CISSP Exam - Question 350

Negative testing ensures that your application can gracefully handle invalid input or unexpected user behavior.

Definitely D

Negative testing ensures that your application can gracefully handle invalid input or unexpected user behavior. For example, if a user tries to type a letter in a numeric field, the correct behavior in this case would be to display the “Incorrect data type, please enter a number” message.

Invalid input testing is always accomplished through "Negative Testing" - D

C, Integration testing is a type of software testing in which the different units, modules or components of a software application are tested as a combined entity. On the question, mentioned the system and sub-system ...

D. Negative testing The BEST method a security practitioner can use to ensure that systems and sub-systems gracefully handle invalid input is negative testing. Negative testing involves intentionally providing invalid or unexpected input to the system to verify that it can handle such input without crashing, producing errors, or compromising security. This helps identify vulnerabilities, potential exploits, and weaknesses in the system's behavior when faced with unexpected conditions. While other testing types (unit testing, acceptance testing, integration testing) are important in the software development lifecycle, negative testing specifically focuses on identifying how a system responds to incorrect or malicious input, making it particularly relevant for security considerations.

key words "gracefully handle invalid input" Integration between the system and sub-system usually meaning the inputs/output the system are much more static. But the input from human will be very different. Even between the system and sub-system, cannot the input will play "nice" and need to handle exception or invalid input. So negative testing is definitely the right answer.

Negative testing is necessary to stress test the fields...this example fits as an example of negative testing. C is not incorrect, just feel D is more correct

All results in google define Negative Testing as: Negative testing ensures that your application can gracefully handle invalid input or unexpected user behavior.

Looks like negative testing is part of the integration testing when it comes to test systems and subsytems all together : check below link https://www.openxcell.com/blog/integration-testing/

D. Negative testing.

Looks like D: "Negative testing ensures that your application can gracefully handle invalid input or unexpected user behavior. For example, if a user tries to type a letter in a numeric field, the correct behavior in this case would be to display the “Incorrect data type, please enter a number” message." https://smartbear.com/learn/automated-testing/negative-testing/#:~:text=Negative%20testing%20ensures%20that%20your,please%20enter%20a%20number%E2%80%9D%20message. The question asks for testing method, and negative testing is a method: "Negative Testing is a testing method performed on the software application by providing invalid or improper data sets as input." https://www.guru99.com/positive-and-negative-testing.html Integration testing does address the subsystems, but when I googled "integration testing method" I don't get matches like with negative testing. Since the question asks for a method, negative testing it is.

D. Negative testing Negative testing, also known as error path testing or failure testing, is the practice of testing a system or application with invalid or unexpected inputs to ensure that it handles them gracefully and does not break or produce erroneous results. It helps identify vulnerabilities and weaknesses in the system's error-handling and validation mechanisms.

D is correct. Why are there so many questions with answers that are literally out of the CISSP definitions that are wrong here?