A security administrator wants to test the reliability of an application which accepts user provided
parameters. The administrator is concerned with data integrity and availability. Which of the following
should be implemented to accomplish this task?

A.
Secure coding

B.
Fuzzing

C.
Exception handling

D.
Input validation

Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as
inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed
validation, or memory leaks.
Incorrect Answers:
A: Proper and secure coding can prevent many attacks, including cross-site scripting, SQL injection and
buffer overflows.
C: Exception handling is an aspect of secure coding. When errors occur, the system should revert back to
a secure state. This must be coded into the system by the programmer, and should capture errors and
exceptions so that they could be handled by the application.
D: Input validation is an aspect of secure coding and is intended to mitigate against possible user input
attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the
application before processing that input. The check could be a length, a character type, a language type,
or a domain.

http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 218, 257
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 229, 319, 320