Which of the following encompasses application patch management?

A.
Configuration management

B.
Policy management

C.
Cross-site request forgery

D.
Fuzzing

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps
protect a systems from newly discovered attacks and vulnerabilities. A part of patch management is testing the effects of vendor updates on a test system first to

ensure that the updates do not have detrimental effects on the system and its configuration, and, should the updates have no detrimental effects on the test
systems, backing up the production systems before applying the updates on a production system.
Incorrect Answers:
B: Policy management is the use of policies to form guidelines for the management of entities within an organization. These policies need to be enforced.
C: XSRF or cross-site request forgery applies to web applications and is an attack that exploits the web application’s trust of a user who known or is supposed to
have been authenticated. This is often accomplished without the user’s knowledge. XSRF is not related to patch management.
D: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then
monitored for exceptions such as crashes, or failed validation, or memory leaks.

http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 218, 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 229, 231-232