Exam CISA topic 1 question 313 discussion

Stress testing is one of the most useful software testing procedures since it helps the team to assure the product's performance. Furthermore, it verifies the software's security, dependability, and error-handling capabilities, further enhancing its quality

Vulnerability testing is essential for identifying and addressing potential security weaknesses in the application before it is deployed. This testing helps uncover vulnerabilities that could be exploited by attackers, ensuring that any weaknesses are mitigated and that sensitive customer data is protected. Given the high volume of customer orders expected, ensuring the application is secure from cyber threats is critical to maintaining customer trust and compliance with regulatory standards.

The question says ensure SECURITY. Vulnerability testing ensures security while stress testing ensures performance and availability.

The question is about to "ensure security", how come Stess testing will address that?

Stress testing is not directly related to security

C. Vulnerability testing is to ensure the security of the application. It can't be A. Searching on CISA ISACA Ref. Manual 27th ed. we find two occurences of the term "stress testing". 1) "3.5.1 Testing Classifications" - Stress Testing: Studying the impact on the application by testing with an incremental number of concurrent users/services on the application to determine the maximum number of concurrent users/services the application can process 2) Glossary C - Capacity stress testing: Testing an application with large quantities of data to evaluate its performance during peak periods. Also called volume testing. Also searching the ISACA site on google ( search operator site:isaca.org ) doesn't give any indication that stress testing could have something to do with security.

Software stress tests are designed and performed to identify vulnerabilities, weaknesses, and potential failures that may occur when a system is subjected to intense loads and adverse conditions.

Vulnerability testing is specifically designed to identify weaknesses and security flaws in the application that could be exploited by attackers. So , right answer is C

A is the answer as the keyword in this question is high volume… so they need to ensure that the product can take many performance at once

CCCCCCCCCCCCCCCC if they ask for "ensure the security of the application" it has to be vulnerability testing stress testing has nothing to do with security

Correct answer is C. The question specifically asks "ensure the security of the application" so this rules out A

security is important of this question , c is answer

should be c

Answer should be C as it's talking about security of the application