CISA Certified Information Systems Auditor – Question2931

After discovering a security vulnerability in a third-party application that interfaces with several external systems, a patch is applied to a significant number of modules. Which of the following tests should an IS auditor recommend?

A.
Stress
B. Black box
C. Interface
D. System

Correct Answer: D

Explanation:

Explanation:
Given the extensiveness of the patch and its interfaces to external systems, system testing is most appropriate. Interface testing is not enough, and stress or black box testing are inadequate in these circumstances.