Which of the following test makes sure the modified or new system includes appropriate access controls and
does not introduce any security holes that might compromise other systems?

A.
Recovery testing

B.
Security testing

C.
Stress/volume testing

D.
Interface testing

Explanation:
Security testing tests all security mechanisms and features within a system to determine the level of protection
they provide. Security testing can include authorization testing, penetration testing, formal design and
implementation verification, and functional testing.
Authorization testing is the process of determining that a requester is allowed to receive a service or perform an
operation. Access control is an example of authorization.
Incorrect Answers:
A: Recovery testing is the activity of testing how well an application is able to recover from crashes, hardware
failures and other similar problems. Recovery testing does not test access control and does not find any
security holes.
C: Stress testing is a form of deliberately intense or thorough testing used to determine the stability of a given
system or entity. It involves testing beyond normal operational capacity, often to a breaking point, in order to
observe the results. Stress testing does not test access control and does not find any security holes.
D: Interface testing can be used to check the handling of data passed between various units, or subsystem
components, beyond full integration testing between those units. Interface testing does not test access control
and does not find any security holes.References:
Conrad, Eric, Seth Misenar and Joshua Feldman, CISSP Study Guide, 2nd Edition, Syngress, Waltham, 2012,
p. 14