nerdexam
ExamsCAS-002Questions#180
CompTIA

CAS-002 · Question #180

CAS-002 Question #180: Real Exam Question with Answer & Explanation

The correct answer is A: Fuzzing. Fuzzing identifies overflow vulnerabilities by sending unexpected or malformed input to an application to trigger crashes or unexpected behavior.

Question

Which of the following should be used to identify overflow vulnerabilities?

Options

  • AFuzzing
  • BInput validation
  • CPrivilege escalation
  • DSecure coding standards

Explanation

Fuzzing identifies overflow vulnerabilities by sending unexpected or malformed input to an application to trigger crashes or unexpected behavior.

Common mistakes.

  • B. Input validation is a mitigation control used to prevent bad data from entering a system, not a technique for discovering existing vulnerabilities.
  • C. Privilege escalation is an attack technique where an adversary gains elevated permissions, not a method for identifying overflow flaws.
  • D. Secure coding standards are preventive guidelines for writing safer code and do not identify vulnerabilities already present in an application.

Concept tested. Fuzzing as overflow vulnerability discovery technique

Reference. https://owasp.org/www-community/Fuzzing

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CAS-002 Practice