Which of the following security concepts identifies input variables which are then used to perform
boundary testing?

A.
Application baseline

B.
Application hardening

C.
Secure coding

D.
Fuzzing

Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as
inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed
validation, or memory leaks.
Incorrect Answers:
A: An application baseline defines the level of security that will be implemented and maintained for the
application. A low baseline implements almost no security while a high baseline does not allow users to
make changes to the application.
B: Application Hardening is the process of securing a system by reducing its surface of vulnerability.
Reducing the surface of vulnerability typically includes removing unnecessary functions and features,
removing unnecessary usernames or logins and disabling unnecessary services.
C: Proper and secure coding can prevent many attacks, including cross-site scripting, SQL injection and
buffer overflows.

http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 218-219, 226
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 229