Vendors typically ship software applications with security settings disabled by default to ensure a wide
range of interoperability with other applications and devices. A security administrator should perform
which of the following before deploying new software?

A.
Application white listing

B.
Network penetration testing

C.
Application hardening

D.
Input fuzzing testing

Explanation:
Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the
surface of vulnerability typically includes removing unnecessary functions and features, removing
unnecessary usernames or logins and disabling unnecessary services.
Incorrect Answers:
A: Application whitelisting is a form of application security which prevents any software from running on a
system unless it is included on a preapproved exception list. Including the application on the whitelist
does not address the security settings that have been disabled by default.
B: Network penetrating testing attempts to find weakness in a network by trying to hack into the
network. This is not related to software.
D: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to
as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed
validation, or memory leaks.

http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 215-217, 218, 340Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p. 229