CompTIA Security Plus Mock Test Q854

An application developer has tested some of the known exploits within a new application. Which of the following should the administrator utilize to test for unidentified faults or memory leaks?

A. XSRF Attacks
B. Fuzzing
C. Input Validations
D. SQL Injections


Correct Answer: B
Section: Application, Data and Host Security

Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions
such as crashes, or failed validation, or memory leaks.

Incorrect Answers:
A: XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to have been
authenticated. This is often accomplished without the user’s knowledge.
C: Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input
submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.
D: SQL injection attacks use unexpected input to a web application to gain access to the database used by web application. You can protect a web application against SQL injection by
implementing input validation and by limiting database account privileges for the account used by the web server and the web application.

References:
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 195, 229, 230, 230-231
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 335, 340-341
http://en.wikipedia.org/wiki/Fuzz_testing