nerdexam
CompTIA

SY0-301 · Question #800

An IT security technician is actively involved in identifying coding issues for her company. Which of the following is an application security technique that can be used to identify unknown weaknesses

The correct answer is C. Fuzzing. Fuzzing (fuzz testing) sends random, malformed, or unexpected inputs to an application to trigger crashes, exceptions, or unexpected behavior, thereby revealing unknown vulnerabilities such as buffer overflows, format string bugs, or input validation flaws. Unlike vulnerability s

Threats, vulnerabilities, and mitigations

Question

An IT security technician is actively involved in identifying coding issues for her company. Which of the following is an application security technique that can be used to identify unknown weaknesses within the code?

Options

  • AVulnerability scanning
  • BDenial of service
  • CFuzzing
  • DPort scanning

How the community answered

(45 responses)
  • A
    4% (2)
  • B
    2% (1)
  • C
    91% (41)
  • D
    2% (1)

Explanation

Fuzzing (fuzz testing) sends random, malformed, or unexpected inputs to an application to trigger crashes, exceptions, or unexpected behavior, thereby revealing unknown vulnerabilities such as buffer overflows, format string bugs, or input validation flaws. Unlike vulnerability scanning, which detects known issues from a signature database, fuzzing can discover zero-day weaknesses. Denial of service is an attack, and port scanning is a network reconnaissance technique - neither identifies code-level vulnerabilities.

Topics

#fuzzing#application security testing#vulnerability discovery#dynamic analysis

Community Discussion

No community discussion yet for this question.

Full SY0-301 Practice