2 cissp ® Official Study Guide Eighth Edition


Explain the concept of fuzzing



Download 19,3 Mb.
Pdf ko'rish
bet643/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   639   640   641   642   643   644   645   646   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Explain the concept of fuzzing.
Fuzzing uses modified inputs to test software perfor-
mance under unexpected circumstances. Mutation fuzzing modifies known inputs to gener-
ate synthetic inputs that may trigger unexpected behavior. Generational fuzzing develops 
inputs based on models of expected inputs to perform the same task.
Perform security management tasks to provide oversight to the information security
program.
Security managers must perform a variety of activities to retain proper over-
sight of the information security program. Log reviews, particularly for administrator 
activities, ensure that systems are not misused. Account management reviews ensure that 
only authorized users retain access to information systems. Backup verification ensures that 
the organization’s data protection process is functioning properly. Key performance and 
risk indicators provide a high-level view of security program effectiveness.
Conduct or facilitate internal and third-party audits.
Security audits occur when a third 
party performs an assessment of the security controls protecting an organization’s infor-
mation assets. Internal audits are performed by an organization’s internal staff and are 
intended for management use. External audits are performed by a third-party audit firm 
and are generally intended for the organization’s governing body.

692
Chapter 15 

Security Assessment and Testing
Written Lab
1.
Describe the difference between TCP SYN scanning and TCP connect scanning.
2.
What are the three port status values returned by the nmap network discovery scan-
ning tool?
3.
What is the difference between static and dynamic code testing techniques?
4.
What is the difference between mutation fuzzing and generational fuzzing?

Review Questions 

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   639   640   641   642   643   644   645   646   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish