CompTIA PenTest+ (PT0-002) — Question 87

A software company has hired a security consultant to assess the security of the company's software development practices. The consultant opts to begin reconnaissance by performing fuzzing on a software binary. Which of the following vulnerabilities is the security consultant MOST likely to identify?

Answer options

• A. Weak authentication schemes
• B. Credentials stored in strings
• C. Buffer overflows
• D. Non-optimized resource management

Correct answer: C

Explanation

Fuzzing is a testing technique used to identify vulnerabilities by inputting random data into a program. It is particularly effective at revealing buffer overflows, which occur when data exceeds the buffer's capacity, leading to potential security issues. The other options may be valid vulnerabilities, but they are not specifically targeted by the fuzzing process.