(ISC)2(ISC)2
CISSP · Question #195
CISSP Question #195: Real Exam Question with Answer & Explanation
The correct answer is D: Improper stress testing and application interfaces. Web-based application security incidents are primarily driven by flaws in application interfaces and inadequate testing practices that fail to expose vulnerabilities before deployment.
Submitted by cyberguy42· Mar 5, 2026Software Development Security
Question
Which of the following PRIMARILY contributes to security incidents in web-based applications?
Options
- ASystems administration and operating systems
- BSystem incompatibility and patch management
- CThird-party applications and change controls
- DImproper stress testing and application interfaces
Explanation
Web-based application security incidents are primarily driven by flaws in application interfaces and inadequate testing practices that fail to expose vulnerabilities before deployment.
Common mistakes.
- A. Systems administration and operating systems relate to infrastructure-level security concerns rather than being the primary contributor to web-based application-specific security incidents.
- B. System incompatibility and patch management are general IT security concerns that affect overall infrastructure but do not primarily drive security incidents specific to web-based application logic and design.
- C. Third-party applications and change controls are contributing factors to broader IT security risk but are not the primary drivers of web application security incidents compared to application interface weaknesses and testing deficiencies.
Concept tested. Web application security incident root causes and testing
Reference. https://owasp.org/www-project-top-ten/
Topics
#Web application security#Software vulnerabilities#Application interfaces#Security testing
Community Discussion
No community discussion yet for this question.