Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash?
A. Input validation
B. Exception handling
C. Application hardening
D. Fuzzing
CompTIA exam questions
Which of the following describes purposefully injecting extra input during testing, possibly causing an application to crash?
A. Input validation
B. Exception handling
C. Application hardening
D. Fuzzing
Which of the following application security principles involves inputting random data into a program?
A. Brute force attack
B. Sniffing
C. Fuzzing
D. Buffer overflow
Matt, the Chief Information Security Officer (CISO), tells the network administrator that a security company has been hired to perform a penetration test against his network. The security company asks Matt which type of testing would be most beneficial for him. Which of the following BEST describes what the security company might do during a black box test?
A. The security company is provided with all network ranges, security devices in place, and logical maps of the network.
B. The security company is provided with no information about the corporate network or physical locations.
C. The security company is provided with limited information on the network, including all network diagrams.
D. The security company is provided with limited information on the network, including some subnet ranges and logical network diagrams.
A security administrator wants to test the reliability of an application which accepts user provided parameters. The administrator is concerned with data integrity and availability. Which of the following should be implemented to accomplish this task?
A. Secure coding
B. Fuzzing
C. Exception handling
D. Input validation
Which of the following would Jane, an administrator, use to detect an unknown security vulnerability?
A. Patch management
B. Application fuzzing
C. ID badge
D. Application configuration baseline
An IT security technician is actively involved in identifying coding issues for her company.
Which of the following is an application security technique that can be used to identify unknown weaknesses within the code?
A. Vulnerability scanning
B. Denial of service
C. Fuzzing
D. Port scanning
A quality assurance analyst is reviewing a new software product for security, and has complete access to the code and data structures used by the developers. This is an example of which of the following types of testing?
A. Black box
B. Penetration
C. Gray box
D. White box
Which of the following security concepts identifies input variables which are then used to perform boundary testing?
A. Application baseline
B. Application hardening
C. Secure coding
D. Fuzzing
The security consultant is assigned to test a client’s new software for security, after logs show targeted attacks from the Internet. To determine the weaknesses, the consultant has no access to the application program interfaces, code, or data structures. This is an example of which of the following types of testing?
A. Black box
B. Penetration
C. Gray box
D. White box
A process in which the functionality of an application is tested without any knowledge of the internal mechanisms of the application is known as:
A. Black box testing
B. White box testing
C. Black hat testing
D. Gray box testing