Effective CISSP Questions

Which of the following is least likely included as part of the software integration test? (Wentz QOTD)
A. Misuse case testing
B. Unit testing
C. API testing
D. Fuzz testing

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Misuse case testing.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.

Code Repository: git
Code Repository: git

As the name suggests, integration testing combines units of code, modules, or subsystems and tests them. It’s common to conduct integration testing on the server that hosts code repository, e.g., git server.

In a continuous integration setting, the server starts building codes and running all the unit tests checked into the code repository when the build criteria are met (nightly build or new code checked in). If the build or any tests fail, a notification is sent to the related party to fix the problem till everything is all right; this iterative process is known as regression testing.

Modules or subsystems are typically communicating with each other through the so-called API (application programming interface). API testing has no user interface and relies on testing tools to feed data as input and receive the result as output. Fuzzer is a tool used in Fuzz testing that helps generate random test data to feed in the interface testing.

System testing starts after the integration testing is completed, e.g., stress testing, performance testing, security testing, etc. Most of the system testing tasks can be automated. Once automated tasks are completed, testers get involved. They test the system based on test cases that comprise one or more scenarios or use cases. Misuse cases are basically use cases that take the perspectives of attackers.


以下哪項最不可能包含在軟體整合測試中? (Wentz QOTD)
A. 誤用案例測試
B. 單元測試
C. API 測試
D. 模糊測試

2 thoughts on “CISSP PRACTICE QUESTIONS – 20211024

  1. Pingback: 誤用案例測試(Misuse case testing)最不可能包含在軟體整合測試(integration test)中 – Choson資安大小事

Leave a Reply