CSSLP Question #391: Real Exam Question with Answer & Explanation

The correct answer is D: Nonfunctional security assessment. A nonfunctional security assessment is the most appropriate form of security testing to measure an application's scalability, reliability, and performance under operational load while considering security implications.

Secure Software Testing

Question

Which form of security testing is most appropriate to measure an application's scalability reliability and performance under operational load?

Options

APenetration testing
BFunctional security validation
CAttack surface analysis
DNonfunctional security assessment

Explanation

A nonfunctional security assessment is the most appropriate form of security testing to measure an application's scalability, reliability, and performance under operational load while considering security implications.

Common mistakes.

A. Penetration testing focuses on discovering vulnerabilities by simulating attacks from malicious outsiders or insiders, not primarily on scalability or performance under load.
B. Functional security validation ensures that security features work as intended (e.g., authentication, authorization), but it doesn't primarily measure performance, scalability, or reliability under load.
C. Attack surface analysis identifies and maps all possible entry points into a system that an attacker could exploit, which is a design-time activity, not a performance measurement under load.

Concept tested. Non-functional security testing

Reference. https://learn.microsoft.com/en-us/training/modules/principles-secure-development-azure/3-security-design-best-practices

Topics

#Non-functional testing#Security assessment#Scalability reliability#Performance testing

Community Discussion

No community discussion yet for this question.

Full CSSLP Practice Browse All CSSLP Questions