CompTIA Security Plus Mock Test Q736

Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?

A. Fuzzing
B. Patch management
C. Error handling
D. Strong passwords


Correct Answer: C
Section: Application, Data and Host Security

Explanation:
Exception handling is an aspect of secure coding. When errors occur, the system should revert back to a secure state. This must be coded into the system by the programmer, and
should capture errors and exceptions so that they could be handled by the application.

Incorrect Answers:
A: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for
exceptions such as crashes, or failed validation, or memory leaks.
B: Patch management is the process of maintaining the latest source code for applications and operating systems. This helps protect a systems from known attacks and
vulnerabilities.
D: Passwords are used to control access to systems as part of a user authentication process. Strong passwords make it harder for attackers to guess or crack the passwords.

References:
http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 218, 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 229, 230, 231-232