nerdexam
(ISC)2

CISSP · Question #1181

Which of the following BEST describes when an organization should conduct a black box security audit on a new software product?

The correct answer is D. When the organization is confident the final source code is complete. The best description of when an organization should conduct a black box security audit on a new software product is when the organization is confident the final source code is complete. A black box security audit is a type of security testing that involves testing the functionali

Submitted by packet_pusher· Mar 5, 2026Security Assessment and Testing

Question

Which of the following BEST describes when an organization should conduct a black box security audit on a new software product?

Options

  • AWhen the organization wishes to check for non-functional compliance
  • BWhen the organization wants to enumerate known security vulnerabilities across their
  • CWhen the organization has experienced a security incident
  • DWhen the organization is confident the final source code is complete

How the community answered

(36 responses)
  • A
    11% (4)
  • B
    3% (1)
  • C
    3% (1)
  • D
    83% (30)

Explanation

The best description of when an organization should conduct a black box security audit on a new software product is when the organization is confident the final source code is complete. A black box security audit is a type of security testing that involves testing the functionality and behavior of the software product, without having any knowledge or access to the internal structure, design, or code of the software product. A black box security audit can help to identify and evaluate the security vulnerabilities and issues of the software product, from the perspective of an external attacker or user. A black box security audit should be conducted when the organization is confident the final source code is complete, as it can provide a comprehensive and realistic assessment of the security of the software product, and validate the security requirements and expectations of the software product.

Topics

#black box testing#security audit#software product lifecycle

Community Discussion

No community discussion yet for this question.

Full CISSP Practice