I found a nice example for the discussion of Fault Tolerance to Black Swans. The J-2X engine will power the current manned spaceflight vehicle - once an actual launch vehicle is available. This engine must start in space - a non-trivial problem.
From the parabolic Arc article
The Dec. 1 test firing focused on characterizing the new engine’s combustion stability, a critical area of development. During the test firing, a controlled explosion was initiated inside the engine’s combustion chamber to introduce an energetic pulse of vibrations not expected during nominal operations. Data from this and future combustion stability tests will help engineers understand more about the engine’s performance and robustness during engine operation.
Note the phrase a controlled explosion that was used to introduce a disruptive event that would not be expected during operation. But IF it ever happened, the last thing you want is the engine that puts into orbit after main vehicle separation to not work.
It's the thought process - the disciplined thought process - of finding the boundaries of the pesky swans.