ISTQB CTFL-2018 Practice Test - Questions Answers, Page 21

A key difference between a peer review of code and static analysis of code using a tool is that static analysis targets the code technically whereas peer review is applicable to further aspects. Static analysis focuses on the technical aspects of the code, such as syntax, logic, complexity, quality, security, etc. Peer review can also address these aspects, but it can also consider other aspects, such as readability, maintainability, usability, functionality, etc. Peer review can also provide feedback, suggestions, or opinions from different perspectives or expertise levels. compares these two techniques as follows:

Static analysis tools are software tools that examine (analyse) source code without executing it. They are used by developers as part of their development environment for checking their code against coding standards (rules), finding syntax errors etc.

Peer reviews are manual checking activities where work products such as requirements specifications or code are examined by colleagues (peers) for defects.

A, B, and C are incorrect answers. A peer review does not find defects while static analysis finds failures (A), as both techniques can find defects but not failures. Failures are observed at runtime when executing the code. Peer reviews cannot find missing requirements whereas static analysis can (B), as both techniques cannot find missing requirements but only check conformance to existing requirements. Missing requirements can be found by other techniques such as elicitation or validation. A peer review finds failures while static analysis finds defects , as both techniques find defects but not failures. Failures are observed at runtime when executing the code.

25, 30, and 40 are the test data that show equivalence partitioning to verify if a customer is in their thirties or not. Equivalence partitioning is a technique to divide the input domain into partitions that are expected to behave similarly or produce the same output.Each partition should have at least one representative value as a test case1explains this as follows:

Equivalence Partitioning (or Equivalence Class Partitioning) is an software testing technique that divides the input data of a software unit into partitions of equivalent data from which test cases can be derived. In principle, test cases are designed to cover each partition at least once.

The fundamental concept of Equivalence Partitioning is that you can find more errors in a test case by using a representative value from an equivalence class than by using any other value from the class.

The input domain for the age parameter can be divided into four partitions: less than or equal to zero, between one and 29, between 30 and 39, and greater than or equal to 40. The first and the last partitions are invalid, as they are outside the range of possible ages for human beings. The second and the third partitions are valid, as they are within the range of possible ages for human beings. The test data 25, 30, and 40 represent one value from each partition, covering both valid and invalid cases.

B, C, and D are incorrect answers. B does not include a representative value from the invalid partition greater than or equal to 40. C does not include a representative value from the invalid partition less than or equal to zero. D does not include a representative value from the valid partition between one and 29.

The total number of combinations of valid equivalence classes of age and gender is eight. There are four valid equivalence classes for the age parameter, based on the criteria given in the image: size 1 (0 < age <= 4 months), size 2 (4 < age <= 8 months), size 3 (8 < age <= 15 months), and size 4 (15 < age <= 24 months). There are two valid equivalence classes for the gender parameter, based on the note given in the image: boy and girl. The total number of combinations of valid equivalence classes can be calculated by multiplying the number of valid equivalence classes for each parameter: 4 x 2 = 8.

B, C, and D are incorrect answers. B implies that there are two invalid equivalence classes for the age parameter: age <= 0, and age > 25, which is not true as there are three invalid equivalence classes: age <= 0, age > 0 and age <= 4 months, and age > 24 months. C implies that all combinations of valid equivalence classes could be covered with four test cases, which is not true as there are eight combinations of valid equivalence classes. D implies that all valid equivalence classes could be covered with six test cases, which is not true as there are four valid equivalence classes for the age parameter and two valid equivalence classes for the gender parameter.

Testers being involved in reviewing documents as soon as they are approved is not a characteristic of good testing, independent of the development life cycle model.Testers should be involved in reviewing documents as soon as drafts are available, not after they are approved, as this can help to detect defects early, improve communication and collaboration, and reduce rework and costs2states this as follows:

Testers should be involved in reviewing documents such as requirements specifications or user stories as soon as drafts become available in order to provide early feedback on testability aspects such as clarity, consistency, completeness, correctness, unambiguity etc.

Early involvement of testers in reviewing documents can help to prevent defects from being introduced into later phases of development or testing by identifying potential issues or gaps before they become embedded in the system under test.

A, B, and C are characteristics of good testing, independent of the development life cycle model. Each test level having objectives specific for the test level (A) ensures that testing is aligned with the purpose and scope of each level and provides clear criteria for success. Every development activity being matched by a corresponding testing activity (B) ensures that testing is integrated with development and provides continuous feedback on quality and progress. Testers being involved in reviewing documents as soon as drafts are available ensures that testing is performed early and throughout the life cycle and provides input on testability aspects.

Managing the incidents in a spreadsheet posted on the intranet is the best option for a QA manager of a start-up company who needs to implement within a week a low cost incident management tool. A spreadsheet is a simple and flexible tool that can be used to record, track, and report incidents. Posting the spreadsheet on the intranet can make it accessible and visible to the relevant stakeholders.This option can be implemented quickly and cheaply, without requiring much training or maintenance3suggests this as follows:

A spreadsheet is a common tool that can be used for incident management, especially for small or simple projects. A spreadsheet can be used to create an incident report template that includes the necessary information and fields for each incident. The spreadsheet can also be used to sort, filter, group, or analyze the incidents based on various criteria. The spreadsheet can be shared or published on a network or web location that can be accessed by the project team and other stakeholders.

A, C, and D are not good options for a QA manager of a start-up company who needs to implement within a week a low cost incident management tool. Managing the incidents through E-mails and phone calls (A) is not a good option, as it can be inefficient, unreliable, and inconsistent. E-mails and phone calls can be easily lost, overlooked, or forgotten, and they do not provide a centralized or structured way of recording, tracking, or reporting incidents. Purchasing and deploying an incident management tool is not a good option, as it can be expensive, time-consuming, and complex. An incident management tool may require licensing fees, installation costs, configuration efforts, training sessions, and maintenance support. Documenting incidents on a large board in the lab (D) is not a good option, as it can be impractical, insecure, and incomplete. A large board in the lab may not have enough space or structure to document all the incidents in detail, and it may not be accessible or visible to all the stakeholders. A large board in the lab may also expose confidential or sensitive information to unauthorized people.

Tests designed by a person in the development team other than the person who wrote the code is not the lowest level of independence. The lowest level of independence is tests designed by the person who wrote the code, as this may introduce bias or blind spots in testing. Tests designed by another person in the development team is one level higher than tests designed by the person who wrote the code, as this may provide a different perspective or expertise in testing. defines the levels of independence as follows:

The level of independence of testing is related to the degree of separation between those who are responsible for developing software and those who are responsible for testing software.

The following levels of independence can be distinguished:

Level 0: No independent testing; tests are designed by the same person who wrote the code.

Level 1: Tests are designed by another person in the development team; e.g., another programmer or software designer.

Level 2: Tests are designed by a person from a different group within the organization; e.g., an independent test team or group.

Level 3: Tests are designed by a person from a different organization or company; e.g., an outsourcing partner or contractor.

A, B, and C are correct statements. A test team with high level of independence may suffer from lower familiarity with the product (A), as they may not have access to all the information or knowledge about the system under test. Development team may find many defects since they are familiar with the code (B), as they may have more insight into how the system works internally and where potential problems may occur. Tests designed by a person from different group in the organization is the highest level of independence within an organization , as this provides maximum separation between development and testing activities.

Test planning and control, Test analysis and design, Test implementation and execution, Evaluating exit criteria and reporting, Test closure activities are the phases of the ISTQB fundamental test process. The fundamental test process is a generic model that describes the basic activities and tasks involved in testing software systems. defines these phases as follows:

Test planning and control: This phase involves defining test objectives, scope, strategy, resources, schedule, risks, metrics etc., as well as monitoring and controlling test activities throughout the test process.

Test analysis and design: This phase involves reviewing test basis such as requirements specifications or user stories , identifying test conditions based on analysis of test items , specifications , behavior and structure of software , designing high-level test cases based on test conditions and designing techniques , evaluating testability of requirements and system under test , defining exit criteria .

Test implementation and execution: This phase involves developing and prioritizing test cases , creating test data and writing test procedures , checking test environment has been set up correctly , executing test cases

The basic idea of structure-based testing techniques is that the more details of the source code are executed, the more faults can be found. Structure-based testing techniques, also known as white-box testing or code-based testing, are based on analyzing the internal structure and logic of the software code. Structure-based testing techniques aim to achieve a certain level of coverage of the code elements, such as statements, branches, paths, conditions, etc. explains this as follows:

Structure-based testing techniques (also known as white-box testing techniques or code-based testing techniques) use the information of the internal structure of the component or system to derive test cases. They are commonly used at component testing and component integration testing levels, but can also be used at system and acceptance levels.

The main advantage of structure-based testing techniques is that they can reveal defects that are not easily found by other techniques, such as logic errors, incorrect assumptions, or incomplete paths. The main disadvantage of structure-based testing techniques is that they require access to the source code, which may not be available or feasible in some situations.

A, B, and D are incorrect statements about structure-based testing techniques. Structure-based testing techniques do not allow developers to have their own testing technique (A), as they follow predefined rules and criteria for coverage and test case design. Structure-based testing techniques do not do better testing, since the specifications are not needed (B), as they complement rather than replace specification-based testing techniques, which are based on the requirements and functionality of the software. Structure-based testing techniques do not gain time, since they are easier to implement than specification-based techniques (D), as they may require more effort and tools to analyze and execute the code.

Providing developers with information to isolate the failure is the incident report objective that this excerpt satisfies. The excerpt provides the name and location of the test file that was used to recreate the failure, which can help developers to reproduce and debug the failure in their own environment. defines this objective as follows:

One of the objectives of an incident report is to provide developers with information to isolate the failure. This means providing enough details and evidence for developers to understand what caused the failure and how to fix it. This may include information such as:

Steps to reproduce: A sequence of steps that can be followed to recreate the failure.

Test data: The inputs that were used to execute the test case that caused the failure.

Test environment: The configuration and settings of the hardware and software that were used to execute the test case that caused the failure.

Attachments: Any screenshots, logs, files, or other artifacts that can help to demonstrate or explain the failure.

B, C, and D are incorrect answers. Providing ideas for test process improvement (B) is not an incident report objective that this excerpt satisfies, as it does not provide any suggestions or feedback on how to improve the test process or prevent similar failures in the future. Not belonging in an incident report is not true, as this excerpt belongs in an incident report as part of the incident details section. Providing test leaders with information to report test progress (D) is not an incident report objective that this excerpt satisfies, as it does not provide any metrics or indicators on how much testing has been done or how many failures have been found.