CISSP PRACTICE QUESTIONS – 20210512

Effective CISSP Questions

Fuzz testing is an automated software testing technique that employs a fuzzer to generate test data as inputs to software under test randomly. Which of the following is correct? (Wentz QOTD)
A. Fuzzing test using a smart fuzzer is white-box testing.
B. A smart fuzzer aware of input structure primarily mutates meaningful test data.
C. A generation-based fuzzer relies on modifying existing test data randomly.
D. A dumb fuzzer doesn’t rely on detecting input structure to generate test data.

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. A dumb fuzzer doesn’t rely on detecting input structure to generate test data.

Fuzzing tests using a smart fuzzer can be either black-box or white-box testing. A smart fuzzer is aware of the input structure, typically through the user interface or application programming interface, but may not get insight into the internal structure. A dumb fuzzer doesn’t rely on detecting input structure to generate test data.

A mutation-based fuzzer can be dumb or smart and generates invalid, unexpected, or random test data based on previously generated datasets. A generation-based fuzzer generates test data from scratch.

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

模糊測試(fuzz testing)是一種自動化的軟件測試技術,該技術使用模糊器(fuzzer)隨機生成測試數據作為對被測軟件的輸入。 以下哪項是正確的? (Wentz QOTD)
A. 使用智能模糊器(smart fuzzer)進行的模糊測試是白箱測試。
B. 知道輸入結構的智能模糊器會主要是改變有意義的測試數據。
C. 生成型的模糊器(generation-based)依賴於隨機修改現有測試數據。
D. 愚蠢型的模糊器(dumb fuzzer)不依賴於檢測輸入結構來生成測試數據。

Leave a Reply