A technician has implemented a system in which all workstations on the network will receive security
updates on the same schedule. Which of the following concepts does this illustrate?

A.
Patch management

B.
Application hardening

C.
White box testing

D.
Black box testing

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating
systems by applying the latest vendor updates. This helps protect a systems from newly discovered
attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test
system before applying the updates on a production system, and scheduling updates.
Incorrect Answers:
B: Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the
surface of vulnerability typically includes removing or disabling unnecessary functions and features,
removing or disabling unnecessary user accounts, disabling unnecessary protocols and ports, and
disabling unnecessary services.
C: White box testing is a form of penetration testing in which the tester has significant knowledge of the
system and how it functions. This simulates an attack from an insider.
D: Black box testing is a form of penetration testing in which the tester has absolutely no knowledge of
the system or it how it functions. This simulates an attack from an outsider.

Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 221, 231-232
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 215-217, 220, 459