CompTIA CySA+ (CS0-001) — Question 248

A software patch has been released to remove vulnerabilities from company's software. A security analyst has been tasked with testing the software to ensure the vulnerabilities have been remediated and the application is still functioning properly. Which of the following tests should be performed NEXT?

Answer options

• A. Fuzzing
• B. User acceptance testing
• C. Regression testing
• D. Penetration testing

Correct answer: C

Explanation

Regression testing is essential in this scenario because it ensures that the recent changes, such as the patch, have not introduced new issues and that existing functionalities remain intact. Fuzzing focuses on finding security vulnerabilities, while user acceptance testing assesses if the software meets end-user requirements; both are not as relevant for verifying the patch's effectiveness. Penetration testing is aimed at identifying security flaws but does not focus on the functionality of the software after patching.