SY0-301 · Question #800
An IT security technician is actively involved in identifying coding issues for her company. Which of the following is an application security technique that can be used to identify unknown weaknesses
The correct answer is C. Fuzzing. Fuzzing (fuzz testing) sends random, malformed, or unexpected inputs to an application to trigger crashes, exceptions, or unexpected behavior, thereby revealing unknown vulnerabilities such as buffer overflows, format string bugs, or input validation flaws. Unlike vulnerability s
Question
An IT security technician is actively involved in identifying coding issues for her company. Which of the following is an application security technique that can be used to identify unknown weaknesses within the code?
Options
- AVulnerability scanning
- BDenial of service
- CFuzzing
- DPort scanning
How the community answered
(45 responses)- A4% (2)
- B2% (1)
- C91% (41)
- D2% (1)
Explanation
Fuzzing (fuzz testing) sends random, malformed, or unexpected inputs to an application to trigger crashes, exceptions, or unexpected behavior, thereby revealing unknown vulnerabilities such as buffer overflows, format string bugs, or input validation flaws. Unlike vulnerability scanning, which detects known issues from a signature database, fuzzing can discover zero-day weaknesses. Denial of service is an attack, and port scanning is a network reconnaissance technique - neither identifies code-level vulnerabilities.
Topics
Community Discussion
No community discussion yet for this question.