nerdexam
CompTIA

SY0-301 · Question #266

Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?

The correct answer is C. Error handling. Proper error handling prevents applications from revealing sensitive system information (e.g., stack traces, database schemas, file paths, server versions) when they receive unexpected or malicious inputs. When errors are caught and generic messages are returned to users, attacke

Threats, vulnerabilities, and mitigations

Question

Which of the following techniques can be used to prevent the disclosure of system information resulting from arbitrary inputs when implemented properly?

Options

  • AFuzzing
  • BPatch management
  • CError handling
  • DStrong passwords

How the community answered

(18 responses)
  • A
    6% (1)
  • B
    11% (2)
  • C
    78% (14)
  • D
    6% (1)

Explanation

Proper error handling prevents applications from revealing sensitive system information (e.g., stack traces, database schemas, file paths, server versions) when they receive unexpected or malicious inputs. When errors are caught and generic messages are returned to users, attackers cannot use verbose error output to map system internals for further exploitation. Fuzzing (A) is an offensive/testing technique used to find vulnerabilities, not prevent disclosure. Patch management (B) addresses known vulnerabilities but not error output. Strong passwords (D) protect authentication but are unrelated to information disclosure via error messages.

Topics

#error handling#input validation#information disclosure#secure coding

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice