Which of the following application security principles involves inputting random data into a program?

A.
Brute force attack

B.
Sniffing

C.
Fuzzing

D.
Buffer overflow

Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then
monitored for exceptions such as crashes, or failed validation, or memory leaks.
Incorrect Answers:
A: A Brute force attack consists of systematically checking all possible keys or passwords until a match is found.
B: A sniffer is a passive network monitoring tool that provides information of network traffic in real-time. They are used for troubleshooting purposes, but can also
be used by attackers to determine what protocols and systems are running on a network.
D: Buffer overflow is an exploit at programming error, bugs and flaws. It occurs when an application receives more data than it is programmed to handle. This may
cause the application to terminate or to write data beyond the end of the allocated space in memory. The termination of the application may cause the system to
send the data with temporary access to privileged levels in the system, while overwriting can cause important data to be lost.

http://en.wikipedia.org/wiki/Fuzz_testing
http://en.wikipedia.org/wiki/Brute-force_attack
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 66, 218, 257, 338
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 18, 197, 229, 319