Certified Information Systems Security Professional (CISSP) — Question 262

Before allowing a web application into the production environment, the security practitioner performs multiple types of tests to confirm that the web application performs as expected. To test the username field, the security practitioner creates a test that enters more characters into the field than is allowed. Which of the following BEST describes the type of test performed?

Answer options

• A. Misuse case testing
• B. Interface testing
• C. Web session testing
• D. Penetration testing

Correct answer: A

Explanation

The correct answer, Misuse case testing, focuses on identifying how a web application behaves under invalid input conditions, such as exceeding character limits. The other options, including Interface testing, Web session testing, and Penetration testing, do not specifically target the validation of input constraints like the misuse case does.