Which of the following practices is used to mitigate a known security vulnerability?
A.
Application fuzzing
B.
Patch management
C.
Password cracking
D.
Auditing security logs
Explanation:
Patch management is the process of maintaining the latest source code for applications and operating systems by applying the latest vendor updates. This helps
protect a systems from new attacks and vulnerabilities that have recently become known.
Incorrect Answers:
A: Fuzzing is a software testing technique that involves providing invalid, unexpected, or random data to as inputs to a computer program. The program is then
monitored for exceptions such as crashes, or failed validation, or memory leaks.
C: Password cracking is an attempt to find weakness in users’ passwords. However, password strength and complexity would be used to mitigate against
weakness in users’ passwords.
D: Security logs record information about security related events, such as user access to resource objects, users performing privileged operations, or events
detected by sentry devices such as firewalls, IDS/IPS, and routers and switches.http://en.wikipedia.org/wiki/Fuzz_testing
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, pp 218, 220
Stewart, James Michael, CompTIA Security+ Review Guide, Sybex, Indianapolis, 2014, pp 202, 229, 231-232