CSSLP · Question #366
CSSLP Question #366: Real Exam Question with Answer & Explanation
The correct answer is B: Stakeholder communication. Security test cases are designed to identify vulnerabilities and assess the effectiveness of security controls within a system, whereas stakeholder communication is an organizational process. The other options, while not exclusively security-focused, can incorporate security aspe
Question
Which of the following items would not normally be classified as a security test case?
Options
- APerformance and usability testing
- BStakeholder communication
- CFunctional testing
- DUser interface testing
Explanation
Security test cases are designed to identify vulnerabilities and assess the effectiveness of security controls within a system, whereas stakeholder communication is an organizational process. The other options, while not exclusively security-focused, can incorporate security aspects or are forms of system testing.
Common mistakes.
- A. Performance and usability testing can have security implications, such as testing system behavior under load to prevent denial of service or evaluating the user-friendliness of security features.
- C. Functional testing ensures the software performs its intended functions correctly, and these functions can include security-specific features like authentication or authorization.
- D. User interface testing can include assessing how security elements are presented to the user, how error messages related to security are displayed, or how security configurations are managed through the UI.
Concept tested. Security testing scope
Topics
Community Discussion
No community discussion yet for this question.