729

Fuzzing is a security assessment technique that allows testers to analyze the behavior of software applications under which of the following conditions?

A. Unexpected input
B. Invalid output
C. Parameterized input
D. Valid output


Correct Answer: A
Section: Application, Data and Host Security

Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions
such as crashes, or failed validation, or memory leaks.

Incorrect Answers:
B, D: Fuzzing uses invalid input and not output to test the application’s response, such as crashes, or failed validation, or memory leaks, to such input.
C: Parameterized input may be one of the invalid, unexpected, or random data that would be used in fuzz testing. Other forms of invalid data should also be tested.

References:
http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, p. 218
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 229