An advanced threat emulation engineer is conducting testing against a client’s network. The engineer conducts the testing in as realistic a manner as possible. Consequently, the engineer has been gradually ramping up the volume of attacks over a long period of time. Which of the following combinations of techniques would the engineer MOST likely use in this testing? (Choose three.)
A. Black box testing
B. Gray box testing
C. Code review
D. Social engineering
E. Vulnerability assessment
F. Pivoting
G. Self-assessment
H. White teaming
I. External auditing
CompTIA Security+ Question L-54
Ann, the software security engineer, works for a major software vendor. Which of the following practices should be implemented to help prevent race conditions, buffer overflows, and other similar vulnerabilities prior to each production release?
A. Product baseline report
B. Input validation
C. Patch regression testing
D. Code review
CompTIA Security+ Question G-72
In regards to secure coding practices, why is input validation important?
A. It mitigates buffer overflow attacks.
B. It makes the code more readable.
C. It provides an application configuration baseline.
D. It meets gray box testing standards.
CompTIA Security+ Question G-41
An IT auditor tests an application as an authenticated user. This is an example of which of the following types of testing?
A. Penetration
B. White box
C. Black box
D. Gray box
CompTIA Security+ Question F-66
A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as:
A. Black box testing
B. White box testing
C. Black hat testing
D. Gray box testing
CompTIA Security+ Question D-12
Peter, a developer, writes an application. Jane, the security analyst, knows some things about the overall application but does not have all the details. Jane needs to review the software before it is released to production. Which of the following reviews should Jane conduct?
A. Gray Box Testing
B. Black Box Testing
C. Business Impact Analysis
D. White Box Testing
CompTIA Security+ Question B-73
A software development company has hired a programmer to develop a plug-in module to an existing proprietary application. After completing the module, the developer needs to test the entire application to ensure that the module did not introduce new vulnerabilities. Which of the following is the developer performing when testing the application?
A. Black box testing
B. White box testing
C. Gray box testing
D. Design review