EC-Council
312-50V11 · Question #142
312-50V11 Question #142: Real Exam Question with Answer & Explanation
The correct answer is D: Fuzzing Testing. Fuzzing is a dynamic testing technique that feeds large volumes of random or malformed input into an application to uncover unexpected behavior, crashes, or injection vulnerabilities.
Question
Which of the following is an adaptive SQL Injection testing technique used to discover coding errors by inputting massive amounts of random data and observing the changes in the output?
Options
- AFunction Testing
- BDynamic Testing
- CStatic Testing
- DFuzzing Testing
Explanation
Fuzzing is a dynamic testing technique that feeds large volumes of random or malformed input into an application to uncover unexpected behavior, crashes, or injection vulnerabilities.
Common mistakes.
- A. Function testing validates that a feature behaves according to its specification using defined, expected inputs rather than random data.
- B. Dynamic testing is a broad category that covers any testing performed by executing the program; fuzzing is a specific subset of it, so 'dynamic testing' alone does not identify the adaptive random-data technique described.
- C. Static testing analyzes source code, binaries, or documentation without executing the application, which is the opposite of the runtime-observation method described.
Concept tested. Fuzzing technique for SQL injection vulnerability discovery
Reference. https://owasp.org/www-community/Fuzzing
Community Discussion
No community discussion yet for this question.