CompTIA Security+ Question D-95

An application developer has tested some of the known exploits within a new application. Which of the following should the administrator utilize to test for unidentified faults or memory leaks?

A. XSRF Attacks
B. Fuzzing
C. Input Validations
D. SQL Injections

Answer: B

Explanation:
Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failed validation, or memory leaks.

CompTIA Security+ Question A-2

Which of the following is a security advantage of using NoSQL vs. SQL databases in a three-tier environment?

A. NoSQL databases are not vulnerable to XSRF attacks from the application server.
B. NoSQL databases are not vulnerable to SQL injection attacks.
C. NoSQL databases encrypt sensitive information by default.
D. NoSQL databases perform faster than SQL databases on the same hardware.

Answer: B

Explanation:
NoSQL is a nonrelational database and does not use SQL. It is therefore not vulnerable to SQL injection attacks but is vulnerable to similar injection-type attacks.