Certified Information Systems Auditor (CISA) — Question 1400

Which of the following security testing techniques is MOST effective in discovering unknown malicious attacks?

Answer options

• A. Penetration testing
• B. Sandboxing
• C. Vulnerability testing
• D. Reverse engineering

Correct answer: B

Explanation

Sandboxing is the most effective technique for discovering unknown malicious attacks because it allows for the execution of untested code in a controlled environment, isolating it from the rest of the system. Penetration testing, vulnerability testing, and reverse engineering focus more on known vulnerabilities or exploits rather than on the detection of new, undiscovered threats.