Which type of testing verifies that a control is functioning properly?

The correct answer is security testing. This type of testing is specifically focused on evaluating the effectiveness of security controls implemented within a system or application. During security testing, various methods such as vulnerability scanning, penetration testing, and security assessments are used to determine whether the controls are working as intended to protect against threats and vulnerabilities.

Security testing helps organizations confirm that their security measures are effectively mitigating risks and safeguarding sensitive information. This includes checking for proper access controls, encryption mechanisms, and other protective measures to ensure that they withstand potential attacks and unauthorized access. By verifying that these controls function correctly, organizations can identify any weaknesses or gaps that may need to be addressed.

Other types of testing, while important in their respective domains, do not focus specifically on the functionality of security controls. For example, usability testing evaluates how user-friendly and accessible a system is, and performance testing assesses the responsiveness and stability of a system under various conditions. Penny testing is not a recognized standard term in the context of security assessments and typically does not relate to the evaluation of security features.