CISSP · Question #1306
CISSP Question #1306: Real Exam Question with Answer & Explanation
The correct answer is C: Reducing vulnerabilities within a software system. Software security testing is a discipline focused on identifying and reducing vulnerabilities that could be exploited by attackers. The primary goal is to harden a system by uncovering and remediating weaknesses before they can be leveraged.
Question
What is the overall goal of software security testing?
Options
- AIdentifying the key security features of the software
- BEnsuring all software functions perform as specified
- CReducing vulnerabilities within a software system
- DMaking software development more agile
Explanation
Software security testing is a discipline focused on identifying and reducing vulnerabilities that could be exploited by attackers. The primary goal is to harden a system by uncovering and remediating weaknesses before they can be leveraged.
Common mistakes.
- A. Identifying key security features describes a requirements or design analysis activity, not the primary goal of security testing, which focuses on finding weaknesses rather than cataloging existing protections.
- B. Ensuring all software functions perform as specified describes functional or acceptance testing, not security testing, which is specifically concerned with how software behaves under adversarial or unexpected conditions.
- D. Making software development more agile describes a process methodology goal (e.g., Agile or DevSecOps adoption) and is unrelated to the technical objective of security testing itself.
Concept tested. Primary objective of software security testing
Reference. https://owasp.org/www-project-web-security-testing-guide/
Topics
Community Discussion
No community discussion yet for this question.