CompTIA Security+ Question D-95

An application developer has tested some of the known exploits within a new application. Which of the following should the administrator utilize to test for unidentified faults or memory leaks?

A. XSRF Attacks
B. Fuzzing
C. Input Validations
D. SQL Injections

Answer: B

Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

CompTIA Security+ Question D-30

Peter an application developer is building an external facing marketing site. There is an area on the page where clients may submit their feedback to articles that are posted. Peter filters client-side JAVA input. Which of the following is Peter attempting to prevent?

A. SQL injections
B. Watering holes
C. Cross site scripting
D. Pharming

Answer: C