Effective CISSP Questions

When it comes to software test coverage analysis, which of the following has the finest granularity of testing? (Wentz QOTD)
A. Use cases
B. Test scenarios
C. Lines of code (LOC)
D. Expressions and decision structures

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Expressions and decision structures.

Granularity can be treated as the unit of measurement. When we say our software is 50% tested or the test coverage is 50%, what does it exactly mean, given the software has 10 use cases, 50 scenarios, 500 test cases, 10,000 lines of code, or 200,000 expressions? The test coverage of 50% may refer to five use cases (out of ten) tested, but the five tested use cases cover 10 scenarios, 30 test cases, 8,000 lines, and 120,000 expressions.

A use case documents functional requirements from the perspective of users (actors), which typically comprises the main success scenario (aka. basic or sunny-day flow) and extension scenarios (aka. extensions, exceptional, alternative, or rainy-day flows) if any.

Generating Test Cases from Sequences of Use Cases
Generating Test Cases from Sequences of Use Cases (Image Credit: by M.J. Escalona)

A test scenario can be developed based on the use case scenario and supported by one or more test cases. A test case covers one or more software functions that typically span lines of source code.

One line of code may accommodate one or more computer language expressions and statements. For example, line one in the following diagram has two statements.

Expressions and Statements
Expressions and Statements



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

在軟件測試覆蓋率分析方面,以下哪項具有最精細的測試? (Wentz QOTD)
A. 使用案例
B. 測試情境
C. 代碼行數 (lines of code)
D. 表達式(expressions)和決策結構

1 thought on “CISSP PRACTICE QUESTIONS – 20210329

  1. Pingback: 軟件測試覆蓋率分析(測試粒度最細)-表達式(expressions)和決策結構 – Choson資安大小事

Leave a Reply