CompTIA CASP+ Practice Test

When preparing for the relaunch of an online banking application, which security activity should be prioritized to ensure coverage?

• A. Static code analysis
• B. Penetration test with varying user access levels
• C. Network vulnerability assessment
• D. Security awareness training

The correct answer is: Penetration test with varying user access levels

Prioritizing a penetration test with varying user access levels is crucial when preparing for the relaunch of an online banking application. This approach allows organizations to critically assess the application's security posture by simulating real-world attacks from the perspective of different user roles, including both authorized and unauthorized users. This method is particularly relevant for online banking applications, which handle sensitive customer information and financial transactions. By understanding how a potential attacker might exploit vulnerabilities with varying access rights, security teams can identify weaknesses related to user permissions, data access controls, and application logic flaws. Additionally, this testing can help ensure that security measures are effectively implemented and functioning as intended, highlighting how user privileges can be leveraged to access sensitive information or perform unauthorized actions. Ultimately, this proactive approach not only strengthens the application's security but also enhances the trust and confidence of users in the online banking platform. In contrast, while static code analysis and network vulnerability assessments are important, they do not provide the same level of insights into the real-world exploitation of user roles as a penetration test does. Security awareness training, while vital for employee education, does not directly address technical vulnerabilities within the application itself.