Which of the following application security principles involves inputting random data into a program?

A.
Brute force attack

B.
Sniffing

C.
Fuzzing

D.
Buffer overflow

Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as
inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed
validation, or memory leaks.
Incorrect Answers:
A: A Brute force attack consists of systematically checking all possible keys or passwords until a match is
found.
B: A sniffer is a passive network monitoring tool that provides information of network traffic in real-time.
They are used for troubleshooting purposes, but can also be used by attackers to determine what
protocols and systems are running on a network.
D: Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application
receives more data than it is programmed to handle. This may cause the application to terminate or to
write data beyond the end of the allocated space in memory. The termination of the application may
cause the system to send the data with temporary access to privileged levels in the system, while
overwriting can cause important data to be lost.

http://en.wikipedia.org/wiki/Fuzz_testing
http://en.wikipedia.org/wiki/Brute-force_attackDulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 66, 218, 257, 338
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 18, 197, 229,
319