CompTIA CySA+ (CS0-002) — Question 325

A product security analyst has been assigned to evaluate and validate a new product's security capabilities. Part of the evaluation involves reviewing design changes at specific intervals for security deficiencies, recommending changes, and checking for changes at the next checkpoint. Which of the following BEST describes the activity being conducted?

Answer options

• A. User acceptance testing
• B. Stress testing
• C. Code review
• D. Security regression testing

Correct answer: D

Explanation

The correct answer is D, Security regression testing, as it involves reviewing changes to ensure that new modifications do not introduce new vulnerabilities. A is incorrect because user acceptance testing focuses on the end-user experience rather than security. B, stress testing, assesses performance under load, not security. C, code review, typically examines the code for quality and adherence to standards, rather than focusing specifically on security changes over time.