Which of the following encompasses application patch management?

A.
Configuration management

B.
Policy management

C.
Cross-site request forgery

D.
Fuzzing

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating
systems by applying the latest vendor updates. This helps protect a systems from newly discovered
attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test
system first to ensure that the updates do not have detrimental effects on the system and its
configuration, and, should the updates have no detrimental effects on the test systems, backing up the
production systems before applying the updates on a production system.
Incorrect Answers:
B: Policy management is the use of policies to form guidelines for the management of entities within an
organization. These policies need to be enforced.
C: XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web
application’s trust of a user who known or is supposed to have been authenticated. This is often
accomplished without the user’s knowledge. XSRF is not related to patch management.
D: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to
as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed
validation, or memory leaks.

http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 218, 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 229, 231-232