ISC2 Exam CSSLP Topic 2 Question 71 Discussion

Graybox testing is a combination of whitebox testing and blackbox testing. In graybox testing, the test engineer is equipped with the

knowledge of system and designs test cases or test data based on system knowledge. The security tester typically performs graybox testing

to find vulnerabilities in software and network system.

Answer C is incorrect. Whitebox testing is a testing technique in which an organization provides full knowledge about the infrastructure

to the testing team. The information, provided by the organization, often includes network diagrams, source codes, and IP addressing

information of the infrastructure to be tested.

Answer A is incorrect. Integration testing is a logical extension of unit testing. It is performed to identify the problems that occur when

two or more units are combined into a component. During integration testing, a developer combines two units that have already been tested

into a component, and tests the interface between the two units. Although integration testing can be performed in various ways, the

following three approaches are generally used:

The top-down approach

The bottom-up approach

The umbrella approach

Answer B is incorrect. Regression testing can be performed any time when a program needs to be modified either to add a feature or

to fix an error. It is a process of repeating Unit testing and Integration testing whenever existing tests need to be performed again along with

the new tests. Regression testing is performed to ensure that no existing errors reappear, and no new errors are introduced.