CISSP Mastery
Back to Security Assessment and Testing
6.2 ~45 min

Conduct security control testing

Overview

The core lesson. Know each technique and when to use it: vulnerability assessment vs penetration test (red/blue/purple), log review, synthetic transactions, code review/testing, misuse cases, interface testing, coverage analysis, breach-attack simulation, and compliance checks.

Key topics to master

  • Vulnerability assessment; penetration testing (red/blue/purple)
  • Log reviews; synthetic transactions/benchmarks
  • Code review and testing; misuse case testing
  • Coverage and interface testing (UI, network, API)
  • Breach attack simulations; compliance checks
Read moreOpen the study library Knowledge checkPractice Domain 6 questions
Previous · 6.1Design and validate assessment, test, and audit strategiesNext · 6.3Collect security process data