Which of the following would Jane, an administrator, use to detect an unknown security vulnerability?

A.
Patch management

B.
Application fuzzing

C.
ID badge

D.
Application configuration baseline

Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as
inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed
validation, or memory leaks.Incorrect Answers:
A: Patch management is the process of maintaining the latest source code for applications and operating
systems. This helps protect a systems from known attacks and vulnerabilities, but not from unknown
vulnerabilities.
C: An ID badge is an aspect of physical security. It is used to control physical access to facilities and areas
in a facility.
D: An Application configuration baseline defines the level of security that will be implemented and
maintained for the application. A low baseline implements almost no security while a high baseline does
not allow users to make changes to the application.

http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, 6th Edition, Sybex, Indianapolis,
2014, pp. 218, 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp. 129, 229, 231-
232