Certified Information Systems Security Professional (CISSP) — Question 460
Which of the following is the BEST method a security practitioner can use to ensure that systems and sub-systems gracefully handle invalid input?
Answer options
- A. Unit testing
- B. Acceptance testing
- C. Integration testing
- D. Negative testing
Correct answer: D
Explanation
Negative testing is designed specifically to validate how systems respond to invalid or unexpected input, making it the best choice in this context. While unit, acceptance, and integration testing are important, they do not focus primarily on handling incorrect input scenarios.