Certified Information Systems Security Professional (CISSP) — Question 260

A company hired an external vendor to perform a penetration test of a new payroll system. The company's internal test team had already performed an in-depth application and security test of the system and determined that it met security requirements. However, the external vendor uncovered significant security weaknesses where sensitive personal data was being sent unencrypted to the tax processing systems. What is the MOST likely cause of the security issues?

Answer options

• A. Inadequate performance testing
• B. Inadequate application level testing
• C. Failure to perform negative testing
• D. Failure to perform interface testing

Correct answer: D

Explanation

The correct answer is D, as failure to perform interface testing can lead to security issues where data is not adequately protected during transmission between systems. While options A, B, and C may contribute to security gaps, they do not specifically address the risks associated with data transfer between interfaces, which is critical for safeguarding sensitive information.