Which type of testing supplies known good and known bad inputs and verifies the system rejects only the bad ones?
A CISSP practice question covering Domain 6: Security Assessment and Testing. Try answering before reading the explanation below.
Show options & answer
Why "Negative testing" is the right answer
Negative testing intentionally feeds invalid inputs to confirm the system rejects them safely. Fuzzing throws random/malformed data to find crashes. Boundary analysis tests the edges of valid ranges. Pen testing is broader exploitation, not specifically input validation.
Take the full CISSP practice test
120 questions, instant explanations, study-video links on every miss. No account.