Читаем CISSP Practice полностью

c. Load testing

d. Security testing

191. b. Adherence to a common standard ensures the interoperability of software components. Extensive testing is required to ensure that software components can communicate effectively in both single-processor and distributed processing environments.

In a networked environment, it must be remembered that, when any component is added or replaced/upgraded, a large number of tests have to be run to ensure that the integrity and performance of the network has been retained. Therefore, tests must be repeatable and well documented. Hence, regression tests are necessary.

In load testing, many combinations and permutations of workload patterns can be imposed on the components of a networked configuration. Although it would be difficult, if not impossible, to test them all, a thorough analysis of the expected workload is required to identify the most likely traffic patterns for this testing procedure. By their nature, networked systems provide a great number of opportunities for violating system security. This is especially true when security levels are not uniformly imposed throughout a configuration made of multiple, interconnected local-area networks. Systemwide security testing is required to identify any security fault that may have been overlooked in the integrated system design.

192. The capability of an application system to survive misuse by naive users is examined in which of the following testing approaches?

a. Functional testing

b. Performance testing

c. Resiliency testing

d. Recovery testing

192. c. Resiliency testing measures durability of the system. In functional testing, correctness of system operation under normal operating conditions is demonstrated. In performance testing, system throughput and response times under varying load conditions are demonstrated. In recovery testing, the ability of the system to resume operating after partial or total system failure is determined. Both the system and individual components are tested to determine the ability to operate within the fallback and recovery structure established for the system.

193. From a testing viewpoint, when does a formal change control mechanism start?

a. After completion of integration testing

b. After completion of unit testing

c. After completion of systems testing

d. After completion of acceptance testing

193. a. Integration testing is the cutoff point for the development project, and, after integration, it is labeled the back end. Integration is the development phase in which various parts and components are integrated to form the entire software product, and, usually after integration, the product is under formal change control. Specifically, after integration testing, every change of the software must have a specific reason and must be documented and tracked. It is too early to have a formal change control mechanism during unit testing because of constant changes to program code. It is too late to have a formal change control mechanism after completing system and acceptance testing.

194. What is the correct sequence of application software testing?

a. Integration test, unit test, systems test, acceptance test

b. Unit test, systems test, integration test, acceptance test

c. Acceptance test, unit test, integration test, systems test

d. Unit test, integration test, systems test, acceptance test

194. d. A system development life cycle moves through the unit test, integration test, system test, and acceptance test in that sequence. Programmers perform both the unit test and integration tests, whereas system testing is conducted jointly between users and programmers. End users and production operations staff, from their own viewpoint, perform acceptance testing. The quality of a computer system is enhanced if this sequence is followed during software testing.

195. Effective controls during the application software-testing phase include which of the following?

a. Test cases and test documentation

b. Test summaries and test execution reports

c. Activity logs, incident reports, and software versioning

d. Test cases rejected and test cases accepted

195. c. Activity logs contain a record of all the test cases executed. Incident reports show a priority assigned to test problems during test execution. All incidents logged should be resolved within a reasonable time. Software versioning controls the program source versions to ensure that there is no duplication or confusion between multiple versions.