Which of the following is an automated software testing technique that involves providing invalid, unexpected, or random data to the inputs of a computer program?
Correct Answer: D
The programs and frameworks that are used to create fuzz tests or perform fuzz testing are called fuzzers. Fuzzing has evolved from a niche technique into a full testing discipline with support from both the security research and traditional QA testing communities. Fuzzing (Fuzz testing) is an automated software testing technique that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes or failing built-in code assertions. Fuzzing is commonly used to test for security problems in software or computer systems. Answer option C is incorrect. Black box testing is also known as specification-based testing. It ignores the internal logic of an application. It refers to test activities using specification-based testing methods to discover errors in an application. The test activities are based on requirements and specifications of the application. It focuses on the following errors: * Specification-based function errors * Specification-based component/system behavior errors * Specification-based performance errors * User-oriented usage errors * Black box interface errors Answer option B is incorrect. White box testing, also known as Clear box or Glass box testing, takes into account the internal mechanism of a system or application. The connotations of "Clear box" and "Glass box" indicate that a tester has full visibility of the internal workings of the system. It uses knowledge of the internal structure of an application. It is applicable at the unit, integration, and system levels of the software testing process. It consists of the following testing methods: Control flow-based testing o Create a graph from source code. o Describe the flow of control through the control flow graph. o Design test cases to cover certain elements of the graph. Data flow-based testing o Test connections between variable definitions. o Check variation of the control flow graph. o Set DEF (n) contains variables that are defined at node n. o Set USE (n) are variables that are read. Answer option A is incorrect. Gray box testing is a combination of black box and white box testing. It is non-intrusive and impartial, as it does not require that a tester have access to the source code. It treats a system as a black box in the sense that it must be analyzed from the outside. Basically, it is used to find out defects related to bad design or bad implementation of the system. This type of testing is more commonly used with Web applications, as the Internet has a pretty stable interface.
CA1-001 Exam Question 27
CORRECT TEXT Fill in the blank with the appropriate word. ____________encryption protects a file as it travels over protocols, such as FTPS (SSL), SFTP (SSH), and HTTPS.
Correct Answer:
Transport
CA1-001 Exam Question 28
Which of the following solutions best accomplishes storage integration?
Correct Answer: B
Cloud computing uses integrated storage across multiple servers, sometimes in diverse locations (such as Apples iCloud). Answer option C is incorrect. Co-location involves placing all the servers in one location. There is no shared storage. Answer option D is incorrect. Raid 5 is a method of having hard drive failover in a single server. Answer option A is incorrect. Virtualized systems are usually completely isolated from each other, thus preventing storage integration.
CA1-001 Exam Question 29
Collaboration platform offers a set of software components and services that enable users to communicate, share information, and work together for achieving common business goals. What are the core elements of a collaboration platform? Each correct answer represents a part of the solution. Choose three.
Correct Answer: B,D,E
Explanation: Collaboration platform is an unified electronic platform that supports both synchronous and asynchronous communication using a variety of devices and channels. It offers a set of software components and services. These components and services enable users to communicate, share information, and work together for achieving common business goals. A collaboration platform consists of the following core elements: * Messaging {email, calendaring and scheduling, contacts), * Team collaboration {file synchronization, ideas and notes in a wiki, task management, full- text search) * Real-time communication {presence, instant messaging, Web conferencing, application/desktop sharing, voice, audio and video conferencing)
CA1-001 Exam Question 30
David works as a Network Administrator for a large company. The company recently decided to extend their intranet access, to allow trusted third party vendors access to the corporate intranet, what is the best approach for David to take in securing intranet?
Correct Answer: C
By placing the intranet servers in a DMZ, external vendors accessing those servers would be separated from the corporate network. The most significant threat from allowing outside vendors access to internal resources, is that an attack could originate from their network. Answer option D is incorrect. An IDS is always a good idea, however it will only warn you that an attack is occurring, not make the attack less likely. Answer option A is incorrect. Managing user controls is always a good idea. However, in this case the real problem is segmenting the external users from the internal network. Answer option B is incorrect. One should always be patching the OS regardless of the situation.
