An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?
An application team is running tests to ensure that user entry fields will not accept invalid input of any length. What type of negative testing is this an example of?
The type of negative testing described in the question ensures that user entry fields will not accept invalid input of any length. This type of testing checks whether the data entered meets the expected criteria and is reasonable for the field being filled, not just limited to the number of characters allowed. For instance, ensuring that a field expected to take numeric input does not accept alphabetic characters or special symbols would be a part of 'Reasonable data' testing.
Although both "Allowed number of characters" and "Reasonable data" are important concepts in input validation testing, they are not the same thing. "Allowed number of characters" testing focuses specifically on ensuring that user input does not exceed the maximum allowed length of a field. This is important because input that exceeds the maximum allowed length can potentially cause buffer overflow vulnerabilities or other security issues. On the other hand, "Reasonable data" testing focuses on ensuring that the input data is reasonable and meets the expected criteria. This can include testing for data types, formats, and content. For example, if a field is expecting a numeric value, "Reasonable data" testing would ensure that only numeric values are accepted. In the case of the scenario described, the application team is specifically testing the maximum length of input fields, which falls under "Allowed number of characters" testing. Therefore, it is more accurate to describe this testing as "Allowed number of characters" rather than "Reasonable data".
Correct Answer - A --- Allowed number of characters https://smartbear.com/learn/automated-testing/negative-testing/
In 4th Edition CBK study guide its list as "Reasonable data" (Cant find in the 6th edition) Test that information is reasonable for the field such as age is not 200 or some negative number. -Source "Official (ISC)2 Guide to the CISSP CBK - Fourth Edition" By Adam Gordon (2015) 6th Edition Official study guide by Mike Wills does list Population of required fields on page 819 as: "Some applications and web pages contain fields that are marked as required. Test the condition of leaving required populated fields as unpopulated. Verify proper application response to missing data input." This matches the 4th edition's definition so I will disagree with B votes and vote C
I disagree with A because 4th edition and simple logic state that would only test that the field doesn't exceed a certain number of characters IE a 50 character username
A. Allowed number of characters This type of negative testing is an example of testing for the allowed number of characters. This test is to ensure that user entry fields will not accept invalid input of any length. This test is used to check the validation of the input fields and to ensure that the application is not vulnerable to buffer overflow attacks.
will not accept input of any length is "A" but will not accept invalid input of any length is "C"
C is correct
"Will not accept invalid input of any length". This means the application will check for invalid input value regardless of the input length.
Going with "A" bcs of this: https://smartbear.com/learn/automated-testing/negative-testing/#:~:text=Negative%20testing%20ensures%20that%20your,please%20enter%20a%20number%E2%80%9D%20message.
Allowed Number of Characters There are web pages and applications with fields that only permit a limited number of characters to be entered by the user. You have the option of conceptualizing a test where more characters are entered in the field than is normally allowed.
https://smartbear.com/learn/automated-testing/negative-testing/ This resource best addresses this and in the most direct way. Based on this and the question, the answer should be C, reasonable data
It says 'of any length'. Hence C.
Negative testing using more characters with a limitation of allowed number of characters.
The question states that developers are testing the application against "invalid inputs of any length". This means that the application must only accept "valid inputs" = "reasonable data" and reject all invalid inputs irrespective of their length. This excludes testing the population of required fields, and the maximum number of characters for each field.
Reasonable data – Some applications and web pages include fields that have a reasonable limit, for example, entering 200 or a negative number as the value for the “Your age:” field is not allowed. To check the application's behavior, create a negative test that enters invalid data into the specified field. https://smartbear.com/learn/automated-testing/negative-testing/
I would say C.
Allowed number of Characters addresses length of input
Answer C) Reasonable Data https://smartbear.com/learn/automated-testing/negative-testing/#:~:text=Reasonable%20data%20%E2%80%93%20Some%20applications%20and,data%20into%20the%20specified%20field.
Negative tests: Invalid Input:, Exceeding Input Limits, Empty or Null Input, Special Characters, Injection Attacks, Boundary Value Testing, Concurrency Testing, Unexpected Configurations, Invalid Authentication, Negative Workflow Testing, Resource Exhaustion, Network Failures, Time Zone and Date Issues
The answer is C: Reasonable data – https://smartbear.com/learn/automated-testing/negative-testing/ "Some applications and web pages include fields that have a reasonable limit, for example, entering 200 or a negative number as the value for the “Your age:” field is not allowed. To check the application's behavior, create a negative test that enters invalid data into the specified field."