ISC2 Certified Secure Software Lifecycle Professional (CSSLP) Practice Question

While preparing the security test strategy for a new online banking platform, you must verify that its token-based authentication and authorization mechanisms remain effective and performant when the number of simultaneous users rises from 10,000 to 100,000 during seasonal peaks. Which testing activity should you include to evaluate the scalability of these security controls?

Apply static code analysis to the authentication module to detect improper input validation.
Run fuzzing campaigns that mutate API request parameters in search of authorization bypass conditions.
Perform stress and load tests that simulate high volumes of concurrent logins and API calls, monitoring authentication and authorization performance.
Review the role-based access control matrix to confirm least-privilege assignments.

Report Issue

Answer Description

Scalability is a nonfunctional quality attribute that reflects how well a system and its security mechanisms continue to perform as workload grows. The most direct way to evaluate scalability is to subject the security-critical components-such as authentication, authorization, and related logging-to load or stress tests that emulate the anticipated surge in concurrent sessions and transactions. By measuring response times, throughput, error rates, and resource consumption under increasing load, testers can determine whether the security features can scale without degrading protection or availability. Fuzzing, static code analysis, and policy reviews are important security activities, but they focus on finding functional flaws or design gaps rather than demonstrating how well the implemented controls handle large volumes of legitimate traffic.

Ask Bash

Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.