A quality assurance analyst is reviewing a new software product for security, and has complete
access to the code and data structures used by the developers. This is an example of which of the
following types of testing?

Pete, a developer, writes an application. Jane, the security analyst, knows some things about the

overall application but does not have all the details. Jane needs to review the software before it is
released to production. Which of the following reviews should Jane conduct?

An IT auditor tests an application as an authenticated user. This is an example of which of the
following types of testing?

An IT auditor tests an application as an authenticated user. This is an example of which of the
following types of testing?

A software development company has hired a programmer to develop a plug-in module to an
existing proprietary application. After completing the module, the developer needs to test the entire
application to ensure that the module did not introduce new vulnerabilities. Which of the following
is the developer performing when testing the application?

A software development company has hired a programmer to develop a plug-in module to an
existing proprietary application. After completing the module, the developer needs to test the entire
application to ensure that the module did not introduce new vulnerabilities. Which of the following
is the developer performing when testing the application?

Methods to test the responses of software and web applications to unusual or unexpected inputs
are known as:

Which of the following application security testing techniques is implemented when an automated
system generates random input data?

Which of the following application security testing techniques is implemented when an automated
system generates random input data?

Which of the following security concepts identifies input variables which are then used to perform
boundary testing?