Effective CISSP Questions

Which of the following tests is least appropriate to be automated?
A. Fuzz testing
B. User interface testing
C. Fagan inspection
D. Code review

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Fagan inspection.

Fagan inspection is a formal review that relies on the group review method, even though it can be done automatically against a limited set of pre-identified common software errors.

  • Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs, generated by a fuzzer, to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks. Typically, fuzzers are used to test programs that take structured inputs. (Wikipedia)
  • User interface testing can be automated. This article, Comparison of GUI testing tools, has details.
  • Code review (sometimes referred to as peer review) is a software quality assurance activity in which one or several people check a program mainly by viewing and reading parts of its source code, and they do so after implementation or as an interruption of implementation. In static code analysis the main checking is performed by an automated program. (Wikipedia)

Fagan Inspection

A Fagan inspection is a process of trying to find defects in documents (such as source code or formal specifications) during various phases of the software development process. It is named after Michael Fagan, who is credited as being the inventor of formal software inspections.

Although the Fagan inspection method has been proved to be very effective, improvements have been suggested by multiple researchers. Genuchten for example has been researching the usage of an Electronic Meeting System (EMS) to improve the productivity of the meetings with positive results.

Other researchers propose the usage of software that keeps a database of detected errors and automatically scans program code for these common errors. This again should result in improved productivity.

Source: Wikipedia



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

A. 模糊測試 (Fuzz testing)
B. 使用者介面測試
C. 費根檢查 (Fagan inspection)
D. 代碼審查 (Code review)

1 thought on “CISSP PRACTICE QUESTIONS – 20210208

  1. Pingback: 費根檢查( Fagan inspection) – ChoSon資安大小事

Leave a Reply