D385 - Software Security and Testing
2025/2026 Exam Questions with 100%
Correct Answers | Latest Update
What is the primary defense against log injection attacks? - 🧠 ANSWER
✔✔Sanitize outbound log messages
Sanitizing - 🧠 ANSWER ✔✔Sanitizing is the process of cleansing, filtering,
or altering data to eliminate sensitive, harmful, or inappropriate content. It
often involves validation and transformation of data to ensure its integrity
and security.
In the context of outbound log messages, sanitizing is the practice of
reviewing and modifying log data to remove sensitive or confidential
,information, validate its correctness, and ensure that it adheres to security
and privacy standards before it's shared with external systems or users.
How to spot -
Log Injection - 🧠 ANSWER ✔✔- Look for Unsanitized User Input
- Examine Log Functions
- Check for User-Controlled Data
Defensive Programming - 🧠 ANSWER ✔✔a software development
approach that aims to create robust and secure software by anticipating
and guarding against unexpected failures and security vulnerabilities.
It involves implementing error handling, input validation, and security
measures to protect the software from unexpected inputs, attacks, or faults,
thereby enhancing its reliability and security.
Static Testing - 🧠 ANSWER ✔✔a type of software testing that examines the
source code, design, or documentation without executing the program. It
aims to identify defects early in the development process.
,white box
Dynamic Testing - 🧠 ANSWER ✔✔a software testing technique that
involves executing the program or application with test cases to observe its
behavior at runtime. It aims to find defects related to functionality,
performance, and reliability
white-box, black-box, grey-box
Fuzz Testing (Fuzzy Testing) - 🧠 ANSWER ✔✔a testing technique that
involves providing unexpected or random inputs to a software application to
discover vulnerabilities, crashes, or unexpected behavior. It is commonly
used for security testing
black-box
Unit Testing - 🧠 ANSWER ✔✔a level of software testing where smallest
individual components - units of a software application are tested in
isolation to ensure they work as intended. It helps identify and fix issues at
the smallest functional level.
COPYRIGHT©PROFFKERRYMARTIN 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE.
PRIVACY STATEMENT. ALL RIGHTS RESERVED
, white box
frequency: as soon as an unit is complete, before it moves on
advantages: done early, easier to find root cause
disadvantages: tunnel vision since performed the developer, less formal
Integration Testing - 🧠 ANSWER ✔✔a level of software testing that focuses
on testing the interactions between different units or modules of a software
application. It ensures that the integrated components work together
correctly
grey box
frequency: usually when 2 or more units get integrated, team specific
guidelines, done by developers or specialized teams
2025/2026 Exam Questions with 100%
Correct Answers | Latest Update
What is the primary defense against log injection attacks? - 🧠 ANSWER
✔✔Sanitize outbound log messages
Sanitizing - 🧠 ANSWER ✔✔Sanitizing is the process of cleansing, filtering,
or altering data to eliminate sensitive, harmful, or inappropriate content. It
often involves validation and transformation of data to ensure its integrity
and security.
In the context of outbound log messages, sanitizing is the practice of
reviewing and modifying log data to remove sensitive or confidential
,information, validate its correctness, and ensure that it adheres to security
and privacy standards before it's shared with external systems or users.
How to spot -
Log Injection - 🧠 ANSWER ✔✔- Look for Unsanitized User Input
- Examine Log Functions
- Check for User-Controlled Data
Defensive Programming - 🧠 ANSWER ✔✔a software development
approach that aims to create robust and secure software by anticipating
and guarding against unexpected failures and security vulnerabilities.
It involves implementing error handling, input validation, and security
measures to protect the software from unexpected inputs, attacks, or faults,
thereby enhancing its reliability and security.
Static Testing - 🧠 ANSWER ✔✔a type of software testing that examines the
source code, design, or documentation without executing the program. It
aims to identify defects early in the development process.
,white box
Dynamic Testing - 🧠 ANSWER ✔✔a software testing technique that
involves executing the program or application with test cases to observe its
behavior at runtime. It aims to find defects related to functionality,
performance, and reliability
white-box, black-box, grey-box
Fuzz Testing (Fuzzy Testing) - 🧠 ANSWER ✔✔a testing technique that
involves providing unexpected or random inputs to a software application to
discover vulnerabilities, crashes, or unexpected behavior. It is commonly
used for security testing
black-box
Unit Testing - 🧠 ANSWER ✔✔a level of software testing where smallest
individual components - units of a software application are tested in
isolation to ensure they work as intended. It helps identify and fix issues at
the smallest functional level.
COPYRIGHT©PROFFKERRYMARTIN 2025/2026. YEAR PUBLISHED 2025. COMPANY REGISTRATION NUMBER: 619652435. TERMS OF USE.
PRIVACY STATEMENT. ALL RIGHTS RESERVED
, white box
frequency: as soon as an unit is complete, before it moves on
advantages: done early, easier to find root cause
disadvantages: tunnel vision since performed the developer, less formal
Integration Testing - 🧠 ANSWER ✔✔a level of software testing that focuses
on testing the interactions between different units or modules of a software
application. It ensures that the integrated components work together
correctly
grey box
frequency: usually when 2 or more units get integrated, team specific
guidelines, done by developers or specialized teams
