Which of the following practices is used to mitigate a known security vulnerability?

A.
Application fuzzing

B.
Patch management

C.
Password cracking

D.
Auditing security logs

Explanation:
Patch management is the process of maintaining the latest source code for applications and operating
systems by applying the latest vendor updates. This helps protect a systems from new attacks and
vulnerabilities that have recently become known.
Incorrect Answers:
A: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to
as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed
validation, or memory leaks.
C: Password cracking is an attempt to find weakness in users’ passwords. However, password strength
and complexity would be used to mitigate against weakness in users’ passwords.
D: Security logs record information about security related events, such as user access to resource objects,
users performing privileged operations, or events detected by sentry devices such as firewalls, IDS/IPS,
and routers and switches.

http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 218, 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 202, 229, 231-
232