CSLLP Secure Software Testing

Question 1

Which testing methodology tests software from the outside without knowledge of the internal code or architecture?

Accepted Answer

Black-box testing

Answer

White-box testing

Answer

Gray-box testing

Answer

Static analysis

Question 2

What is the primary goal of penetration testing?

Accepted Answer

To actively exploit vulnerabilities in a controlled manner to assess the real-world impact of security weaknesses

Answer

To measure application performance under high load

Answer

To verify that all unit tests pass in the CI/CD pipeline

Answer

To ensure compliance with coding standards

Question 3

Dynamic Application Security Testing (DAST) differs from SAST because it:

Accepted Answer

Tests the running application by sending inputs and observing responses

Answer

Requires access to the source code

Answer

Focuses on reviewing infrastructure configuration

Answer

Only identifies logic flaws rather than coding errors

Question 4

What does 'test coverage' measure in software security testing?

Accepted Answer

The proportion of code paths, branches, or requirements exercised by the test suite

Answer

The percentage of requirements reviewed by the security team

Answer

The number of vulnerabilities found per test cycle

Answer

The time required to complete a full security test cycle

Question 5

Which testing technique systematically explores all possible input values and states to find edge cases that trigger security flaws?

Accepted Answer

Boundary value analysis

Answer

Regression testing

Answer

Smoke testing

Answer

Load testing

Question 6

What is the purpose of security regression testing?

Accepted Answer

To verify that previously fixed vulnerabilities have not been reintroduced by new code changes

Answer

To test new features for security vulnerabilities

Answer

To perform annual penetration tests of production systems

Answer

To test the application against the latest threat intelligence