CompTIA
CAS-001 · Question #159
CAS-001 Question #159: Real Exam Question with Answer & Explanation
Sign in or unlock CAS-001 to reveal the answer and full explanation for question #159. The question stem and answer options stay visible for context.
Question
The Chief Information Security Officer (CISO) of a small bank wants to embed a monthly testing regiment into the security management plan specifically for the development area. The CISO's requirements are that testing must have a low risk of impacting system stability, can be scripted, and is very thorough. The development team claims that this will lead to a higher degree of test script maintenance and that it would be preferable if the testing was outsourced to a third party. The CISO still maintains that third-party testing would not be as thorough as the third party lacks the introspection of the development team. Which of the following will satisfy the CISO requirements?
Options
- AGrey box testing performed by a major external consulting firm who have signed a NDA
- BBlack box testing performed by a major external consulting firm who have signed a NDA
- CWhite box testing performed by the development and security assurance teams.
- DGrey box testing performed by the development and security assurance teams.
Unlock CAS-001 to see the answer
You've previewed enough free CAS-001 questions. Unlock CAS-001 for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.