Which of the following is a black box testing methodology?
A.
Code, function, and statement coverage review
B.
Architecture and design review
C.
Application hardening
D.
Penetration testing
Get 50% Discount on All Your Purchases
at PrepAway.com - Latest Exam Questions
This is ONE TIME OFFER
50%
D.
3
0
First of, what is black box testing?
http://www.guru99.com/black-box-testing.html
Since you know nothing about the company such as network, hardware, and software, choice A, B, and C are wrong. The only thing you can do is D. Penetration testing
Please refer to the following question for more information.
Which of the following are unique to white box testing methodologies? (Select two)
A. Application program interface API testing
B. Bluesnarfing
C. External network penetration testing
D. Function, statement and code coverage
E. Input fuzzing
Correct Answer: AD
3
0
D
1
0
This is an ambiguous, very badly written question for a number of reasons:
First, some definitions:
Black-box testing is a method of software testing that examines the functionality of an application without peering into its internal structures or workings. This method of test can be applied virtually to every level of software testing: unit, integration, system and acceptance.
White-box testing (also known as clear box testing, glass box testing, transparent box testing, and structural testing) is a method of testing software that tests internal structures or workings of an application, as opposed to its functionality (i.e. black-box testing).
With the above in mind, lets then remove from the equation the wrong answers. They are:
B. Architecture and design review – This is White Box as it requires knowledge of the code.
C. Application hardening – This is not a testing methodology at all, hence neither black nor white.
Having eliminated B & C, then the correct answer is a toss-up between A & D.
So let’s take a closer look:
A-Code, function, and statement coverage review.
Statement coverage is a white box testing technique, which involves the execution of all the statements at least once in the source code. It is a metric, which is used to calculate and measure the number of statements in the source code which have been executed.
In addition to that, any form of “review” is also deemed to be a white box testing technique as we are by necessity “peering into its (code) internal structures or workings”.
Therefore A is clearly wrong as well as this is to all extent and purposes a “white-Box” methodology. As a matter of fact, any form of “review” is White-Box testing.
So this just leaves D as a possible answer.
Yet, to add insult to injury, penetration testing can be done in two ways
White-Box Penetration testing – When I have full knowledge of the target environment.
Black-Box penetration testing When I have no knowledge of the target environment
So to my mind since A, B and C are clearly wrong and are a Form of White-Box testing methodology ( or none at all), the only possible available answer is D:Penetration testing
1
0