exam questions

Exam CCAK All Questions

View all questions & answers for the CCAK exam

Exam CCAK topic 1 question 97 discussion

Actual exam question from Isaca's CCAK
Question #: 97
Topic #: 1
[All CCAK Questions]

To ensure that integration of security testing is implemented on large code sets in environments where time to completion is critical, what form of validation should an auditor expect?

  • A. Parallel testing
  • B. Full application stack unit testing
  • C. Regression testing
  • D. Functional verification
Show Suggested Answer Hide Answer
Suggested Answer: A 🗳️

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Auditor2020
3 months, 3 weeks ago
Selected Answer: A
In environments where time to completion is critical, and there is a need to integrate security testing on large code sets, the auditor should expect: **A. Parallel testing** Parallel testing allows for security testing processes to run concurrently with other tests or during different stages of the development lifecycle. This approach helps ensure that security validation does not become a bottleneck, thereby supporting quicker completion times without sacrificing the thoroughness of security checks. It is particularly useful in continuous integration/continuous deployment (CI/CD) environments where speed and efficiency are crucial.
upvoted 1 times
...
4f2a581
11 months, 1 week ago
Answer is A
upvoted 1 times
...
sai_murthy
1 year, 4 months ago
Selected Answer: A
A common problem to all Agile development approaches is what to do about tests that take longer than a development cycle. For example, fuzz testing critical pieces of code takes longer than an average Agile sprint. SAST scans of large bodies of code often take an order of magnitude longer than the build process. DevOps is no different—with CI and CD, code may be delivered to users within hours of its creation, and it may not be possible to perform complete static analysis or dynamic code scanning. To address this issue, DevOps teams run multiple security tests in parallel to avoid delays. They break down large applications into services to speed up scans as well. Validation against known critical issues is handled by unit tests for quick spot checks, with failures kicking code back to the development team. Code scanners are typically run in parallel with unit or other functional tests. CCAK P# 356
upvoted 2 times
...
KarthikeyanTK
2 years, 5 months ago
Selected Answer: A
Option A could be the answer, as per CCAK (page 353). Teams support out of band testing (parallel).
upvoted 3 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
Loading ...