CompTIA CASP+ Practice Test

Which testing approach aligns with the CISO's requirements for a development area that minimizes system stability risks?

• A. Black box testing by an external vendor
• B. White box testing by internal teams
• C. Automated testing software
• D. Third-party vulnerability assessments

The correct answer is: White box testing by internal teams

The chosen answer emphasizes the practice of white box testing conducted by internal teams, which aligns well with a Chief Information Security Officer's (CISO) requirements for minimizing system stability risks during development. White box testing allows testers to have complete knowledge of the internal workings of the application. This transparency enables them to conduct a thorough analysis of the code and architecture to identify potential vulnerabilities or flaws that could affect system stability. Since the testing team is internal, they are well-acquainted with the organization’s coding standards, infrastructure, and business logic, which puts them in a better position to understand how changes in the code can impact stability. Additionally, this approach helps in uncovering issues that may not be visible during external testing since internal teams can look at the project holistically and test various component interactions more effectively. They can also engage in continuous testing throughout the development process, allowing for early detection and mitigation of problems, thereby ensuring a more stable system by the time of deployment. Other options, while useful in certain contexts, do not align as closely with the need to minimize stability risks. For example, black box testing by an external vendor may not provide enough insight into the internal workings of the software, which can leave critical vulnerabilities undetected. Automated testing software