CompTIA Security Plus Mock Test Q758

Which of the following practices is used to mitigate a known security vulnerability?

A. Application fuzzing
B. Patch management
C. Password cracking
D. Auditing security logs

Correct Answer: B
Section: Application, Data and Host Security

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps protect a systems
from new attacks and vulnerabilities that have recently become known.

Incorrect Answers:
A: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for
exceptions such as crashes, or failed validation, or memory leaks.
C: Password cracking is an attempt to find weakness in users’ passwords. However, password strength and complexity would be used to mitigate against weakness in users’
passwords.
D: Security logs record information about security related events, such as user access to resource objects, users performing privileged operations, or events detected by sentry
devices such as firewalls, IDS/IPS, and routers and switches.

References:
http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 218, 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 202, 229, 231-232