CompTIA Security+ Question F-60

Verifying the integrity of data submitted to a computer program at or during run-time, with the intent of preventing the malicious exploitation of unintentional effects in the structure of the code, is BEST described as which of the following?

A. Output sanitization
B. Input validation
C. Application hardening
D. Fuzzing

Answer: B

Input validation is a defensive technique intended to mitigate against possible user input attacks, such as buffer overflows and fuzzing. Input validation checks every user input submitted to the application before processing that input. The check could be a length, a character type, a language type, or a domain.