PrepAway - Latest Free Exam Questions & Answers

Which of the following application security testing techniques is implemented when an automated system generat

Which of the following application security testing techniques is implemented when an automated
system generates random input data?

PrepAway - Latest Free Exam Questions & Answers

A.
Fuzzing

B.
XSRF

C.
Hardening

D.
Input validation

Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as
inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed
validation, or memory leaks.
Incorrect Answers:
B: XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web
application’s trust of a user who known or is supposed to have been authenticated. This is often
accomplished without the user’s knowledge.C: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the
surface of vulnerability typically includes removing unnecessary functions and features, removing
unnecessary usernames or logins and disabling unnecessary services.
D: Input validation is a defensive technique intended to mitigate against possible user input attacks, such
as buffer overflows and fuzzing. Input validation checks every user input submitted to the application
before processing that input. The check could be a length, a character type, a language type, or a domain.

http://en.wikipedia.org/wiki/Fuzz_testing
http://en.wikipedia.org/wiki/Cross-site_request_forgery
http://en.wikipedia.org/wiki/Hardening_%28computing%29
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 218, 335
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 229, 230


Leave a Reply