Discover the most significant risk when deploying a system to production without testing all critical use cases in user acceptance testing (UAT). Learn why untested scenarios can lead to major defects, security vulnerabilities, or misalignment with business requirements.
Table of Contents
Question
Shortly after a system was deployed into production, it was identified that some key scenarios were not tested during user acceptance testing (UAT). Which of the following is the GREATEST concern with this situation?
A. The system may have gone into production with defects.
B. System functions may not meet business requirements.
C. Significant security risks may not have been assessed.
D. Extra funding may be required to complete the testing.
Answer
B. System functions may not meet business requirements.
Explanation
The greatest concern when key scenarios are not adequately tested during user acceptance testing (UAT) is that the deployed system may not meet the core business requirements and needs of the end users. UAT is meant to be a comprehensive test of the system functionality from the perspective of the business users to ensure it will support their real-world use cases and deliver the expected benefits.
If critical business scenarios are overlooked during UAT, there is a high risk that the system that goes into production will be missing important capabilities, handle certain workflows incorrectly, or fail to meet performance requirements under realistic usage conditions. This misalignment between the system functionality and business requirements is more problematic than potentially deploying with minor defects that can be patched (A) or needing additional testing budget (D).
While untested security scenarios (C) are indeed a concern, a system with security gaps is still likely to meet core functional requirements, making this a secondary issue compared to B. Security testing also often occurs earlier in the SDLC. But deploying a system that fails to deliver expected features and capabilities renders it unfit for the intended business purpose.
Therefore, the greatest concern is that the system functions do not meet business requirements (B), as this fundamentally undermines the value and usability of the deployed system for end users. Proper test coverage of key use cases during UAT is essential to mitigate this risk.
ISACA CISA certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the ISACA CISA exam and earn ISACA CISA certification.