CompTIA Security Plus Mock Test Q742

In regards to secure coding practices, why is input validation important?

A. It mitigates buffer overflow attacks.
B. It makes the code more readable.
C. It provides an application configuration baseline.
D. It meets gray box testing standards.

Correct Answer: A
Section: Application, Data and Host Security

Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application is fed more input data than it is programmed to handle. This may cause the
application to terminate or to write data beyond the end of the allocated space in memory. The termination of the application may cause the system to send the data with temporary
access to privileged levels in the system, while overwriting can cause important data to be lost. Proper error and exception handling and input validation will help prevent Buffer
overflow exploits.

Incorrect Answers:
B: Code readability is a function of the integrated development environment (IDE) and the use of indentation and formatting. It is not a function of input validation.
C: Application configuration baselining is the process of tuning the settings of an application to ensure it operates at its optimal value while providing security and vulnerability
D: Gray box testing is a form of penetration testing for software where the tester approaches the software from a user perspective, analyzing inputs and outputs. They do have access
to the source code which they use to design their tests but they do not analyze the inner workings of the application during their testing.

Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 219, 338
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 197, 222