SY0-301 · Question #266
Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?
The correct answer is C. Error handling. Proper error handling prevents applications from revealing sensitive system information (e.g., stack traces, database schemas, file paths, server versions) when they receive unexpected or malicious inputs. When errors are caught and generic messages are returned to users, attacke
Question
Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?
Options
- AFuzzing
- BPatch management
- CError handling
- DStrong passwords
How the community answered
(18 responses)- A6% (1)
- B11% (2)
- C78% (14)
- D6% (1)
Explanation
Proper error handling prevents applications from revealing sensitive system information (e.g., stack traces, database schemas, file paths, server versions) when they receive unexpected or malicious inputs. When errors are caught and generic messages are returned to users, attackers cannot use verbose error output to map system internals for further exploitation. Fuzzing (A) is an offensive/testing technique used to find vulnerabilities, not prevent disclosure. Patch management (B) addresses known vulnerabilities but not error output. Strong passwords (D) protect authentication but are unrelated to information disclosure via error messages.
Topics
Community Discussion
No community discussion yet for this question.