Exam CCAK topic 1 question 97 discussion

In environments where time to completion is critical, and there is a need to integrate security testing on large code sets, the auditor should expect: **A. Parallel testing** Parallel testing allows for security testing processes to run concurrently with other tests or during different stages of the development lifecycle. This approach helps ensure that security validation does not become a bottleneck, thereby supporting quicker completion times without sacrificing the thoroughness of security checks. It is particularly useful in continuous integration/continuous deployment (CI/CD) environments where speed and efficiency are crucial.

Answer is A

A common problem to all Agile development approaches is what to do about tests that take longer than a development cycle. For example, fuzz testing critical pieces of code takes longer than an average Agile sprint. SAST scans of large bodies of code often take an order of magnitude longer than the build process. DevOps is no different—with CI and CD, code may be delivered to users within hours of its creation, and it may not be possible to perform complete static analysis or dynamic code scanning. To address this issue, DevOps teams run multiple security tests in parallel to avoid delays. They break down large applications into services to speed up scans as well. Validation against known critical issues is handled by unit tests for quick spot checks, with failures kicking code back to the development team. Code scanners are typically run in parallel with unit or other functional tests. CCAK P# 356

Option A could be the answer, as per CCAK (page 353). Teams support out of band testing (parallel).