Certified Information Systems Security Professional (CISSP) — Question 328
An application developer receives a report back from the security team showing their automated tools were able to successfully enter unexpected data into the organization's customer service portal, causing the site to crash. This is an example of which type of testing?
Answer options
- A. Performance
- B. Positive
- C. Non-functional
- D. Negative
Correct answer: D
Explanation
The correct answer is D, as negative testing involves inputting invalid or unexpected data to ensure the application handles it gracefully. Options A and C are incorrect because performance testing focuses on the system's responsiveness under load, while non-functional testing evaluates aspects like usability and reliability rather than error handling. Option B is also incorrect since positive testing verifies that the application works with valid inputs, not unexpected ones.