First hit on google:
Software Security Testing Provides Critical Protection
By testing for flaws in software, security testing solutions seek to remove vulnerabilities before software is purchased or deployed and before the flaws can be exploited.
Reducing vulnerabilities within a software system (Option C): The primary objective of software security testing is to identify and mitigate vulnerabilities and weaknesses in the software's design, implementation, and configuration. This helps enhance the security posture of the software and reduces the risk of exploitation by malicious actors.
Assessing the effectiveness of software security includes testing where special care must be given to the discovery of software vulnerabilities that could lead to data or system compromise.
- 11th hour
B. Ensuring all software functions performed as specified = Acceptance Testing
Assessing software security impact
Many applications simply aren't designed with security as a primary consideration: developers work around the clock to make sure everything works, and only then do they think about how to keep attackers out. In practice, every application will have bugs and oversights that leave openings for attack, but most exploits are prevented or significantly reduced when developers make security more than an afterthought.
even if software functions perform as specified, the software could still have vulnerabilities subject to exploits. Then what is the use of software security testing?
B is performed by quality assurance. Security testing does not concern with whether an application works as intended or not. E. G if an application stops responding after you click "tools" option in the interface of the app, it has nothing to do with ST
Software security testing (SST) is the process of identifying and eliminating vulnerabilities in software.
https://www.euro-testing.com/blog/what-is-software-security-testing/
B does not include C. Hence CISSP is about security, if this was focus on Software development than the PMP certification with the answer B would be correct. However this is about applying security controls and also in development life cycle how to implement security within the development phases. C is correct.
If you're using Google to access yandex and then search for the answer, then yes. Otherwise B is wrong.
upvoted 2 times
...
...
Log in to ExamTopics
Sign in:
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Nickolos
Highly Voted 2 years, 1 month agojackdryan
1 year, 6 months agoYanjun
Highly Voted 2 years, 2 months agodarkvicinity87
Most Recent 6 months ago629f731
10 months, 2 weeks agoisaac592
1 year, 1 month agoDelab202
1 year, 11 months agooudmaster
1 year, 11 months agosec_007
2 years agofranbarpro
2 years, 1 month agoBDSec
2 years, 2 months agoNickolos
2 years, 1 month agoCuteRabbit168
2 years, 2 months agoCww1
2 years, 2 months agoYadster
2 years, 1 month agomatt1976
2 years, 2 months agoNickolos
2 years, 1 month ago