Exam CISSP topic 1 question 170 discussion

Although both "Allowed number of characters" and "Reasonable data" are important concepts in input validation testing, they are not the same thing. "Allowed number of characters" testing focuses specifically on ensuring that user input does not exceed the maximum allowed length of a field. This is important because input that exceeds the maximum allowed length can potentially cause buffer overflow vulnerabilities or other security issues. On the other hand, "Reasonable data" testing focuses on ensuring that the input data is reasonable and meets the expected criteria. This can include testing for data types, formats, and content. For example, if a field is expecting a numeric value, "Reasonable data" testing would ensure that only numeric values are accepted. In the case of the scenario described, the application team is specifically testing the maximum length of input fields, which falls under "Allowed number of characters" testing. Therefore, it is more accurate to describe this testing as "Allowed number of characters" rather than "Reasonable data".

**Reasonable data** is the most accurate answer. This type of negative testing involves inputting data that is technically correct but logically incorrect or out of range. By testing with invalid input lengths, the application team is ensuring that the system can handle unexpected data and prevent potential vulnerabilities like buffer overflows.

The answer is C: Reasonable data – https://smartbear.com/learn/automated-testing/negative-testing/ "Some applications and web pages include fields that have a reasonable limit, for example, entering 200 or a negative number as the value for the “Your age:” field is not allowed. To check the application's behavior, create a negative test that enters invalid data into the specified field."

Negative tests: Invalid Input:, Exceeding Input Limits, Empty or Null Input, Special Characters, Injection Attacks, Boundary Value Testing, Concurrency Testing, Unexpected Configurations, Invalid Authentication, Negative Workflow Testing, Resource Exhaustion, Network Failures, Time Zone and Date Issues

Answer C) Reasonable Data https://smartbear.com/learn/automated-testing/negative-testing/#:~:text=Reasonable%20data%20%E2%80%93%20Some%20applications%20and,data%20into%20the%20specified%20field.

Allowed number of Characters addresses length of input

I would say C.

A. Allowed number of characters This type of negative testing is an example of testing for the allowed number of characters. This test is to ensure that user entry fields will not accept invalid input of any length. This test is used to check the validation of the input fields and to ensure that the application is not vulnerable to buffer overflow attacks.

Reasonable data – Some applications and web pages include fields that have a reasonable limit, for example, entering 200 or a negative number as the value for the “Your age:” field is not allowed. To check the application's behavior, create a negative test that enters invalid data into the specified field. https://smartbear.com/learn/automated-testing/negative-testing/

"Will not accept invalid input of any length". This means the application will check for invalid input value regardless of the input length.

The question states that developers are testing the application against "invalid inputs of any length". This means that the application must only accept "valid inputs" = "reasonable data" and reject all invalid inputs irrespective of their length. This excludes testing the population of required fields, and the maximum number of characters for each field.

Negative testing using more characters with a limitation of allowed number of characters.

It says 'of any length'. Hence C.

https://smartbear.com/learn/automated-testing/negative-testing/ This resource best addresses this and in the most direct way. Based on this and the question, the answer should be C, reasonable data

Allowed Number of Characters There are web pages and applications with fields that only permit a limited number of characters to be entered by the user. You have the option of conceptualizing a test where more characters are entered in the field than is normally allowed.

Correct Answer - A --- Allowed number of characters https://smartbear.com/learn/automated-testing/negative-testing/

Going with "A" bcs of this: https://smartbear.com/learn/automated-testing/negative-testing/#:~:text=Negative%20testing%20ensures%20that%20your,please%20enter%20a%20number%E2%80%9D%20message.