🔥 3-day streak
ISC2 CISSP — Certified Information Systems Security Professional78 / 129
Question 78 of 129
A security team is reviewing the requirements and test plan for a new online banking transfer feature. Functional test cases confirm that legitimate users can move money between their own accounts. The security architect argues the test plan is incomplete because it does not model how an attacker might deliberately abuse the feature — for example, manipulating transaction amounts, replaying requests, or transferring from accounts they do not own. Which testing technique should be added to directly address this gap?
Reviewed for accuracy · Report an issueNext question