nerdexam
ExamsSY0-301Questions#9
CompTIA

SY0-301 · Question #9

SY0-301 Question #9: Real Exam Question with Answer & Explanation

The correct answer is A: Fuzzing. Fuzzing is an automated testing technique that feeds random, unexpected, or malformed input data into an application to discover vulnerabilities such as crashes, memory leaks, and unhandled exceptions. It is specifically defined by its use of automated random data generation.

Question

Which of the following application security testing techniques is implemented when an automated system generates random input data?

Options

  • AFuzzing
  • BXSRF
  • CHardening
  • DInput validation

Explanation

Fuzzing is an automated testing technique that feeds random, unexpected, or malformed input data into an application to discover vulnerabilities such as crashes, memory leaks, and unhandled exceptions. It is specifically defined by its use of automated random data generation.

Common mistakes.

  • B. XSRF (Cross-Site Request Forgery) is a web attack type where a victim is tricked into submitting an unintended request; it is not a testing methodology involving random input generation.
  • C. Hardening refers to the process of reducing an attack surface by disabling unnecessary services and applying security configurations; it is a defensive practice, not an application testing technique.
  • D. Input validation is a secure coding defense mechanism that checks and rejects malformed input; it is the countermeasure against attacks, not a testing technique that generates random data.

Concept tested. Fuzz testing with automated random input generation

Reference. https://owasp.org/www-community/Fuzzing

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full SY0-301 Practice