Certified Information Systems Security Professional (CISSP) — Question 199

Which of the following is the BEST method to perform an end-to-end testing on production for both operational and security requirements?

Answer options

• A. Synthetic transaction analysis.
• B. Dynamic code analysis
• C. Static code analysis
• D. Vulnerability analysis

Correct answer: A

Explanation

Synthetic transaction analysis is the best method for end-to-end testing in production as it simulates user transactions to evaluate both operational and security aspects. Dynamic and static code analyses focus on code quality and vulnerabilities at different stages of development rather than on operational testing in a live environment. Vulnerability analysis specifically targets security weaknesses without covering the full operational scope.