Certified Information Systems Auditor (CISA) — Question 1383

Due to a high volume of customer orders, an organization plans to implement a new application for customers to use for online ordering. Which type of testing is
MOST important to ensure the security of the application prior to go-live?

Answer options

• A. Stress testing
• B. User acceptance testing (UAT)
• C. Vulnerability testing
• D. Regression testing

Correct answer: C

Explanation

Vulnerability testing is essential because it identifies security flaws that could be exploited by attackers, ensuring the application is secure before launch. Stress testing focuses on performance under load, while user acceptance testing verifies functionality from a user's perspective, and regression testing checks for issues after changes, none of which primarily address security risks.