CISSP · Question #1181
Which of the following BEST describes when an organization should conduct a black box security audit on a new software product?
The correct answer is D. When the organization is confident the final source code is complete. The best description of when an organization should conduct a black box security audit on a new software product is when the organization is confident the final source code is complete. A black box security audit is a type of security testing that involves testing the functionali
Question
Which of the following BEST describes when an organization should conduct a black box security audit on a new software product?
Options
- AWhen the organization wishes to check for non-functional compliance
- BWhen the organization wants to enumerate known security vulnerabilities across their
- CWhen the organization has experienced a security incident
- DWhen the organization is confident the final source code is complete
How the community answered
(36 responses)- A11% (4)
- B3% (1)
- C3% (1)
- D83% (30)
Explanation
The best description of when an organization should conduct a black box security audit on a new software product is when the organization is confident the final source code is complete. A black box security audit is a type of security testing that involves testing the functionality and behavior of the software product, without having any knowledge or access to the internal structure, design, or code of the software product. A black box security audit can help to identify and evaluate the security vulnerabilities and issues of the software product, from the perspective of an external attacker or user. A black box security audit should be conducted when the organization is confident the final source code is complete, as it can provide a comprehensive and realistic assessment of the security of the software product, and validate the security requirements and expectations of the software product.
Topics
Community Discussion
No community discussion yet for this question.