nerdexam
(ISC)2

CISSP · Question #1275

Which of the following is the BEST method a security practitioner can use to ensure that systems and sub-system gracefully handle invalid input?

The correct answer is A. Negative testing. Negative testing is a method of software testing that involves providing invalid, unexpected, or erroneous input to the system or sub-system and verifying that it can handle it gracefully, without crashing, freezing, or producing incorrect results. Negative testing helps to ident

Submitted by viktor_hu· Mar 5, 2026Software Development Security

Question

Which of the following is the BEST method a security practitioner can use to ensure that systems and sub-system gracefully handle invalid input?

Options

  • ANegative testing
  • BIntegration testing
  • CUnit testing
  • DAcceptance testing

How the community answered

(39 responses)
  • A
    87% (34)
  • B
    3% (1)
  • C
    3% (1)
  • D
    8% (3)

Explanation

Negative testing is a method of software testing that involves providing invalid, unexpected, or erroneous input to the system or sub-system and verifying that it can handle it gracefully, without crashing, freezing, or producing incorrect results. Negative testing helps to identify the boundary conditions, error handling, and exception handling of the system or sub-system, and to ensure its robustness, reliability, and security. Negative testing is the best method among the given options to ensure that systems and sub-systems gracefully handle invalid input. Integration testing is a method of software testing that involves combining two or more components or modules of the system and verifying that they work together as expected. Integration testing helps to identify the interface, compatibility, and communication issues between the components or modules, and to ensure their functionality, performance, and quality. Integration testing does not focus on how the system or sub-system handles invalid input, but rather on how it interacts with other parts of the system. Unit testing is a method of software testing that involves testing each individual component or module of the system in isolation and verifying that it performs its intended function. Unit testing helps to identify the logic, syntax, and functionality errors of the component or module, and to ensure its correctness, completeness, and efficiency. Unit testing does not focus on how the system or sub-system handles invalid input, but rather on how it performs its own function. Acceptance testing is a method of software testing that involves testing the system or sub-system by the end users or customers and verifying that it meets their requirements and expectations. Acceptance testing helps to identify the usability, suitability, and satisfaction issues of the system or sub-system, and to ensure its acceptance, delivery, and deployment. Acceptance testing does not focus on how the system or sub-system handles invalid input, but rather on how it satisfies the user or customer needs.

Topics

#software testing#negative testing#input validation#secure coding

Community Discussion

No community discussion yet for this question.

Full CISSP Practice