Vendors typically ship software applications with security settings disabled by default to ensure a wide range of interoperability with other applications and devices.
A security administrator should perform which of the following before deploying new software?
A.
Application white listing
B.
Network penetration testing
C.
Application hardening
D.
Input fuzzing testing
Explanation:
Hardening is the process of securing a system by reducing its surface of vulnerability. Reducing the surface of vulnerability typically includes removing unnecessary
functions and features, removing unnecessary usernames or logins and disabling unnecessary services.
Incorrect Answers:
A: Application whitelisting is a form of application security which prevents any software from running on a system unless it is included on a preapproved exception
list. Including the application on the whitelist does not address the security settings that have been disabled by default.B: Network penetrating testing attempts to find weakness in a network by trying to hack into the network. This is not related to software.
D: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then
monitored for exceptions such as crashes, or failed validation, or memory leaks.http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 215-217, 218, 340
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, p 229