Exam CISA Topic 2 Question 854 Discussion
Actual exam question for ISACA's CISA exam
Question #: 854
Topic #: 2
Question #: 854
Topic #: 2
Which of the following testing method examines internal structure or working of an application?
Suggested Answer: A Vote an answer
Section: Information System Acquisition, Development and Implementation
Explanation/Reference:
White-box testing (also known as clear box testing, glass box testing, transparent box testing, and
structural testing) is a method of testing software that tests internal structures or workings of an application,
as opposed to its functionality (i.e. black-box testing). In white-box testing an internal perspective of the
system, as well as programming skills, are used to design test cases. The tester chooses inputs to
exercise paths through the code and determine the appropriate outputs. This is analogous to testing nodes
in a circuit, e.g. in-circuit testing (ICT).
White-box testing can be applied at the unit, integration and system levels of the software testing process.
Although traditional testers tended to think of white-box testing as being done at the unit level, it is used for
integration and system testing more frequently today. It can test paths within a unit, paths between units
during integration, and between subsystems during a system-level test. Though this method of test design
can uncover many errors or problems, it has the potential to miss unimplemented parts of the specification
or missing requirements.
For your exam you should know the information below:
Alpha and Beta Testing - An alpha version is early version is an early version of the application system
submitted to the internal user for testing. The alpha version may not contain all the features planned for the
final version. Typically, software goes to two stages testing before it consider finished. The first stage is
called alpha testing is often performed only by the user within the organization developing the software. The
second stage is called beta testing, a form of user acceptance testing, generally involves a limited number
of external users. Beta testing is the last stage of testing, and normally involves real world exposure,
sending the beta version of the product to independent beta test sites or offering it free to interested user.
Pilot Testing -A preliminary test that focuses on specific and predefined aspect of a system. It is not meant
to replace other testing methods, but rather to provide a limited evaluation of the system. Proof of concept
are early pilot tests - usually over interim platform and with only basic functionalities.
White box testing - Assess the effectiveness of a software program logic. Specifically, test data are used in
determining procedural accuracy or conditions of a program's specific logic path. However, testing all
possible logical path in large information system is not feasible and would be cost prohibitive, and therefore
is used on selective basis only.
Black Box Testing - An integrity based form of testing associated with testing components of an information
system's "functional" operating effectiveness without regards to any specific internal program structure.
Applicable to integration and user acceptance testing.
Function/validation testing - It is similar to system testing but it is often used to test the functionality of the
system against the detailed requirements to ensure that the software that has been built is traceable to
customer requirements.
Regression Testing -The process of rerunning a portion of a test scenario or test plan to ensure that
changes or corrections have not introduced new errors. The data used in regression testing should be
same as original data.
Parallel Testing - This is the process of feeding test data into two systems - the modified system and an
alternative system and comparing the result.
Sociability Testing -The purpose of these tests is to confirm that new or modified system can operate in its
target environment without adversely impacting existing system. This should cover not only platform that
will perform primary application processing and interface with other system but, in a client server and web
development, changes to the desktop environment. Multiple application may run on the user's desktop,
potentially simultaneously, so it is important to test the impact of installing new dynamic link libraries
(DLLs), making operating system registry or configuration file modification, and possibly extra memory
utilization.
The following answers are incorrect:
Parallel Testing - This is the process of feeding test data into two systems - the modified system and an
alternative system and comparing the result.
Regression Testing -The process of rerunning a portion of a test scenario or test plan to ensure that
changes or corrections have not introduced new errors. The data used in regression testing should be
same as original data.
Pilot Testing -A preliminary test that focuses on specific and predefined aspect of a system. It is not meant
to replace other testing methods, but rather to provide a limited evaluation of the system. Proof of concept
are early pilot tests - usually over interim platform and with only basic functionalities
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 167
Official ISC2 guide to CISSP CBK 3rd Edition Page number 176
Explanation/Reference:
White-box testing (also known as clear box testing, glass box testing, transparent box testing, and
structural testing) is a method of testing software that tests internal structures or workings of an application,
as opposed to its functionality (i.e. black-box testing). In white-box testing an internal perspective of the
system, as well as programming skills, are used to design test cases. The tester chooses inputs to
exercise paths through the code and determine the appropriate outputs. This is analogous to testing nodes
in a circuit, e.g. in-circuit testing (ICT).
White-box testing can be applied at the unit, integration and system levels of the software testing process.
Although traditional testers tended to think of white-box testing as being done at the unit level, it is used for
integration and system testing more frequently today. It can test paths within a unit, paths between units
during integration, and between subsystems during a system-level test. Though this method of test design
can uncover many errors or problems, it has the potential to miss unimplemented parts of the specification
or missing requirements.
For your exam you should know the information below:
Alpha and Beta Testing - An alpha version is early version is an early version of the application system
submitted to the internal user for testing. The alpha version may not contain all the features planned for the
final version. Typically, software goes to two stages testing before it consider finished. The first stage is
called alpha testing is often performed only by the user within the organization developing the software. The
second stage is called beta testing, a form of user acceptance testing, generally involves a limited number
of external users. Beta testing is the last stage of testing, and normally involves real world exposure,
sending the beta version of the product to independent beta test sites or offering it free to interested user.
Pilot Testing -A preliminary test that focuses on specific and predefined aspect of a system. It is not meant
to replace other testing methods, but rather to provide a limited evaluation of the system. Proof of concept
are early pilot tests - usually over interim platform and with only basic functionalities.
White box testing - Assess the effectiveness of a software program logic. Specifically, test data are used in
determining procedural accuracy or conditions of a program's specific logic path. However, testing all
possible logical path in large information system is not feasible and would be cost prohibitive, and therefore
is used on selective basis only.
Black Box Testing - An integrity based form of testing associated with testing components of an information
system's "functional" operating effectiveness without regards to any specific internal program structure.
Applicable to integration and user acceptance testing.
Function/validation testing - It is similar to system testing but it is often used to test the functionality of the
system against the detailed requirements to ensure that the software that has been built is traceable to
customer requirements.
Regression Testing -The process of rerunning a portion of a test scenario or test plan to ensure that
changes or corrections have not introduced new errors. The data used in regression testing should be
same as original data.
Parallel Testing - This is the process of feeding test data into two systems - the modified system and an
alternative system and comparing the result.
Sociability Testing -The purpose of these tests is to confirm that new or modified system can operate in its
target environment without adversely impacting existing system. This should cover not only platform that
will perform primary application processing and interface with other system but, in a client server and web
development, changes to the desktop environment. Multiple application may run on the user's desktop,
potentially simultaneously, so it is important to test the impact of installing new dynamic link libraries
(DLLs), making operating system registry or configuration file modification, and possibly extra memory
utilization.
The following answers are incorrect:
Parallel Testing - This is the process of feeding test data into two systems - the modified system and an
alternative system and comparing the result.
Regression Testing -The process of rerunning a portion of a test scenario or test plan to ensure that
changes or corrections have not introduced new errors. The data used in regression testing should be
same as original data.
Pilot Testing -A preliminary test that focuses on specific and predefined aspect of a system. It is not meant
to replace other testing methods, but rather to provide a limited evaluation of the system. Proof of concept
are early pilot tests - usually over interim platform and with only basic functionalities
The following reference(s) were/was used to create this question:
CISA review manual 2014 Page number 167
Official ISC2 guide to CISSP CBK 3rd Edition Page number 176
by Ruby at Jun 26, 2025, 07:54 AM
Contact Us
If you have any question please leave me your email address, we will reply and send email to you in 12 hours.
Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday
Support: Contact now
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).