CompTIA Security Plus Mock Test Q858

Verifying the integrity of data submitted to a computer program at or during run-time, with the intent of preventing the malicious exploitation of unintentional effects in the structure of the code, is BEST described as which of the following?

A. Output sanitization
B. Input validation
C. Application hardening
D. Fuzzing


Correct Answer: B
Section: Application, Data and Host Security

Explanation:
Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input
submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.

Incorrect Answers:
A: Output sanitization, which is an example of secure output handling is primarily associated with preventing Cross-site Scripting (XSS) vulnerabilities in web sites.
C: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary functions and
features, removing unnecessary usernames or logins and disabling unnecessary services.
D: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for
exceptions such as crashes, or failed validation, or memory leaks.

References:
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis, 2014, pp. 215-217
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 229, 230
https://en.wikipedia.org/wiki/Secure_input_and_output_handling
http://en.wikipedia.org/wiki/Fuzz_testing