nerdexam
EC-Council

312-50V11 · Question #462

Sid is a judge for a programming contest. Before the code reaches him it goes through a restricted OS and is tested there. If it passes, then it moves onto Sid. What is this middle step called?

The correct answer is A. Fuzzy-testing the code. Running contest code through a restricted OS to test it automatically before human review is the middle step known as fuzz testing.

Vulnerability Analysis

Question

Sid is a judge for a programming contest. Before the code reaches him it goes through a restricted OS and is tested there. If it passes, then it moves onto Sid. What is this middle step called?

Options

  • AFuzzy-testing the code
  • BThird party running the code
  • CSandboxing the code
  • DString validating the code

How the community answered

(23 responses)
  • A
    96% (22)
  • B
    4% (1)

Why each option

Running contest code through a restricted OS to test it automatically before human review is the middle step known as fuzz testing.

AFuzzy-testing the codeCorrect

Fuzz testing is a dynamic testing technique where a program is executed with many varied and often unexpected inputs in an automated, controlled environment to detect errors, crashes, or unexpected behavior. In this contest scenario, code passes through a restricted OS that runs and evaluates it against automated test cases before reaching the judge - this automated, input-driven execution in an isolated harness matches the defining characteristic of fuzz testing.

BThird party running the code

Third-party running the code describes who is executing the code rather than any specific methodology or technique, and is not a recognized security or software testing term.

CSandboxing the code

Sandboxing refers to isolating an execution environment to prevent damage or escape - it describes a containment mechanism, not the testing methodology of executing code against varied automated inputs.

DString validating the code

String validation is a specific input-checking technique that verifies string format or content - it is not a general code-testing process and does not describe automated multi-input execution of a program.

Concept tested: Fuzz testing code in a controlled isolated environment

Source: https://owasp.org/www-community/Fuzzing

Topics

#fuzzing#sandbox#code testing#vulnerability analysis

Community Discussion

No community discussion yet for this question.

Full 312-50V11 Practice