nerdexam
EC-Council

312-50V10 · Question #517

A software tester is randomly generating invalid inputs in an attempt to crash the program. Which of the following is a software testing technique used to determine if a software program properly hand

The correct answer is C. Fuzzing. Fuzzing is the security testing technique of feeding a program random, malformed, or invalid inputs to uncover crashes, bugs, and vulnerabilities.

Vulnerability Analysis

Question

A software tester is randomly generating invalid inputs in an attempt to crash the program. Which of the following is a software testing technique used to determine if a software program properly handles a wide range of invalid input?

Options

  • AMutating
  • BRandomizing
  • CFuzzing
  • DBounding

How the community answered

(62 responses)
  • A
    8% (5)
  • B
    2% (1)
  • C
    85% (53)
  • D
    5% (3)

Why each option

Fuzzing is the security testing technique of feeding a program random, malformed, or invalid inputs to uncover crashes, bugs, and vulnerabilities.

AMutating

Mutating refers to mutation testing, which modifies source code to evaluate test suite quality, not to test how a program handles invalid input.

BRandomizing

Randomizing is not a recognized formal software testing technique - it is a general concept, not a defined methodology for invalid input handling.

CFuzzingCorrect

Fuzzing (also called fuzz testing) is the automated process of supplying a program with large amounts of random, unexpected, or invalid data to observe failures such as crashes, memory leaks, or assertion errors. It is specifically designed to test how software handles a wide range of invalid input. Tools like AFL and libFuzzer implement this technique to discover security vulnerabilities and stability issues.

DBounding

Bounding refers to boundary value analysis, which tests values at the edges of valid input ranges rather than broadly generating invalid or malformed input.

Concept tested: Fuzz testing for invalid input handling

Source: https://owasp.org/www-community/Fuzzing

Topics

#fuzzing#invalid input testing#vulnerability testing#software security

Community Discussion

No community discussion yet for this question.

Full 312-50V10 Practice