CompTIA Security+ (SY0-501) — Question 81

Ann, a security administrator, has been instructed to perform fuzz-based testing on the company's applications.
Which of the following best describes what she will do?

Answer options

• A. Enter random or invalid data into the application in an attempt to cause it to fault
• B. Work with the developers to eliminate horizontal privilege escalation opportunities
• C. Test the applications for the existence of built-in- back doors left by the developers
• D. Hash the application to verify it won't cause a false positive on the HIPS

Correct answer: A

Explanation

The correct answer is A, as fuzz testing involves inputting random or invalid data to discover vulnerabilities that could cause the application to crash or behave unexpectedly. Options B and C focus on privilege escalation and back door detection, which are different security testing methods, while D relates to hash verification and false positives, not directly related to fuzz testing.